CVE-2019-19769

Published: 12 December 2019

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

From the Ubuntu security team

Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information.

Priority

Medium

CVSS 3 base score: 6.7

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.4.0-24.28)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.13.0-16.19)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.2.0-16.19)
Ubuntu 14.04 ESM (Trusty Tahr) Ignored
(was needs-triage ESM criteria)
Patches:
Introduced by 16306a61d3b7c433c7a127ec6224867b88ece687
Fixed by 6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da
Introduced by 16306a61d3b7c433c7a127ec6224867b88ece687
Fixed by dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.4.0-1008.8)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1001.1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-1001.10)
Ubuntu 14.04 ESM (Trusty Tahr) Ignored
(was needs-triage ESM criteria)
linux-aws-5.0
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(was needs-triage now end-of-life)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-aws-5.3
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.3.0-1019.21~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.15.0-1030.31~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-azure
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.4.0-1009.9)
Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(was needs-triage now end-of-life)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.11.0-1009.9)
Ubuntu 14.04 ESM (Trusty Tahr) Ignored
(was needs-triage ESM criteria)
linux-azure-4.15
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1082.92)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-azure-5.3
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.3.0-1022.23~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(was needs-triage now end-of-life)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.4.0-1008.8)
Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(was needs-triage now end-of-life)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.10.0-1004.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp-4.15
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1071.81)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp-5.3
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.3.0-1020.22~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp-edge
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(was needs-triage now end-of-life)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke-4.15
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1030.32)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.0.0-1037.38)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.3.0-1020.22~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.3.0-53.47~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(was needs-triage now end-of-life)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(was needs-triage now end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.4.0-1007.7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-1004.9)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Ignored
(was needs-triage ESM criteria)
linux-oem
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.3)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(was needs-triage now end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oem-5.6
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.6.0-1007.7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.0.0-1052.57)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.4.0-1008.8)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1007.9)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.15.0-1007.9~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oracle-5.0
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(was needs-triage now end-of-life)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oracle-5.3
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.3.0-1018.20~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.4.0-1008.8)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Ignored
(was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.13.0-1005.5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.2.0-1013.19)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2-5.3
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.3.0-1026.28~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-riscv
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.4.0-24.28)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (5.6~rc7)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.4.0-1077.82)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-1013.15)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
sbeattie
first attempted fix was
6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da but that showed
performance issues in synthetic benchmarks, more complex fix is
dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a
may be introduced by
16306a61d3b7c433c7a127ec6224867b88ece687
no confirmation that the fixes listed actually address the
reporter's issue
the conservative fix for this issue may be to just apply
6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da

References