Oval Definition:oval:com.ubuntu.disco:def:2019116830000000
Revision Date:2019-05-02Version:1
Title:CVE-2019-11683 on Ubuntu 19.04 (disco) - medium.
Description:udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue. It was discovered that the IPv4 generic receive offload (GRO) for UDP implementation in the Linux kernel did not properly handle padded packets. A remote attacker could use this to cause a denial of service (system crash).
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-11683
Platform(s):Ubuntu 19.04
Product(s):
Definition Synopsis
  • Ubuntu 19.04 (disco) is installed.
  • AND Package Information
  • linux package in disco was vulnerable but has been fixed (note: '5.0.0-15.16').
  • OR linux-aws package in disco was vulnerable but has been fixed (note: '5.0.0-1006.6').
  • OR linux-azure package in disco was vulnerable but has been fixed (note: '5.0.0-1006.6').
  • OR linux-gcp package in disco was vulnerable but has been fixed (note: '5.0.0-1006.6').
  • OR linux-kvm package in disco was vulnerable but has been fixed (note: '5.0.0-1006.6').
  • OR linux-meta package in disco was vulnerable but has been fixed (note: '5.0.0-15.16').
  • OR linux-meta-aws package in disco was vulnerable but has been fixed (note: '5.0.0-1006.6').
  • OR linux-meta-azure package in disco was vulnerable but has been fixed (note: '5.0.0-1006.6').
  • OR linux-meta-gcp package in disco was vulnerable but has been fixed (note: '5.0.0-1006.6').
  • OR linux-meta-kvm package in disco was vulnerable but has been fixed (note: '5.0.0-1006.6').
  • OR linux-meta-oem package in disco, is related to the CVE in some way and has been fixed (note: '4.15.0-1021.24').
  • OR linux-meta-oracle package in disco, is related to the CVE in some way and has been fixed (note: '4.15.0-1007.9').
  • OR linux-meta-raspi2 package in disco was vulnerable but has been fixed (note: '5.0.0-1008.8').
  • OR linux-oem package in disco, is related to the CVE in some way and has been fixed (note: '4.15.0-1021.24').
  • OR linux-oracle package in disco, is related to the CVE in some way and has been fixed (note: '4.15.0-1007.9').
  • OR linux-raspi2 package in disco was vulnerable but has been fixed (note: '5.0.0-1008.8').
  • OR linux-signed package in disco was vulnerable but has been fixed (note: '5.0.0-15.16').
  • OR linux-signed-azure package in disco was vulnerable but has been fixed (note: '5.0.0-1006.6').
  • OR linux-signed-gcp package in disco was vulnerable but has been fixed (note: '5.0.0-1006.6').
  • OR linux-signed-oem package in disco, is related to the CVE in some way and has been fixed (note: '4.15.0-1021.24').
  • OR linux-signed-oracle package in disco, is related to the CVE in some way and has been fixed (note: '4.15.0-1007.9').
  • OR linux-snapdragon package in disco was vulnerable but has been fixed (note: '5.0.0-1012.12').
    • BACK