CVE-2019-3701 in Ubuntu

CVE-2019-3701

Priority

Description

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux
kernel through 4.19.13. The CAN frame modification rules allow bitwise
logical operations that can be also applied to the can_dlc field. Because
of a missing check, the CAN drivers may write arbitrary content beyond the
data registers in the CAN controller's I/O memory when processing can-gw
manipulated outgoing frames. This is related to cgw_csum_xor_rel. An
unprivileged user can trigger a system crash (general protection fault).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3701
https://marc.info/?l=linux-netdev&m=154659326324991&w=2
https://marc.info/?l=linux-can&m=154659326224990&w=2

Bugs

https://bugzilla.suse.com/show_bug.cgi?id=1120386

Notes

tyhicks> The original CVE description that states that an unprivileged user
can trigger a system crash is incorrect. Only the root user, from the init
namespace, can trigger the system crash. Therefore, we'll prioritize this
issue as negligible.

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needs-triage ESM criteria)
Ubuntu 14.04 LTS (Trusty Tahr):	needed
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	needed
Ubuntu 19.04 (Disco Dingo):	not-affected (4.19.0-12.13)

Patches:

Introduced by c1aabdf379bc2feeb0df7057ed5bad96f492133e

Fixed by 0aaa81377c5a01f686bcdb8c7a6929a7bf330c68

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	needed
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	needed
Ubuntu 19.04 (Disco Dingo):	needed

Package

Source: linux-aws-hwe (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	needed
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	needed
Ubuntu 19.04 (Disco Dingo):	needed

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needs-triage ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	needed
Ubuntu 19.04 (Disco Dingo):	needed

Package

Source: linux-gcp-edge (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	needed
Ubuntu 19.04 (Disco Dingo):	needed

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needs-triage ESM criteria)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	needed
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	needed
Ubuntu 19.04 (Disco Dingo):	needed

Package

Source: linux-oracle (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	needed
Ubuntu 19.04 (Disco Dingo):	needed

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 18.10 (Cosmic Cuttlefish):	needed
Ubuntu 19.04 (Disco Dingo):	needed

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

More Information

Updated: 2019-02-06 19:14:23 UTC (commit 1f07506ddf942ddd276eb6afefc37d0cc6711749)