Bug 1159912 – VUL-0: CVE-2019-5108: kernel-source: exploitable denial-of-service vulnerability by triggering AP to send IAPP location updates for stations b

Bug 1159912 - (CVE-2019-5108) VUL-0: CVE-2019-5108: kernel-source: exploitable denial-of-service vulnerability by triggering AP to send IAPP location updates for stations b

(CVE-2019-5108)
Summary:	VUL-0: CVE-2019-5108: kernel-source: exploitable denial-of-service vulnerabil...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/249683/
Whiteboard:	CVSSv3.1:SUSE:CVE-2019-5108:7.4:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-12-30 13:12 UTC by Marcus Meissner
Modified:	2022-04-12 13:58 UTC (History)
CC List:	9 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2019-12-30 13:12:58 UTC

CVE-2019-5108

An exploitable denial-of-service vulnerability exists in the Linux kernel prior
to mainline 5.3. An attacker could exploit this vulnerability by triggering AP
to send IAPP location updates for stations before the required authentication
process has completed. This could lead to different denial-of-service scenarios,
either by causing CAM table attacks, or by leading to traffic flapping if faking
already existing clients in other nearby APs of the same wireless
infrastructure. An attacker can forge Authentication and Association Request
packets to trigger this vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5108
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900

Comment 1 Marcus Meissner 2019-12-30 13:17:19 UTC

i could not spot an upstream commit for it yet.

Comment 3 Miroslav Beneš 2020-01-31 11:45:52 UTC

Coincidentally I checked yesterday and found 3e493173b784 ("mac80211: Do not send Layer 2 Update frame before authorization"). However, someone has to ensure it is really the fix.

Comment 4 Borislav Petkov 2020-01-31 11:49:48 UTC

Al, Michal?

Comment 9 Swamp Workflow Management 2020-05-12 13:25:23 UTC

SUSE-SU-2020:1255-1: An update that solves 53 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1037216,1075091,1075994,1087082,1087813,1091041,1099279,1120386,1131107,1133147,1136449,1137325,1146519,1146544,1146612,1149591,1153811,1154844,1155311,1155897,1156060,1157038,1157042,1157070,1157143,1157155,1157157,1157158,1157303,1157324,1157333,1157464,1157804,1157923,1158021,1158132,1158381,1158394,1158398,1158410,1158413,1158417,1158427,1158445,1158819,1158823,1158824,1158827,1158834,1158900,1158903,1158904,1159199,1159285,1159297,1159841,1159908,1159910,1159911,1159912,1160195,1162227,1162298,1162928,1162929,1162931,1163971,1164069,1164078,1164846,1165111,1165311,1165873,1165881,1165984,1165985,1167629,1168075,1168295,1168424,1168829,1168854,1170056,1170345,1170778
CVE References: CVE-2017-18255,CVE-2018-21008,CVE-2019-14615,CVE-2019-14895,CVE-2019-14896,CVE-2019-14897,CVE-2019-14901,CVE-2019-15213,CVE-2019-18660,CVE-2019-18675,CVE-2019-18683,CVE-2019-19052,CVE-2019-19062,CVE-2019-19066,CVE-2019-19073,CVE-2019-19074,CVE-2019-19319,CVE-2019-19332,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19527,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19767,CVE-2019-19768,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20096,CVE-2019-3701,CVE-2019-5108,CVE-2019-9455,CVE-2019-9458,CVE-2020-10690,CVE-2020-10720,CVE-2020-10942,CVE-2020-11494,CVE-2020-11608,CVE-2020-11609,CVE-2020-2732,CVE-2020-8647,CVE-2020-8648,CVE-2020-8649,CVE-2020-8992,CVE-2020-9383
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.129.1, kernel-source-4.4.121-92.129.1, kernel-syms-4.4.121-92.129.1, kgraft-patch-SLE12-SP2_Update_34-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.129.1, kernel-source-4.4.121-92.129.1, kernel-syms-4.4.121-92.129.1, kgraft-patch-SLE12-SP2_Update_34-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.129.1, kernel-source-4.4.121-92.129.1, kernel-syms-4.4.121-92.129.1, kgraft-patch-SLE12-SP2_Update_34-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.129.1, kernel-source-4.4.121-92.129.1, kernel-syms-4.4.121-92.129.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.129.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2020-05-14 13:18:41 UTC

SUSE-SU-2020:1275-1: An update that solves 35 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1056134,1087813,1120386,1133147,1137325,1145929,1149591,1154118,1154844,1155689,1157155,1157157,1157303,1157804,1158021,1158642,1158819,1159199,1159285,1159297,1159841,1159908,1159910,1159911,1159912,1160195,1161586,1162227,1162928,1162929,1162931,1163508,1163971,1164009,1164051,1164069,1164078,1164846,1165111,1165311,1165873,1165881,1165984,1165985,1167421,1167423,1167629,1168075,1168295,1168424,1168829,1168854,1170056,1170345,1170778,1170847
CVE References: CVE-2017-18255,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-21008,CVE-2019-11091,CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-18675,CVE-2019-19066,CVE-2019-19319,CVE-2019-19447,CVE-2019-19767,CVE-2019-19768,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20096,CVE-2019-3701,CVE-2019-5108,CVE-2019-9455,CVE-2019-9458,CVE-2020-10690,CVE-2020-10720,CVE-2020-10942,CVE-2020-11494,CVE-2020-11608,CVE-2020-11609,CVE-2020-2732,CVE-2020-8647,CVE-2020-8648,CVE-2020-8649,CVE-2020-8992,CVE-2020-9383
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.116.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.116.1, kernel-source-4.4.180-94.116.1, kernel-syms-4.4.180-94.116.1, kgraft-patch-SLE12-SP3_Update_31-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2020-08-03 19:16:49 UTC

SUSE-SU-2020:14442-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1159912,1159913,1162002,1171218,1171219,1171220,1172775,1172999,1173265,1174462,1174543
CVE References: CVE-2019-5108,CVE-2020-0305,CVE-2020-10732,CVE-2020-10769,CVE-2020-10773,CVE-2020-12652,CVE-2020-12656,CVE-2020-13974,CVE-2020-14416
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.117.1, kernel-default-3.0.101-108.117.1, kernel-ec2-3.0.101-108.117.1, kernel-pae-3.0.101-108.117.1, kernel-ppc64-3.0.101-108.117.1, kernel-source-3.0.101-108.117.1, kernel-syms-3.0.101-108.117.1, kernel-trace-3.0.101-108.117.1, kernel-xen-3.0.101-108.117.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.117.1, kernel-pae-3.0.101-108.117.1, kernel-ppc64-3.0.101-108.117.1, kernel-trace-3.0.101-108.117.1, kernel-xen-3.0.101-108.117.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.117.1, kernel-default-3.0.101-108.117.1, kernel-ec2-3.0.101-108.117.1, kernel-pae-3.0.101-108.117.1, kernel-ppc64-3.0.101-108.117.1, kernel-trace-3.0.101-108.117.1, kernel-xen-3.0.101-108.117.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Gabriele Sonnu 2022-04-12 13:58:56 UTC

Done.