PublicDateAtUSN: 2019-12-12 20:15:00 UTC
Candidate: CVE-2019-19767
PublicDate: 2019-12-12 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19767
 https://git.kernel.org/linus/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
 https://bugzilla.kernel.org/show_bug.cgi?id=205609
 https://bugzilla.kernel.org/show_bug.cgi?id=205707
 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2
 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
 https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
 https://ubuntu.com/security/notices/USN-4258-1
 https://ubuntu.com/security/notices/USN-4284-1
 https://ubuntu.com/security/notices/USN-4287-1
 https://ubuntu.com/security/notices/USN-4287-2
Description:
 The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as
 demonstrated by use-after-free errors in __ext4_expand_extra_isize and
 ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka
 CID-4ea99936a163.
Ubuntu-Description:
 It was discovered that the ext4 file system implementation in the Linux
 kernel did not properly handle certain conditions. An attacker could use
 this to specially craft an ext4 file system that, when mounted, could cause
 a denial of service (system crash) or possibly execute arbitrary code.
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_linux:
 break-fix: c03b45b853f5829816d871283c792e7527a7ded1 4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
 break-fix: 7bc04c5c2cc467c5b40f2b03ba08da174a0d5fa7 4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
upstream_linux: released (5.5~rc1)
precise/esm_linux: not-affected (3.0.0-12.20)
trusty_linux: ignored (out of standard support)
trusty/esm_linux: not-affected (3.11.0-12.19)
xenial_linux: not-affected (4.2.0-16.19)
esm-infra/xenial_linux: not-affected (4.2.0-16.19)
bionic_linux: released (4.15.0-88.88)
disco_linux: pending (5.0.0-40.44)
eoan_linux: released (5.3.0-40.32)
focal_linux: not-affected (5.4.0-9.12)
devel_linux: not-affected (5.4.0-26.30)

Patches_linux-hwe:
upstream_linux-hwe: released (5.5~rc1)
precise/esm_linux-hwe: DNE
trusty_linux-hwe: DNE
trusty/esm_linux-hwe: DNE
xenial_linux-hwe: released (4.15.0-88.88~16.04.1)
esm-infra/xenial_linux-hwe: released (4.15.0-88.88~16.04.1)
bionic_linux-hwe: released (5.3.0-40.32~18.04.1)
disco_linux-hwe: DNE
eoan_linux-hwe: DNE
focal_linux-hwe: DNE
devel_linux-hwe: DNE

Patches_linux-hwe-edge:
upstream_linux-hwe-edge: released (5.5~rc1)
precise/esm_linux-hwe-edge: DNE
trusty_linux-hwe-edge: DNE
trusty/esm_linux-hwe-edge: DNE
xenial_linux-hwe-edge: ignored (was needs-triage now end-of-life)
esm-infra/xenial_linux-hwe-edge: ignored (was needs-triage now end-of-life)
bionic_linux-hwe-edge: ignored (was needs-triage now end-of-life)
disco_linux-hwe-edge: DNE
eoan_linux-hwe-edge: DNE
focal_linux-hwe-edge: DNE
devel_linux-hwe-edge: DNE

Patches_linux-lts-xenial:
upstream_linux-lts-xenial: released (5.5~rc1)
precise/esm_linux-lts-xenial: DNE
trusty_linux-lts-xenial: ignored (out of standard support)
trusty/esm_linux-lts-xenial: not-affected (4.4.0-13.29~14.04.1)
xenial_linux-lts-xenial: DNE
bionic_linux-lts-xenial: DNE
disco_linux-lts-xenial: DNE
eoan_linux-lts-xenial: DNE
focal_linux-lts-xenial: DNE
devel_linux-lts-xenial: DNE

Patches_linux-lts-trusty:
upstream_linux-lts-trusty: released (5.5~rc1)
precise/esm_linux-lts-trusty: not-affected (3.13.0-24.46~precise1)
trusty_linux-lts-trusty: DNE
trusty/esm_linux-lts-trusty: DNE
xenial_linux-lts-trusty: DNE
bionic_linux-lts-trusty: DNE
disco_linux-lts-trusty: DNE
eoan_linux-lts-trusty: DNE
focal_linux-lts-trusty: DNE
devel_linux-lts-trusty: DNE

