APPLIED: [B/D][SRU] Fix for CVE-2019-5108
Khaled Elmously
khalid.elmously at canonical.com
Tue Jan 28 21:31:51 UTC 2020
On 2020-01-24 11:14:21 , Connor Kuehl wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5108.html
>
> From the link above:
>
> "An exploitable denial-of-service vulnerability exists in the Linux kernel
> prior to mainline 5.3. An attacker could exploit this vulnerability by
> triggering AP to send IAPP location updates for stations before the
> required authentication process has completed. This could lead to different
> denial-of-service scenarios, either by causing CAM table attacks, or by
> leading to traffic flapping if faking already existing clients in other
> nearby APs of the same wireless infrastructure. An attacker can forge
> Authentication and Association Request packets to trigger this
> vulnerability."
>
> This fix is making its way into Xenial via upstream stable update 4.4.211.
>
> Clean cherry pick into Disco. Picked its pre-requisite patch to make it a clean
> cherry pick into Bionic which also allows it to have more parity with Xenial as
> the pre-requisite patch was also a part of that upstream stable update.
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list