UBUNTU-CVE-2019-19055

Details

A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred

Affected Packages(23 packages)

linux-hwe-edge

Ubuntu 16.04 LTS

Affected versions:

4.10.0-14.16~16.04.14.10.0-19.21~16.04.14.10.0-20.22~16.04.14.10.0-21.23~16.04.14.10.0-22.24~16.04.14.10.0-24.28~16.04.14.10.0-26.30~16.04.14.11.0-13.19~16.04.14.11.0-14.20~16.04.14.13.0-16.19~16.04.3+13 more

linux-aws-5.0

Ubuntu 18.04 LTS

Fixed in:

5.0.0-1023.26~18.04.1

linux-azure

Ubuntu 18.04 LTS

Fixed in:

5.0.0-1028.30~18.04.1

linux-azure-5.3

Ubuntu 18.04 LTS

Fixed in:

5.3.0-1009.10~18.04.1

linux-azure-edge

Ubuntu 18.04 LTS

Affected versions:

4.18.0-1006.6~18.04.14.18.0-1007.7~18.04.14.18.0-1008.8~18.04.15.0.0-1012.12~18.04.2

linux-gcp

Ubuntu 18.04 LTS

Fixed in:

5.0.0-1028.29~18.04.1

linux-gcp-5.3

Ubuntu 18.04 LTS

Fixed in:

5.3.0-1010.11~18.04.1

linux-gcp-edge

Ubuntu 18.04 LTS

Affected versions:

4.18.0-1004.5~18.04.14.18.0-1005.6~18.04.14.18.0-1006.7~18.04.14.18.0-1007.8~18.04.14.18.0-1008.9~18.04.14.18.0-1009.10~18.04.14.18.0-1011.12~18.04.14.18.0-1012.13~18.04.14.18.0-1013.14~18.04.14.18.0-1015.16~18.04.1+2 more

linux-gke-5.0

Ubuntu 18.04 LTS

Fixed in:

5.0.0-1027.28~18.04.1

linux-hwe

Ubuntu 18.04 LTS

Fixed in:

5.3.0-26.28~18.04.1

References

REPORT

https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57

REPORT