CVE-2019-5108
Published: 23 December 2019
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
From the Ubuntu Security Team
Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-88.88)
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Not vulnerable
(5.3.0-12.13)
|
|
focal |
Not vulnerable
(5.4.0-9.12)
|
|
precise |
Ignored
(was needs-triage ESM criteria)
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.4.0-174.204)
|
|
Patches: Introduced by 4fd6931ebe24640bec72b91ba612325843a5e3cc |
||
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1060.62)
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Not vulnerable
(5.3.0-1003.3)
|
|
focal |
Not vulnerable
(5.4.0-1005.5)
|
|
precise |
Does not exist
|
|
trusty |
Released
(4.4.0-1062.66)
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.4.0-1102.113)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1025.28)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-1060.62~16.04.1)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1032.34)
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Not vulnerable
(5.3.0-1002.2)
|
|
focal |
Not vulnerable
(5.4.0-1006.6)
|
|
precise |
Does not exist
|
|
trusty |
Released
(4.15.0-1071.76~14.04.1)
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-1071.76)
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Ignored
(was needs-triage now end-of-life)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1031.32)
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Not vulnerable
(5.3.0-1003.3)
|
|
focal |
Not vulnerable
(5.4.0-1005.5)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-1055.59)
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1052.55)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1030.31)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-26.28~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-88.88~16.04.1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Ignored
(was needs-triage now end-of-life)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1053.53)
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Not vulnerable
(5.3.0-1003.3)
|
|
focal |
Not vulnerable
(5.4.0-1004.4)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.4.0-1066.73)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Ignored
(was needs-triage ESM criteria)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Released
(4.4.0-174.204~14.04.1)
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1073.83)
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Released
(4.15.0-1073.83)
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Ignored
(was needs-triage now end-of-life)
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Not vulnerable
(5.4.0-1002.4)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1039.44)
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Released
(5.0.0-1039.44)
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1033.36)
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Not vulnerable
(5.3.0-1002.2)
|
|
focal |
Not vulnerable
(5.4.0-1005.5)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-1033.36~16.04.1)
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1011.16)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1055.59)
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Not vulnerable
(5.3.0-1005.6)
|
|
focal |
Not vulnerable
(5.4.0-1004.4)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.4.0-1129.138)
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1072.79)
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.4.0-1133.141)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Adjacent |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5108
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
- https://ubuntu.com/security/notices/USN-4285-1
- https://ubuntu.com/security/notices/USN-4286-1
- https://ubuntu.com/security/notices/USN-4287-1
- https://ubuntu.com/security/notices/USN-4286-2
- https://ubuntu.com/security/notices/USN-4287-2
- NVD
- Launchpad
- Debian