CVE-2019-19767
Published: 12 December 2019
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
From the Ubuntu Security Team
It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-88.88)
|
| disco |
Pending
(5.0.0-40.44)
|
|
| eoan |
Released
(5.3.0-40.32)
|
|
| focal |
Not vulnerable
(5.4.0-9.12)
|
|
| precise |
Not vulnerable
(3.0.0-12.20)
|
|
| trusty |
Not vulnerable
(3.11.0-12.19)
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Not vulnerable
(4.2.0-16.19)
|
|
|
Patches: Introduced by c03b45b853f5829816d871283c792e7527a7ded1 Introduced by 7bc04c5c2cc467c5b40f2b03ba08da174a0d5fa7 |
||
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1060.62)
|
| disco |
Ignored
(was pending \[5.0.0-1024.27\] now end-of-life)
|
|
| eoan |
Released
(5.3.0-1011.12)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1024.27~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1016.17~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Released
(4.15.0-1060.62~16.04.1)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1029.31~18.04.1)
|
| disco |
Ignored
(was pending \[5.0.0-1029.31\] now end-of-life)
|
|
| eoan |
Released
(5.3.0-1013.14)
|
|
| focal |
Not vulnerable
(5.4.0-1006.6)
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(4.15.0-1071.76~14.04.1)
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Released
(4.15.0-1071.76)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1082.92)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1013.14~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1029.30~18.04.1)
|
| disco |
Ignored
(was pending \[5.0.0-1029.30\] now end-of-life)
|
|
| eoan |
Released
(5.3.0-1012.13)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Released
(4.15.0-1055.59)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1071.81)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1012.13~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1052.55)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1029.30~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1012.13~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-40.32~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Released
(4.15.0-88.88~16.04.1)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1053.53)
|
| disco |
Ignored
(was pending \[5.0.0-1025.27\] now end-of-life)
|
|
| eoan |
Released
(5.3.0-1010.11)
|
|
| focal |
Not vulnerable
(5.4.0-1004.4)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Not vulnerable
(3.13.0-24.46~precise1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1073.83)
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Pending
(4.15.0-1076.86)
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(5.6.0-1007.7)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1037.42)
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Released
(5.0.0-1037.42)
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1033.36)
|
| disco |
Ignored
(was pending \[5.0.0-1010.15\] now end-of-life)
|
|
| eoan |
Released
(5.3.0-1009.10)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Released
(4.15.0-1033.36~16.04.1)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1010.15~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1007.7)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1055.59)
|
| disco |
Ignored
(was pending \[5.0.0-1025.26\] now end-of-life)
|
|
| eoan |
Released
(5.3.0-1018.20)
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1018.20~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-24.28)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1072.79)
|
| disco |
Ignored
(was pending \[5.0.0-1029.31\] now end-of-life)
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Not vulnerable
(4.4.0-1013.15)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19767
- https://git.kernel.org/linus/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
- https://bugzilla.kernel.org/show_bug.cgi?id=205609
- https://bugzilla.kernel.org/show_bug.cgi?id=205707
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
- https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
- https://ubuntu.com/security/notices/USN-4258-1
- https://ubuntu.com/security/notices/USN-4284-1
- https://ubuntu.com/security/notices/USN-4287-1
- https://ubuntu.com/security/notices/USN-4287-2
- NVD
- Launchpad
- Debian