Patches_linux-oem:
upstream_linux-oem: released (5.5~rc1)
precise/esm_linux-oem: DNE
trusty_linux-oem: DNE
trusty/esm_linux-oem: DNE
xenial_linux-oem: ignored (was needs-triage now end-of-life)
bionic_linux-oem: released (4.15.0-1073.83)
disco_linux-oem: ignored (reached end-of-life)
eoan_linux-oem: pending (4.15.0-1076.86)
focal_linux-oem: DNE
devel_linux-oem: DNE

Patches_linux-oem-osp1:
upstream_linux-oem-osp1: released (5.5~rc1)
precise/esm_linux-oem-osp1: DNE
trusty_linux-oem-osp1: DNE
trusty/esm_linux-oem-osp1: DNE
xenial_linux-oem-osp1: DNE
bionic_linux-oem-osp1: released (5.0.0-1037.42)
disco_linux-oem-osp1: ignored (reached end-of-life)
eoan_linux-oem-osp1: released (5.0.0-1037.42)
focal_linux-oem-osp1: DNE
devel_linux-oem-osp1: DNE

Patches_linux-kvm:
upstream_linux-kvm: released (5.5~rc1)
precise/esm_linux-kvm: DNE
trusty_linux-kvm: DNE
trusty/esm_linux-kvm: DNE
xenial_linux-kvm: not-affected (4.4.0-1004.9)
esm-infra/xenial_linux-kvm: not-affected (4.4.0-1004.9)
bionic_linux-kvm: released (4.15.0-1053.53)
disco_linux-kvm: ignored (was pending \[5.0.0-1025.27\] now end-of-life)
eoan_linux-kvm: released (5.3.0-1010.11)
focal_linux-kvm: not-affected (5.4.0-1004.4)
devel_linux-kvm: not-affected (5.4.0-1009.9)

Patches_linux-aws:
upstream_linux-aws: released (5.5~rc1)
precise/esm_linux-aws: DNE
trusty_linux-aws: ignored (out of standard support)
trusty/esm_linux-aws: not-affected (4.4.0-1002.2)
xenial_linux-aws: not-affected (4.4.0-1001.10)
esm-infra/xenial_linux-aws: not-affected (4.4.0-1001.10)
bionic_linux-aws: released (4.15.0-1060.62)
disco_linux-aws: ignored (was pending \[5.0.0-1024.27\] now end-of-life)
eoan_linux-aws: released (5.3.0-1011.12)
focal_linux-aws: not-affected (5.4.0-1005.5)
devel_linux-aws: not-affected (5.4.0-1009.9)

Patches_linux-aws-5.0:
upstream_linux-aws-5.0: released (5.5~rc1)
precise/esm_linux-aws-5.0: DNE
trusty_linux-aws-5.0: DNE
trusty/esm_linux-aws-5.0: DNE
xenial_linux-aws-5.0: DNE
bionic_linux-aws-5.0: released (5.0.0-1024.27~18.04.1)
disco_linux-aws-5.0: DNE
eoan_linux-aws-5.0: DNE
focal_linux-aws-5.0: DNE
devel_linux-aws-5.0: DNE

Patches_linux-aws-hwe:
upstream_linux-aws-hwe: released (5.5~rc1)
precise/esm_linux-aws-hwe: DNE
trusty_linux-aws-hwe: DNE
trusty/esm_linux-aws-hwe: DNE
xenial_linux-aws-hwe: released (4.15.0-1060.62~16.04.1)
esm-infra/xenial_linux-aws-hwe: released (4.15.0-1060.62~16.04.1)
bionic_linux-aws-hwe: DNE
disco_linux-aws-hwe: DNE
eoan_linux-aws-hwe: DNE
focal_linux-aws-hwe: DNE
devel_linux-aws-hwe: DNE

