CVE-2019-18282

Priority
Description
The flow_dissector feature in the Linux kernel 4.3 through 5.x before
5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This
occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit
hashrnd value as a secret, and because jhash (instead of siphash) is used.
The hashrnd value remains the same starting from boot time, and can be
inferred by an attacker. This affects net/core/flow_dissector.c and related
code.
Notes
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needed ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):ignored (was needed ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-170.199)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-74.84)
Ubuntu 19.10 (Eoan Ermine):released (5.3.0-24.26)
Ubuntu 20.04 (Focal Fossa):not-affected (5.4.0-9.12)
Patches:
Introduced by
cb1ce2ef387b01686469487edd45994872d52d73
Fixed by
55667441c84fa5e0911a0aac44fb059c15ba6da2
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):pending (4.4.0-1059.63)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1099.110)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1057.59)
Ubuntu 19.10 (Eoan Ermine):released (5.3.0-1008.9)
Ubuntu 20.04 (Focal Fossa):not-affected (5.4.0-1005.5)
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (5.0.0-1023.26~18.04.1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1057.59~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.15.0-1066.71~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1066.71)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.0.0-1028.30~18.04.1)
Ubuntu 19.10 (Eoan Ermine):released (5.3.0-1008.9)
Ubuntu 20.04 (Focal Fossa):not-affected (5.4.0-1006.6)
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (5.3.0-1008.9~18.04.1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (was needs-triage now end-of-life)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1052.56)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.0.0-1028.29~18.04.1)
Ubuntu 19.10 (Eoan Ermine):released (5.3.0-1009.10)
Ubuntu 20.04 (Focal Fossa):not-affected (5.4.0-1005.5)
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (5.3.0-1009.10~18.04.1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):ignored (was needs-triage now end-of-life)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1050.53)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (5.0.0-1027.28~18.04.1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (5.3.0-1011.12~18.04.1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-74.83~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.3.0-26.28~18.04.1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (was needs-triage now end-of-life)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1063.70)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1052.52)
Ubuntu 19.10 (Eoan Ermine):released (5.3.0-1008.9)
Ubuntu 20.04 (Focal Fossa):not-affected (5.4.0-1004.4)
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needed ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):pending (4.4.0-170.199~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1066.76)
Ubuntu 19.10 (Eoan Ermine):needed
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):not-affected (5.4.0-1002.4)
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (5.0.0-1033.38)
Ubuntu 19.10 (Eoan Ermine):needed
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1031.34~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1031.34)
Ubuntu 19.10 (Eoan Ermine):released (5.3.0-1007.8)
Ubuntu 20.04 (Focal Fossa):not-affected (5.4.0-1005.5)
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (5.0.0-1009.14~18.04.1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1126.135)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1053.57)
Ubuntu 19.10 (Eoan Ermine):released (5.3.0-1014.16)
Ubuntu 20.04 (Focal Fossa):ignored (was needed now end-of-life)
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (5.3.0-1017.19~18.04.1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (5.4~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1130.138)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1070.77)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
More Information

Updated: 2020-03-25 04:14:42 UTC (commit 38f2f4ca77c9fe09b202953003da484ab34743be)