vulnerability

Ubuntu: (Multiple Advisories) (CVE-2019-19241): Linux kernel vulnerabilities

Try Surface Command
Back to search
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Dec 17, 2019
Added
Feb 19, 2020
Modified
Nov 7, 2024

Description

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.

Solution(s)

ubuntu-upgrade-linux-image-5-3-0-1009-oracleubuntu-upgrade-linux-image-5-3-0-1010-kvmubuntu-upgrade-linux-image-5-3-0-1011-awsubuntu-upgrade-linux-image-5-3-0-1012-gcpubuntu-upgrade-linux-image-5-3-0-1013-azureubuntu-upgrade-linux-image-5-3-0-1018-raspi2ubuntu-upgrade-linux-image-5-3-0-40-genericubuntu-upgrade-linux-image-5-3-0-40-generic-lpaeubuntu-upgrade-linux-image-5-3-0-40-lowlatencyubuntu-upgrade-linux-image-5-3-0-40-snapdragonubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-edgeubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-edgeubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-hwe-18-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-hwe-18-04ubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-hwe-18-04ubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-raspi2ubuntu-upgrade-linux-image-raspi2-hwe-18-04ubuntu-upgrade-linux-image-snapdragonubuntu-upgrade-linux-image-snapdragon-hwe-18-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-18-04

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today