Patches_linux-azure:
upstream_linux-azure: released (5.5~rc1)
precise/esm_linux-azure: DNE
trusty_linux-azure: ignored (out of standard support)
trusty/esm_linux-azure: released (4.15.0-1071.76~14.04.1)
xenial_linux-azure: released (4.15.0-1071.76)
esm-infra/xenial_linux-azure: released (4.15.0-1071.76)
bionic_linux-azure: released (5.0.0-1029.31~18.04.1)
disco_linux-azure: ignored (was pending \[5.0.0-1029.31\] now end-of-life)
eoan_linux-azure: released (5.3.0-1013.14)
focal_linux-azure: not-affected (5.4.0-1006.6)
devel_linux-azure: not-affected (5.4.0-1010.10)

Patches_linux-azure-5.3:
upstream_linux-azure-5.3: released (5.5~rc1)
precise/esm_linux-azure-5.3: DNE
trusty_linux-azure-5.3: DNE
trusty/esm_linux-azure-5.3: DNE
xenial_linux-azure-5.3: DNE
bionic_linux-azure-5.3: released (5.3.0-1013.14~18.04.1)
disco_linux-azure-5.3: DNE
eoan_linux-azure-5.3: DNE
focal_linux-azure-5.3: DNE
devel_linux-azure-5.3: DNE

Patches_linux-azure-edge:
upstream_linux-azure-edge: released (5.5~rc1)
precise/esm_linux-azure-edge: DNE
trusty_linux-azure-edge: DNE
trusty/esm_linux-azure-edge: DNE
xenial_linux-azure-edge: DNE
bionic_linux-azure-edge: ignored (was needs-triage now end-of-life)
disco_linux-azure-edge: DNE
eoan_linux-azure-edge: DNE
focal_linux-azure-edge: DNE
devel_linux-azure-edge: DNE

Patches_linux-gcp:
upstream_linux-gcp: released (5.5~rc1)
precise/esm_linux-gcp: DNE
trusty_linux-gcp: DNE
trusty/esm_linux-gcp: DNE
xenial_linux-gcp: released (4.15.0-1055.59)
esm-infra/xenial_linux-gcp: released (4.15.0-1055.59)
bionic_linux-gcp: released (5.0.0-1029.30~18.04.1)
disco_linux-gcp: ignored (was pending \[5.0.0-1029.30\] now end-of-life)
eoan_linux-gcp: released (5.3.0-1012.13)
focal_linux-gcp: not-affected (5.4.0-1005.5)
devel_linux-gcp: not-affected (5.4.0-1009.9)

Patches_linux-gcp-5.3:
upstream_linux-gcp-5.3: released (5.5~rc1)
precise/esm_linux-gcp-5.3: DNE
trusty_linux-gcp-5.3: DNE
trusty/esm_linux-gcp-5.3: DNE
xenial_linux-gcp-5.3: DNE
bionic_linux-gcp-5.3: released (5.3.0-1012.13~18.04.1)
disco_linux-gcp-5.3: DNE
eoan_linux-gcp-5.3: DNE
focal_linux-gcp-5.3: DNE
devel_linux-gcp-5.3: DNE

Patches_linux-gcp-edge:
upstream_linux-gcp-edge: released (5.5~rc1)
precise/esm_linux-gcp-edge: DNE
trusty_linux-gcp-edge: DNE
trusty/esm_linux-gcp-edge: DNE
xenial_linux-gcp-edge: DNE
bionic_linux-gcp-edge: ignored (was needs-triage now end-of-life)
disco_linux-gcp-edge: DNE
eoan_linux-gcp-edge: DNE
focal_linux-gcp-edge: DNE
devel_linux-gcp-edge: DNE

Patches_linux-gke-4.15:
upstream_linux-gke-4.15: released (5.5~rc1)
precise/esm_linux-gke-4.15: DNE
trusty_linux-gke-4.15: DNE
trusty/esm_linux-gke-4.15: DNE
xenial_linux-gke-4.15: DNE
bionic_linux-gke-4.15: released (4.15.0-1052.55)
disco_linux-gke-4.15: DNE
eoan_linux-gke-4.15: DNE
focal_linux-gke-4.15: DNE
devel_linux-gke-4.15: DNE

