CVE-2019-10220
Publication date 27 November 2019
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
From the Ubuntu Security Team
Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic |
Fixed 4.15.0-88.88
|
|
16.04 LTS xenial |
Fixed 4.4.0-173.203
|
|
14.04 LTS trusty | Ignored | |
linux-aws | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic |
Fixed 4.15.0-1060.62
|
|
16.04 LTS xenial |
Fixed 4.4.0-1101.112
|
|
14.04 LTS trusty | Ignored | |
linux-aws-5.0 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Fixed 5.0.0-1023.26~18.04.1
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-5.3 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-hwe | 20.04 LTS focal | Not in release |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial |
Fixed 4.15.0-1060.62~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-azure | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic |
Fixed 5.0.0-1028.30~18.04.1
|
|
16.04 LTS xenial |
Fixed 4.15.0-1071.76
|
|
14.04 LTS trusty | Ignored | |
linux-azure-4.15 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-5.3 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Fixed 5.3.0-1008.9~18.04.1
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-edge | 20.04 LTS focal | Not in release |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic |
Fixed 5.0.0-1028.29~18.04.1
|
|
16.04 LTS xenial |
Fixed 4.15.0-1055.59
|
|
14.04 LTS trusty | Not in release | |
linux-gcp-4.15 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-5.3 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Fixed 5.3.0-1009.10~18.04.1
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-edge | 20.04 LTS focal | Not in release |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke-4.15 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Fixed 4.15.0-1052.55
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke-5.0 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Fixed 5.0.0-1027.28~18.04.1
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke-5.3 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Fixed 5.3.0-26.28~18.04.1
|
|
16.04 LTS xenial |
Fixed 4.15.0-88.88~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | 20.04 LTS focal | Not in release |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-kvm | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic |
Fixed 4.15.0-1053.53
|
|
16.04 LTS xenial |
Fixed 4.4.0-1065.72
|
|
14.04 LTS trusty | Not in release | |
linux-lts-trusty | 20.04 LTS focal | Not in release |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | 20.04 LTS focal | Not in release |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored | |
linux-oem | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Fixed 4.15.0-1073.83
|
|
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-oem-5.6 | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem-osp1 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Fixed 5.0.0-1033.38
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oracle | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic |
Fixed 4.15.0-1033.36
|
|
16.04 LTS xenial |
Fixed 4.15.0-1033.36~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-oracle-5.0 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Fixed 5.0.0-1009.14~18.04.1
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oracle-5.3 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | 20.04 LTS focal | Ignored |
18.04 LTS bionic |
Fixed 4.15.0-1055.59
|
|
16.04 LTS xenial |
Fixed 4.4.0-1128.137
|
|
14.04 LTS trusty | Not in release | |
linux-raspi2-5.3 | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-riscv | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-snapdragon | 20.04 LTS focal | Not in release |
18.04 LTS bionic |
Fixed 4.15.0-1072.79
|
|
16.04 LTS xenial |
Fixed 4.4.0-1132.140
|
|
14.04 LTS trusty | Not in release |
Notes
Patch details
Package | Patch details |
---|---|
linux |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 · High |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4226-1
- Linux kernel vulnerabilities
- 7 January 2020