CVE-2019-18811 in Ubuntu

CVE-2019-18811

Priority

Description

A memory leak in the sof_set_get_large_ctrl_data() function in
sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to
cause a denial of service (memory consumption) by triggering
sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1.

Ubuntu-Description

It was discovered that the Sound Open Firmware (SOF) driver in the Linux
kernel did not properly deallocate memory in certain error conditions. A
local attacker could use this to cause a denial of service (kernel memory
exhaustion).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18811
https://github.com/torvalds/linux/commit/45c1380358b12bf2d1db20a5874e9544f56b34ab
https://ubuntu.com/security/notices/USN-4284-1

Notes

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (4.13.0-16.19)
Ubuntu 20.04 LTS:	not-affected (5.4.0-9.12)
Ubuntu 16.04 ESM:	not-affected (4.2.0-16.19)
Ubuntu 14.04 ESM:	ignored (was needs-triage ESM criteria)

Patches:

Introduced by

54d198d5019dd98b9bcb9099a389608d7e2cccad

Fixed by

45c1380358b12bf2d1db20a5874e9544f56b34ab

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1005.5)
Ubuntu 16.04 ESM:	not-affected (4.4.0-1001.10)
Ubuntu 14.04 ESM:	ignored (was needs-triage ESM criteria)

Patches:

Package

Source: linux-aws-5.0 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (5.0.0-1021.24~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-5.3 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-hwe (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	not-affected (4.15.0-1030.31~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1006.6)
Ubuntu 16.04 ESM:	not-affected (4.11.0-1009.9)
Ubuntu 14.04 ESM:	ignored (was needs-triage ESM criteria)

Patches:

Package

Source: linux-azure-4.15 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-5.3 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-1013.14~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1005.5)
Ubuntu 16.04 ESM:	not-affected (4.10.0-1004.4)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-5.3 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-1012.13~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-edge (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-4.15 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1030.32)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.0 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (5.0.0-1011.11~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.3 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-1012.13~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-40.32~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	not-affected (4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	ignored (was needed now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1004.4)
Ubuntu 16.04 ESM:	not-affected (4.4.0-1004.9)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	ignored (was needs-triage ESM criteria)

Patches:

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.3)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-5.6 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.6.0-1007.7)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-osp1 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (5.0.0-1010.11)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1007.9)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1005.5)
Ubuntu 16.04 ESM:	not-affected (4.15.0-1007.9~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.0 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (5.0.0-1007.12~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.3 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (5.3.0-1011.12~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.4.0-1007.7)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (4.13.0-1005.5)
Ubuntu 20.04 LTS:	ignored (was needed now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2-5.3 (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-1018.20~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-riscv (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.4.0-24.28)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (5.4~rc7)
Ubuntu 18.04 LTS:	not-affected (4.4.0-1077.82)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 13:51:33 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)