CVE-2019-3701
Published: 03 January 2019
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.
From the Ubuntu security team
Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code.
CVSS 3 base score: 4.4
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-9.12)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-60.67)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-145.171)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needed ESM criteria)
|
|
Patches: Introduced by c1aabdf379bc2feeb0df7057ed5bad96f492133e Fixed by 0aaa81377c5a01f686bcdb8c7a6929a7bf330c68 |
||
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1004.4)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1047.49)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1079.89)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(4.4.0-1040.43)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.0.0-1021.24~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1047.49~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-azure Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1014.14~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1056.61)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needed ESM criteria)
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1014.14~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1056.61)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-euclid Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(was needs-triage ESM criteria)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
linux-gcp Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1002.2)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1042.45)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1041.43)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1042.45)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(end-of-life)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1041.43)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.0.0-1011.11~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(end-of-life)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-23.24~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-60.67~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.0.0-15.16~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-60.67~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-kvm Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1003.3)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1043.43)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1043.49)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [end-of-life])
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [end-of-life])
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [end-of-life])
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(4.4.0-144.170~14.04.1)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
linux-oem Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1056.65)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(was needs-triage now end-of-life)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oem-5.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1002.4)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.0.0-1010.11)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1003.3)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1022.25)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1022.25~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.0.0-1007.12~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1004.4)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1044.47)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1106.114)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0~rc3)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1062.69)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1110.115)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
Notes
Author | Note |
---|---|
tyhicks | The original CVE description that states that an unprivileged user can trigger a system crash is incorrect. Only the root user, from the init namespace, can trigger the system crash. Therefore, we'll prioritize this issue as negligible. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3701
- https://marc.info/?l=linux-netdev&m=154659326324991&w=2
- https://marc.info/?l=linux-can&m=154659326224990&w=2
- https://usn.ubuntu.com/usn/usn-3932-1
- https://usn.ubuntu.com/usn/usn-3932-2
- https://usn.ubuntu.com/usn/usn-4115-1
- https://usn.ubuntu.com/usn/usn-4118-1
- NVD
- Launchpad
- Debian