CVE-2019-3460
Published: 14 January 2019
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
From the Ubuntu Security Team
Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory).
Priority
Status
Package | Release | Status |
---|---|---|
linux
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-47.50)
|
cosmic |
Released
(4.18.0-17.18)
|
|
disco |
Not vulnerable
(5.0.0-7.8)
|
|
trusty |
Released
(3.13.0-168.218)
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.4.0-145.171)
|
|
Patches:
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
|
||
linux-aws
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1035.37)
|
cosmic |
Released
(4.18.0-1012.14)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
trusty |
Released
(4.4.0-1040.43)
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.4.0-1079.89)
|
|
linux-aws-hwe
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.15.0-1035.37~16.04.1)
|
|
linux-azure
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1014.14~18.04.1)
|
cosmic |
Released
(4.18.0-1014.14)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
trusty |
Released
(4.15.0-1041.45~14.04.1)
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.15.0-1041.45)
|
|
linux-azure-edge
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1014.14~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.15.0-1041.45)
|
|
linux-euclid
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Ignored
(was needs-triage ESM criteria)
|
|
linux-flo
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-gcp
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1029.31)
|
cosmic |
Released
(4.18.0-1008.9)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.15.0-1029.31~16.04.1)
|
|
linux-gcp-edge
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1008.9~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Does not exist
|
|
linux-gke
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-goldfish
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Ignored
(end of life)
|
|
linux-grouper
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Does not exist
|
|
linux-hwe
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-17.18~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.15.0-47.50~16.04.1)
|
|
linux-hwe-edge
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-15.16~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.15.0-47.50~16.04.1)
|
|
linux-kvm
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1031.31)
|
cosmic |
Released
(4.18.0-1009.9)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.4.0-1043.49)
|
|
linux-lts-trusty
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-utopic
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Ignored
(end of life, was ignored)
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-vivid
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Ignored
(end of life, was ignored)
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-wily
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Ignored
(end of life, was ignored)
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Released
(4.4.0-144.170~14.04.1)
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Does not exist
|
|
linux-maguro
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Does not exist
|
|
linux-mako
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-manta
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Does not exist
|
|
linux-oem
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1035.40)
|
cosmic |
Released
(4.15.0-1035.40)
|
|
disco |
Not vulnerable
(4.15.0-1035.40)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oracle
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1010.12)
|
cosmic |
Released
(4.15.0-1010.12)
|
|
disco |
Not vulnerable
(4.15.0-1010.12)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.15.0-1010.12~16.04.1)
|
|
linux-raspi2
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1033.35)
|
cosmic |
Released
(4.18.0-1011.13)
|
|
disco |
Not vulnerable
(5.0.0-1004.4)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.4.0-1106.114)
|
|
linux-snapdragon
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1053.57)
|
cosmic |
Does not exist
|
|
disco |
Not vulnerable
(5.0.0-1010.10)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.1~rc1)
|
|
xenial |
Released
(4.4.0-1110.115)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Adjacent |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References
- https://lore.kernel.org/linux-bluetooth/20190118115620.7562-1-marcel@holtmann.org/
- https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
- https://seclists.org/oss-sec/2019/q1/58
- https://ubuntu.com/security/notices/USN-3930-1
- https://ubuntu.com/security/notices/USN-3930-2
- https://ubuntu.com/security/notices/USN-3931-1
- https://ubuntu.com/security/notices/USN-3931-2
- https://ubuntu.com/security/notices/USN-3932-1
- https://ubuntu.com/security/notices/USN-3932-2
- https://ubuntu.com/security/notices/USN-3933-1
- https://ubuntu.com/security/notices/USN-3933-2
- https://www.cve.org/CVERecord?id=CVE-2019-3460
- NVD
- Launchpad
- Debian