CVE-2019-19767
Published: 12 December 2019
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
From the Ubuntu Security Team
It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(5.5~rc1)
|
| trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
| xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
| bionic |
Released
(4.15.0-1060.62)
|
|
| disco |
Ignored
(end of life, was pending)
|
|
| eoan |
Released
(5.3.0-1011.12)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1024.27~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of life, was needs-triage)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1052.55)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1082.92)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.5~rc1)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Not vulnerable
(5.3.0-1016.17~18.04.1)
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-88.88)
|
| disco |
Ignored
(end of life, was pending)
|
|
| eoan |
Released
(5.3.0-40.32)
|
|
| focal |
Not vulnerable
(5.4.0-9.12)
|
|
| trusty |
Not vulnerable
(3.11.0-12.19)
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Not vulnerable
(4.2.0-16.19)
|
|
|
Patches: Introduced by c03b45b853f5829816d871283c792e7527a7ded1 Introduced by 7bc04c5c2cc467c5b40f2b03ba08da174a0d5fa7 |
||
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Released
(4.15.0-1060.62~16.04.1)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1029.31~18.04.1)
|
| disco |
Ignored
(end of life, was pending)
|
|
| eoan |
Released
(5.3.0-1013.14)
|
|
| focal |
Not vulnerable
(5.4.0-1006.6)
|
|
| trusty |
Released
(4.15.0-1071.76~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Released
(4.15.0-1071.76)
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1013.14~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1029.30~18.04.1)
|
| disco |
Ignored
(end of life, was pending)
|
|
| eoan |
Released
(5.3.0-1012.13)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Released
(4.15.0-1055.59)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1071.81)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1012.13~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1029.30~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1012.13~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-40.32~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Released
(4.15.0-88.88~16.04.1)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Ignored
(end of life, was needs-triage)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1053.53)
|
| disco |
Ignored
(end of life, was pending)
|
|
| eoan |
Released
(5.3.0-1010.11)
|
|
| focal |
Not vulnerable
(5.4.0-1004.4)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1073.83)
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life, was pending)
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(5.6.0-1007.7)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1037.42)
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Released
(5.0.0-1037.42)
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1033.36)
|
| disco |
Ignored
(end of life, was pending)
|
|
| eoan |
Released
(5.3.0-1009.10)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Released
(4.15.0-1033.36~16.04.1)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1010.15~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1007.7)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1055.59)
|
| disco |
Ignored
(end of life, was pending)
|
|
| eoan |
Released
(5.3.0-1018.20)
|
|
| focal |
Ignored
(end of life, was needed)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1018.20~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-24.28)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1072.79)
|
| disco |
Ignored
(end of life, was pending)
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.5~rc1)
|
|
| xenial |
Not vulnerable
(4.4.0-1013.15)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19767
- https://git.kernel.org/linus/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
- https://bugzilla.kernel.org/show_bug.cgi?id=205609
- https://bugzilla.kernel.org/show_bug.cgi?id=205707
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
- https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
- https://ubuntu.com/security/notices/USN-4258-1
- https://ubuntu.com/security/notices/USN-4284-1
- https://ubuntu.com/security/notices/USN-4287-1
- https://ubuntu.com/security/notices/USN-4287-2
- NVD
- Launchpad
- Debian