Oval Definition:oval:com.ubuntu.bionic:def:201951080000000
Revision Date:2019-12-23Version:1
Title:CVE-2019-5108 on Ubuntu 18.04 LTS (bionic) - medium.
Description:An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-5108
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND Package Information
  • linux package in bionic was vulnerable but has been fixed (note: '4.15.0-88.88').
  • OR linux-aws package in bionic was vulnerable but has been fixed (note: '4.15.0-1060.62').
  • OR linux-aws-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1025.28').
  • OR linux-azure package in bionic was vulnerable but has been fixed (note: '5.0.0-1032.34').
  • OR linux-azure-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1007.8~18.04.1').
  • OR linux-gcp package in bionic was vulnerable but has been fixed (note: '5.0.0-1031.32').
  • OR linux-gcp-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1008.9~18.04.1').
  • OR linux-gke-4.15 package in bionic was vulnerable but has been fixed (note: '4.15.0-1052.55').
  • OR linux-gke-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1030.31').
  • OR linux-gke-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1011.12~18.04.1').
  • OR linux-hwe package in bionic was vulnerable but has been fixed (note: '5.3.0-26.28~18.04.1').
  • OR linux-kvm package in bionic was vulnerable but has been fixed (note: '4.15.0-1053.53').
  • OR linux-meta package in bionic was vulnerable but has been fixed (note: '4.15.0-88.88').
  • OR linux-meta-aws package in bionic was vulnerable but has been fixed (note: '4.15.0-1060.62').
  • OR linux-meta-aws-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1025.28').
  • OR linux-meta-azure package in bionic was vulnerable but has been fixed (note: '5.0.0-1032.34').
  • OR linux-meta-azure-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1007.8~18.04.1').
  • OR linux-meta-gcp package in bionic was vulnerable but has been fixed (note: '5.0.0-1031.32').
  • OR linux-meta-gcp-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1008.9~18.04.1').
  • OR linux-meta-gke-4.15 package in bionic was vulnerable but has been fixed (note: '4.15.0-1052.55').
  • OR linux-meta-gke-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1030.31').
  • OR linux-meta-gke-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1011.12~18.04.1').
  • OR linux-meta-hwe package in bionic was vulnerable but has been fixed (note: '5.3.0-26.28~18.04.1').
  • OR linux-meta-kvm package in bionic was vulnerable but has been fixed (note: '4.15.0-1053.53').
  • OR linux-meta-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1073.83').
  • OR linux-meta-oem-osp1 package in bionic was vulnerable but has been fixed (note: '5.0.0-1039.44').
  • OR linux-meta-oracle package in bionic was vulnerable but has been fixed (note: '4.15.0-1033.36').
  • OR linux-meta-oracle-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1011.16').
  • OR linux-meta-raspi2 package in bionic was vulnerable but has been fixed (note: '4.15.0-1055.59').
  • OR linux-meta-raspi2-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1017.19~18.04.1').
  • OR linux-meta-snapdragon package in bionic was vulnerable but has been fixed (note: '4.15.0-1072.79').
  • OR linux-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1073.83').
  • OR linux-oem-osp1 package in bionic was vulnerable but has been fixed (note: '5.0.0-1039.44').
  • OR linux-oracle package in bionic was vulnerable but has been fixed (note: '4.15.0-1033.36').
  • OR linux-oracle-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1011.16').
  • OR linux-raspi2 package in bionic was vulnerable but has been fixed (note: '4.15.0-1055.59').
  • OR linux-raspi2-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1017.19~18.04.1').
  • OR linux-signed package in bionic was vulnerable but has been fixed (note: '4.15.0-88.88').
  • OR linux-signed-azure package in bionic was vulnerable but has been fixed (note: '5.0.0-1032.34').
  • OR linux-signed-azure-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1007.8~18.04.1').
  • OR linux-signed-gcp package in bionic was vulnerable but has been fixed (note: '5.0.0-1031.32').
  • OR linux-signed-gcp-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1008.9~18.04.1').
  • OR linux-signed-gke-4.15 package in bionic was vulnerable but has been fixed (note: '4.15.0-1052.55').
  • OR linux-signed-gke-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1030.31').
  • OR linux-signed-gke-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1011.12~18.04.1').
  • OR linux-signed-hwe package in bionic was vulnerable but has been fixed (note: '5.3.0-26.28~18.04.1').
  • OR linux-signed-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1073.83').
  • OR linux-signed-oem-osp1 package in bionic was vulnerable but has been fixed (note: '5.0.0-1039.44').
  • OR linux-signed-oracle package in bionic was vulnerable but has been fixed (note: '4.15.0-1033.36').
  • OR linux-signed-oracle-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1011.16').
  • OR linux-snapdragon package in bionic was vulnerable but has been fixed (note: '4.15.0-1072.79').
    • BACK