CVE-2018-8822 in Ubuntu

CVE-2018-8822

Priority

Description

Incorrect buffer length handling in the ncp_read_kernel function in
fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in
drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through
4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel
or execute code.

Ubuntu-Description

Silvio Cesare discovered a buffer overwrite existed in the NCPFS
implementation in the Linux kernel. A remote attacker controlling a
malicious NCPFS server could use this to cause a denial of service (system
crash) or possibly execute arbitrary code.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8822
https://www.mail-archive.com/netdev@vger.kernel.org/msg223373.html
https://usn.ubuntu.com/usn/usn-3653-1
https://usn.ubuntu.com/usn/usn-3653-2
https://usn.ubuntu.com/usn/usn-3654-1
https://usn.ubuntu.com/usn/usn-3654-2
https://usn.ubuntu.com/usn/usn-3655-1
https://usn.ubuntu.com/usn/usn-3655-2
https://usn.ubuntu.com/usn/usn-3656-1
https://usn.ubuntu.com/usn/usn-3657-1

Notes

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needs-triage ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):	released (3.13.0-149.199)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-127.153)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-15.16)

Patches:

Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by

4c41aa24baa4ed338241d05494f2c595c885af8f

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (4.4.0-1022.22)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1060.69)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1003.3)

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	not-affected (4.15.0-1023.24~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1018.21)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1004.4)

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needs-triage ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1017.21)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1003.3)

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-43.48~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-43.48~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.18.0-8.9~18.04.1)

Product

Source tree: https://github.com/bq/aquaris-E4.5

linux-krillin:

ignored (was needs-triage now end-of-life)

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1026.31)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1004.4)

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	released (3.13.0-149.199~precise1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [was needs-triage now end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (4.4.0-127.153~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1028.31)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1002.3)

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1090.98)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1006.7)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.16~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1093.98)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected

Product

Source tree: https://github.com/bq/aquaris-E5

linux-vegetahd:

ignored (was needs-triage now end-of-life)

More Information

Updated: 2019-12-05 18:51:27 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)