CVE-2019-19769 in Ubuntu

CVE-2019-19769

Priority

Description

In the Linux kernel 5.3.10, there is a use-after-free (read) in the
perf_trace_lock_acquire function (related to include/trace/events/lock.h).

Ubuntu-Description

Tristan Madani discovered that the file locking implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service or expose sensitive information.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19769
https://bugzilla.kernel.org/show_bug.cgi?id=205705
https://ubuntu.com/security/notices/USN-4369-1
https://ubuntu.com/security/notices/USN-4368-1

Notes

sbeattie

first attempted fix was
6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da but that showed
performance issues in synthetic benchmarks, more complex fix is
dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a
may be introduced by
16306a61d3b7c433c7a127ec6224867b88ece687
no confirmation that the fixes listed actually address the
reporter's issue
the conservative fix for this issue may be to just apply
6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	not-affected (4.13.0-16.19)
Ubuntu 20.04 LTS:	not-affected (5.4.0-24.28)
Ubuntu 16.04 ESM:	not-affected (4.2.0-16.19)
Ubuntu 14.04 ESM:	ignored (was needs-triage ESM criteria)

Patches:

Introduced by 16306a61d3b7c433c7a127ec6224867b88ece687	Fixed by 6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da
Introduced by 16306a61d3b7c433c7a127ec6224867b88ece687	Fixed by dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1008.8)
Ubuntu 16.04 ESM:	not-affected (4.4.0-1001.10)
Ubuntu 14.04 ESM:	ignored (was needs-triage ESM criteria)

Patches:

Package

Source: linux-aws-5.0 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-5.3 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-1019.21~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-hwe (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	not-affected (4.15.0-1030.31~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1009.9)
Ubuntu 16.04 ESM:	not-affected (4.11.0-1009.9)
Ubuntu 14.04 ESM:	ignored (was needs-triage ESM criteria)

Patches:

Package

Source: linux-azure-4.15 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1082.92)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-5.3 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-1022.23~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1008.8)
Ubuntu 16.04 ESM:	not-affected (4.10.0-1004.4)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-4.15 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1071.81)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-5.3 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-1020.22~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-edge (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-4.15 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1030.32)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.0 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	released (5.0.0-1037.38)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.3 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-1020.22~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-53.47~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	not-affected (4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1007.7)
Ubuntu 16.04 ESM:	not-affected (4.4.0-1004.9)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	ignored (was needs-triage ESM criteria)

Patches:

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.3)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-5.6 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.6.0-1007.7)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-osp1 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	released (5.0.0-1052.57)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1007.9)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1008.8)
Ubuntu 16.04 ESM:	not-affected (4.15.0-1007.9~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.0 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.3 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-1018.20~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.4.0-1008.8)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	not-affected (4.13.0-1005.5)
Ubuntu 20.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2-5.3 (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	released (5.3.0-1026.28~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-riscv (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.4.0-24.28)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (5.6~rc7)
Ubuntu 18.04 LTS:	not-affected (4.4.0-1077.82)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 13:53:34 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)