UBUNTU-CVE-2019-16714

Details

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

Affected Packages(43 packages)

linux

Ubuntu 14.04 LTSUbuntu Pro 14.04 LTS

Affected versions:

3.11.0-12.193.12.0-1.33.12.0-2.53.12.0-2.73.12.0-3.83.12.0-3.93.12.0-4.103.12.0-4.123.12.0-5.133.12.0-7.15+170 more

linux

Ubuntu 20.04 LTS

Affected versions:

5.3.0-18.195.3.0-24.26

Fixed in:

5.4.0-9.12

linux

Ubuntu 16.04 LTS

Fixed in:

4.2.0-16.19

linux

Ubuntu 18.04 LTS

Fixed in:

4.13.0-16.19

linux-aws

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1001.1

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1001.10

linux-aws

Ubuntu Pro 14.04 LTS

Affected versions:

4.4.0-1002.24.4.0-1003.34.4.0-1005.54.4.0-1006.64.4.0-1009.94.4.0-1010.104.4.0-1011.114.4.0-1012.124.4.0-1014.144.4.0-1016.16+94 more

linux-aws

Ubuntu 20.04 LTS

Affected versions:

5.3.0-1003.35.3.0-1008.95.3.0-1009.105.3.0-1010.11

Fixed in:

5.4.0-1005.5

linux-aws-5.0

Ubuntu 18.04 LTS

Fixed in:

5.0.0-1021.24~18.04.1

linux-aws-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1030.31~16.04.1

References

REPORT

https://git.kernel.org/linus/7d0a06586b2686ba80c4a2da5f91cb10ffbea736

REPORT

https://ubuntu.com/security/CVE-2019-16714

REPORT

https://ubuntu.com/security/notices/USN-4157-1

REPORT

https://ubuntu.com/security/notices/USN-4157-2

REPORT

https://www.cve.org/CVERecord?id=CVE-2019-16714