CVE-2019-19046
Published: 18 November 2019
** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time.
From the Ubuntu Security Team
It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion).
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-91.92)
|
disco |
Ignored
(end of life)
|
|
eoan |
Released
(5.3.0-46.38)
|
|
focal |
Not vulnerable
(5.4.0-18.22)
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Not vulnerable
(4.2.0-16.19)
|
|
Patches: Introduced by 68e7e50f195f34d0d539282779cad073d999192b |
||
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1063.67)
|
disco |
Ignored
(end of life)
|
|
eoan |
Released
(5.3.0-1016.17)
|
|
focal |
Not vulnerable
(5.4.0-1005.5)
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was pending)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Released
(4.15.0-1063.67~16.04.1)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1036.38)
|
disco |
Ignored
(end of life)
|
|
eoan |
Released
(5.3.0-1019.20)
|
|
focal |
Not vulnerable
(5.4.0-1006.6)
|
|
trusty |
Released
(4.15.0-1074.79~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Released
(4.15.0-1075.80)
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1019.20~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1034.35)
|
disco |
Ignored
(end of life)
|
|
eoan |
Released
(5.3.0-1017.18)
|
|
focal |
Not vulnerable
(5.4.0-1005.5)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Released
(4.15.0-1058.62)
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1017.18~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1055.58)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1033.34)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1017.18~18.04.1)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-46.38~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Released
(4.15.0-91.92~16.04.1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Ignored
(end of life, was needs-triage)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1056.57)
|
disco |
Ignored
(end of life)
|
|
eoan |
Released
(5.3.0-1015.16)
|
|
focal |
Not vulnerable
(5.4.0-1004.4)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1076.86)
|
disco |
Ignored
(end of life)
|
|
eoan |
Released
(4.15.0-1076.86)
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Not vulnerable
(5.6.0-1007.7)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1047.52)
|
disco |
Ignored
(end of life)
|
|
eoan |
Released
(5.0.0-1047.52)
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1035.39)
|
disco |
Ignored
(end of life)
|
|
eoan |
Released
(5.3.0-1014.15)
|
|
focal |
Not vulnerable
(5.4.0-1005.5)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Released
(4.15.0-1035.38~16.04.1)
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1014.19)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1014.15~18.04.1)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-raspi Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Not vulnerable
(5.4.0-1007.7)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1057.61)
|
disco |
Ignored
(end of life)
|
|
eoan |
Released
(5.3.0-1022.24)
|
|
focal |
Ignored
(end of life, was needed)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1022.24~18.04.1)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-riscv Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Not vulnerable
(5.4.0-24.28)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1074.81)
|
disco |
Ignored
(end of life)
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.5~rc1)
|
|
xenial |
Not vulnerable
(4.4.0-1012.12)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |