UBUNTU-CVE-2019-16089

Description

An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.

CVSS Metrics

• v3.1•MEDIUM•Score: 4.1CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• ubuntu•linux

  all | < 4.15.0-109.110 | < 5.4.0-42.46

• ubuntu•linux-aws

  all | < 4.15.0-1077.81 | < 5.4.0-1020.20

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.3

  < 5.3.0-1032.34~18.04.2

• ubuntu•linux-aws-5.4

  < 5.4.0-1020.20~18.04.2

• ubuntu•linux-aws-hwe

  < 4.15.0-1079.83~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1091.101~14.04.1 | < 4.15.0-1091.101~16.04.1 | all | < 5.4.0-1022.22

• ubuntu•linux-azure-4.15

  < 4.15.0-1091.101

• ubuntu•linux-azure-5.3

  < 5.3.0-1034.35~18.04.1

• ubuntu•linux-azure-5.4

  < 5.4.0-1022.22~18.04.1

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-gcp

  < 4.15.0-1080.90~16.04.1 | all | < 5.4.0-1021.21

• ubuntu•linux-gcp-4.15

  < 4.15.0-1080.90

• ubuntu•linux-gcp-5.3

  < 5.3.0-1032.34~18.04.1

• ubuntu•linux-gcp-5.4

  < 5.4.0-1021.21~18.04.1

• ubuntu•linux-gcp-edge

  all

• ubuntu•linux-gke-4.15

  < 4.15.0-1066.69

• ubuntu•linux-gke-5.0

  < 5.0.0-1045.46

• ubuntu•linux-gke-5.3

  < 5.3.0-1032.34~18.04.1

• ubuntu•linux-hwe

  < 4.15.0-112.113~16.04.1 | < 5.3.0-64.58~18.04.1

• ubuntu•linux-hwe-5.4

  < 5.4.0-42.46~18.04.1

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-kvm

  < 4.15.0-1069.70 | < 5.4.0-1020.20

• ubuntu•linux-lts-xenial

  all

• ubuntu•linux-oem

  < 4.15.0-1091.101

• ubuntu•linux-oem-5.6

  all

• ubuntu•linux-oem-osp1

  < 5.0.0-1065.70

• ubuntu•linux-oracle

  < 4.15.0-1050.54~16.04.1 | < 4.15.0-1048.52 | < 5.4.0-1021.21

• ubuntu•linux-oracle-5.0

  all

• ubuntu•linux-oracle-5.3

  < 5.3.0-1030.32~18.04.1

• ubuntu•linux-oracle-5.4

  < 5.4.0-1021.21~18.04.1

• ubuntu•linux-raspi

  < 5.4.0-1015.15

• ubuntu•linux-raspi-5.4

  < 5.4.0-1015.15~18.04.1

• ubuntu•linux-raspi2

  < 4.15.0-1065.69 | all

• ubuntu•linux-raspi2-5.3

  < 5.3.0-1030.32~18.04.2

• ubuntu•linux-riscv

  < 5.4.0-30.34

• ubuntu•linux-snapdragon

  < 4.15.0-1083.91

References (9)

• https://ubuntu.com/security/CVE-2019-16089
• https://lore.kernel.org/patchwork/patch/1106884/
• https://lore.kernel.org/patchwork/patch/1126650/
• https://lore.kernel.org/lkml/20190911164013.27364-1-navid.emamdoost@gmail.com/
• https://ubuntu.com/security/notices/USN-4414-1
• https://ubuntu.com/security/notices/USN-4425-1
• https://ubuntu.com/security/notices/USN-4439-1
• https://ubuntu.com/security/notices/USN-4440-1
• https://www.cve.org/CVERecord?id=CVE-2019-16089