Patches_linux-gke-5.0:
upstream_linux-gke-5.0: released (5.5~rc1)
precise/esm_linux-gke-5.0: DNE
trusty_linux-gke-5.0: DNE
trusty/esm_linux-gke-5.0: DNE
xenial_linux-gke-5.0: DNE
bionic_linux-gke-5.0: released (5.0.0-1029.30~18.04.1)
disco_linux-gke-5.0: DNE
eoan_linux-gke-5.0: DNE
focal_linux-gke-5.0: DNE
devel_linux-gke-5.0: DNE

Patches_linux-oracle:
upstream_linux-oracle: released (5.5~rc1)
precise/esm_linux-oracle: DNE
trusty_linux-oracle: DNE
trusty/esm_linux-oracle: DNE
xenial_linux-oracle: released (4.15.0-1033.36~16.04.1)
esm-infra/xenial_linux-oracle: released (4.15.0-1033.36~16.04.1)
bionic_linux-oracle: released (4.15.0-1033.36)
disco_linux-oracle: ignored (was pending \[5.0.0-1010.15\] now end-of-life)
eoan_linux-oracle: released (5.3.0-1009.10)
focal_linux-oracle: not-affected (5.4.0-1005.5)
devel_linux-oracle: not-affected (5.4.0-1009.9)

Patches_linux-oracle-5.0:
upstream_linux-oracle-5.0: released (5.5~rc1)
precise/esm_linux-oracle-5.0: DNE
trusty_linux-oracle-5.0: DNE
trusty/esm_linux-oracle-5.0: DNE
xenial_linux-oracle-5.0: DNE
bionic_linux-oracle-5.0: released (5.0.0-1010.15~18.04.1)
disco_linux-oracle-5.0: DNE
eoan_linux-oracle-5.0: DNE
focal_linux-oracle-5.0: DNE
devel_linux-oracle-5.0: DNE

Patches_linux-raspi2:
upstream_linux-raspi2: released (5.5~rc1)
precise/esm_linux-raspi2: DNE
trusty_linux-raspi2: DNE
trusty/esm_linux-raspi2: DNE
xenial_linux-raspi2: not-affected (4.2.0-1013.19)
bionic_linux-raspi2: released (4.15.0-1055.59)
disco_linux-raspi2: ignored (was pending \[5.0.0-1025.26\] now end-of-life)
eoan_linux-raspi2: released (5.3.0-1018.20)
focal_linux-raspi2: ignored (was needed now end-of-life)
devel_linux-raspi2: DNE

Patches_linux-snapdragon:
upstream_linux-snapdragon: released (5.5~rc1)
precise/esm_linux-snapdragon: DNE
trusty_linux-snapdragon: DNE
trusty/esm_linux-snapdragon: DNE
xenial_linux-snapdragon: not-affected (4.4.0-1013.15)
bionic_linux-snapdragon: released (4.15.0-1072.79)
disco_linux-snapdragon: ignored (was pending \[5.0.0-1029.31\] now end-of-life)
eoan_linux-snapdragon: DNE
focal_linux-snapdragon: DNE
devel_linux-snapdragon: DNE

Patches_linux-raspi2-5.3:
upstream_linux-raspi2-5.3: released (5.5~rc1)
precise/esm_linux-raspi2-5.3: DNE
trusty_linux-raspi2-5.3: DNE
trusty/esm_linux-raspi2-5.3: DNE
xenial_linux-raspi2-5.3: DNE
bionic_linux-raspi2-5.3: released (5.3.0-1018.20~18.04.1)
eoan_linux-raspi2-5.3: DNE
focal_linux-raspi2-5.3: DNE
devel_linux-raspi2-5.3: DNE

