CVE-2019-7308 in Ubuntu

CVE-2019-7308

Priority

Description

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs
undesirable out-of-bounds speculation on pointer arithmetic in various
cases, including cases of different branches with different state or limits
to sanitize, leading to side-channel attacks.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7308
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38
https://www.openwall.com/lists/oss-security/2019/02/02/3

Bugs

https://bugs.chromium.org/p/project-zero/issues/detail?id=1711

Notes

tyhicks> Mitigation for this vulnerability is available by setting the
kernel.unprivileged_bpf_disabled sysctl to 1:
$ sudo sysctl kernel.unprivileged_bpf_disabled=1
$ echo kernel.unprivileged_bpf_disabled=1 | \
sudo tee /etc/sysctl.d/90-CVE-2019-7308.conf
tyhicks> This issue is mitigated on systems that use secure boot, thanks to
the kernel lockdown feature which blocks BPF program loading.

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	not-affected (3.0.0-12.20)
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected (3.11.0-12.19)
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.15.0-47.50)
Ubuntu 18.10 (Cosmic Cuttlefish):	pending (4.18.0-17.18)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.19.0-13.14)

Patches:

Introduced by b2157399cc9898260d6031c5bfe45fe137c1fbe7	Fixed by 979d63d50c0c0f7bc537bf821e056cc9fe5abd38
Introduced by b2157399cc9898260d6031c5bfe45fe137c1fbe7	Fixed by d3bd7413e0ca40b60cf60d4003246d067cafdeda

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	needed
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.15.0-1035.37)
Ubuntu 18.10 (Cosmic Cuttlefish):	pending (4.18.0-1012.14)
Ubuntu 19.04 (Disco Dingo):	pending (5.0.0-1001.1)

Package

Source: linux-aws-hwe (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	pending (4.15.0-1035.37~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	pending (4.15.0-1041.45~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	pending (4.15.0-1041.45)
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.18.0-1014.14~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):	pending (4.18.0-1014.14)
Ubuntu 19.04 (Disco Dingo):	pending (5.0.0-1001.1)

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	pending (4.15.0-1041.45)
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.18.0-1014.14~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.4.0-9019.20)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.15.0-1029.31)
Ubuntu 18.10 (Cosmic Cuttlefish):	pending (4.18.0-1008.9)
Ubuntu 19.04 (Disco Dingo):	pending (5.0.0-1001.1)

Package

Source: linux-gcp-edge (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.18.0-1008.9~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	pending (4.15.0-47.50~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.18.0-17.18~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	pending (4.15.0-47.50~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (5.0.0-8.9~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.15.0-1031.31)
Ubuntu 18.10 (Cosmic Cuttlefish):	pending (4.18.0-1009.9)
Ubuntu 19.04 (Disco Dingo):	pending (5.0.0-1001.1)

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	not-affected (3.13.0-24.46~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	needed
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.15.0-1035.40)
Ubuntu 18.10 (Cosmic Cuttlefish):	needed
Ubuntu 19.04 (Disco Dingo):	needed

Package

Source: linux-oracle (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	pending (4.15.0-1010.12~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.15.0-1010.12)
Ubuntu 18.10 (Cosmic Cuttlefish):	needed
Ubuntu 19.04 (Disco Dingo):	needed

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.15.0-1033.35)
Ubuntu 18.10 (Cosmic Cuttlefish):	pending (4.18.0-1011.13)
Ubuntu 19.04 (Disco Dingo):	pending (5.0.0-1004.4)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (5.0~rc3)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

More Information

Updated: 2019-03-21 17:14:27 UTC (commit a1a320d02f9e5bbf4a786bf7712d34d75d551ac2)