CVE-2019-3701 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-3701 PUBLISHED

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.

EPSS 0.06% · 17.5th percentile

Risk Scores

EPSS Score

0.06%

17.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	linux-hwe	4.18.0-20.21~18.04.1, 4.18.0-21.22~18.04.1, 4.18.0-22.23~18.04.1
Ubuntu:20.04:LTS	linux-gke	5.4.0-1091.98, 5.4.0-1090.97, 5.4.0-1087.94
Ubuntu:18.04:LTS	linux-snapdragon	4.15.0-1060.66, 0, 4.4.0-1077.82
Ubuntu:Pro:FIPS:18.04:LTS	linux-azure-fips	0, 4.15.0-1002.2
Ubuntu:16.04:LTS	linux	4.4.0-140.166, 4.4.0-38.57, 4.4.0-42.62
Ubuntu:24.04:LTS	linux-raspi-realtime	0, 6.8.0-2019.20
Ubuntu:20.04:LTS	linux-azure-fde	5.4.0-1073.76+cvm1.1, 5.4.0-1072.75+cvm1.1, 5.4.0-1070.73+cvm1.1
Ubuntu:16.04:LTS	linux-kvm	4.4.0-1031.37, 0, 4.4.0-1004.9
Ubuntu:Pro:14.04:LTS	linux	3.13.0-192.243, 0, 3.11.0-12.19
Ubuntu:Pro:FIPS-updates:18.04:LTS	linux-azure-fips	4.15.0-1002.2, 0
Ubuntu:22.04:LTS	linux-realtime	0, 5.15.0-1032.35
Ubuntu:16.04:LTS	linux-azure	4.15.0-1022.22~16.04.1, 4.15.0-1023.24~16.04.1, 4.15.0-1025.26~16.04.1
Ubuntu:16.04:LTS	linux-raspi2	4.4.0-1021.27, 4.4.0-1019.25, 4.4.0-1017.23
Ubuntu:Pro:FIPS-updates:18.04:LTS	linux-aws-fips	4.15.0-2000.4, 0
Ubuntu:14.04:LTS	linux-aws	4.4.0-1014.14, 4.4.0-1012.12, 4.4.0-1011.11
Ubuntu:16.04:LTS	linux-snapdragon	4.4.0-1020.23, 0, 4.4.0-1012.12
Ubuntu:18.04:LTS	linux-azure	4.15.0-1003.3, 4.15.0-1004.4, 4.15.0-1008.8
Ubuntu:14.04:LTS	linux-lts-xenial	4.4.0-28.47~14.04.1, 4.4.0-96.119~14.04.1, 4.4.0-97.120~14.04.1
Ubuntu:18.04:LTS	linux-aws	4.15.0-1017.17, 0, 4.15.0-1005.5
Ubuntu:16.04:LTS	linux-gcp	4.10.0-1009.9, 4.15.0-1017.18~16.04.1, 4.15.0-1030.32~16.04.1

…and 18 more

Timeline

Jan 3, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2019-3701 third-party-advisory
https://marc.info/?l=linux-netdev&m=154659326324991&w=2 third-party-advisory
https://marc.info/?l=linux-can&m=154659326224990&w=2 third-party-advisory
https://ubuntu.com/security/notices/USN-3932-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3932-2 vendor-advisory
https://ubuntu.com/security/notices/USN-4115-1 vendor-advisory
https://ubuntu.com/security/notices/USN-4118-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2019-3701 third-party-advisory

Open in Interactive Console →