Patches_linux-oem-5.6:
upstream_linux-oem-5.6: released (5.5~rc1)
precise/esm_linux-oem-5.6: DNE
trusty_linux-oem-5.6: DNE
trusty/esm_linux-oem-5.6: DNE
xenial_linux-oem-5.6: DNE
bionic_linux-oem-5.6: DNE
eoan_linux-oem-5.6: DNE
focal_linux-oem-5.6: not-affected (5.6.0-1007.7)
devel_linux-oem-5.6: not-affected (5.6.0-1007.7)

Patches_linux-gke-5.3:
upstream_linux-gke-5.3: released (5.5~rc1)
precise/esm_linux-gke-5.3: DNE
trusty_linux-gke-5.3: DNE
trusty/esm_linux-gke-5.3: DNE
xenial_linux-gke-5.3: DNE
bionic_linux-gke-5.3: released (5.3.0-1012.13~18.04.1)
eoan_linux-gke-5.3: DNE
focal_linux-gke-5.3: DNE
devel_linux-gke-5.3: DNE

Patches_linux-oracle-5.3:
upstream_linux-oracle-5.3: released (5.5~rc1)
precise/esm_linux-oracle-5.3: DNE
trusty_linux-oracle-5.3: DNE
trusty/esm_linux-oracle-5.3: DNE
xenial_linux-oracle-5.3: DNE
bionic_linux-oracle-5.3: not-affected (5.3.0-1011.12~18.04.1)
eoan_linux-oracle-5.3: DNE
focal_linux-oracle-5.3: DNE
devel_linux-oracle-5.3: DNE

Patches_linux-riscv:
upstream_linux-riscv: released (5.5~rc1)
precise/esm_linux-riscv: DNE
trusty_linux-riscv: DNE
trusty/esm_linux-riscv: DNE
xenial_linux-riscv: DNE
bionic_linux-riscv: DNE
eoan_linux-riscv: DNE
focal_linux-riscv: not-affected (5.4.0-24.28)
devel_linux-riscv: not-affected (5.4.0-24.28)

Patches_linux-raspi:
upstream_linux-raspi: released (5.5~rc1)
precise/esm_linux-raspi: DNE
trusty_linux-raspi: DNE
trusty/esm_linux-raspi: DNE
xenial_linux-raspi: DNE
bionic_linux-raspi: DNE
eoan_linux-raspi: DNE
focal_linux-raspi: not-affected (5.4.0-1007.7)
devel_linux-raspi: not-affected (5.4.0-1008.8)

Patches_linux-azure-4.15:
upstream_linux-azure-4.15: released (5.5~rc1)
precise/esm_linux-azure-4.15: DNE
trusty_linux-azure-4.15: DNE
trusty/esm_linux-azure-4.15: DNE
xenial_linux-azure-4.15: DNE
bionic_linux-azure-4.15: not-affected (4.15.0-1082.92)
eoan_linux-azure-4.15: DNE
focal_linux-azure-4.15: DNE
devel_linux-azure-4.15: DNE

Patches_linux-aws-5.3:
upstream_linux-aws-5.3: released (5.5~rc1)
precise/esm_linux-aws-5.3: DNE
trusty_linux-aws-5.3: DNE
trusty/esm_linux-aws-5.3: DNE
xenial_linux-aws-5.3: DNE
bionic_linux-aws-5.3: not-affected (5.3.0-1016.17~18.04.1)
eoan_linux-aws-5.3: DNE
focal_linux-aws-5.3: DNE
devel_linux-aws-5.3: DNE

Patches_linux-gcp-4.15:
upstream_linux-gcp-4.15: released (5.5~rc1)
precise/esm_linux-gcp-4.15: DNE
trusty_linux-gcp-4.15: DNE
trusty/esm_linux-gcp-4.15: DNE
xenial_linux-gcp-4.15: DNE
bionic_linux-gcp-4.15: not-affected (4.15.0-1071.81)
eoan_linux-gcp-4.15: DNE
focal_linux-gcp-4.15: DNE
devel_linux-gcp-4.15: DNE