UBUNTU-CVE-2019-9003

Details

In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.

Affected Packages(25 packages)

linux

Ubuntu 18.04 LTS

Fixed in:

4.13.0-16.19

linux

Ubuntu 14.04 LTS

Fixed in:

3.11.0-12.19

linux

Ubuntu 16.04 LTS

Fixed in:

4.2.0-16.19

linux-aws

Ubuntu 14.04 LTS

Fixed in:

4.4.0-1002.2

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1001.10

linux-aws

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1001.1

linux-aws-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1030.31~16.04.1

linux-azure

Ubuntu 14.04 LTS

Fixed in:

4.15.0-1023.24~14.04.1

linux-azure

Ubuntu 16.04 LTS

Fixed in:

4.11.0-1009.9

linux-azure

Ubuntu 18.04 LTS

Affected versions:

4.15.0-1002.24.15.0-1003.34.15.0-1004.44.15.0-1008.84.15.0-1009.94.15.0-1012.124.15.0-1013.134.15.0-1014.144.15.0-1018.184.15.0-1019.19+13 more

Fixed in:

4.18.0-1014.14~18.04.1

References

REPORThttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8 REPORThttps://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5 REPORThttps://github.com/torvalds/linux/commit/77f8269606bf95fcb232ee86f6da80886f1dfae8 REPORThttps://ubuntu.com/security/CVE-2019-9003 REPORThttps://ubuntu.com/security/notices/USN-3930-1 REPORThttps://ubuntu.com/security/notices/USN-3930-2 REPORThttps://www.cve.org/CVERecord?id=CVE-2019-9003

UBUNTU-CVE-2019-9003

Details

Affected Packages(25 packages)

References

CVSS Analysis

Related

Ecosystems

Timeline