Ubuntu 19.10's Kernel Ships With A DoS / Arbitrary Code Execution Bug In The IPv6 Code

If you are planning to run the newly-released Ubuntu 19.10, among the initial round of stable release updates is an important kernel fix.

A Phoronix reader pointed us to a vulnerability within Ubuntu 19.10's default kernel due to a patch not being picked up from the Linux stable tree quick enough. The issue in the IPv6 kernel code can lead to a denial of service issue or possible arbitrary code execution vulnerability.

The simple patch fixing the IPv6 issue in the upstream kernel was posted at the end of September and has already made it to stable albeit not in time for making it into the default Ubuntu 19.10's Linux 5.3 kernel.

The easiest test for this bug is running the following snippet as any user:

unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table main suppress_prefixlength 0 && ping -f 1234::1'

If you are affected, your system will crash. Fortunately, the scope is limited to any attacker having local access already to the system.

The issue was originally reported as a WireGuard bug before tracking it down to being a kernel vulnerability, per this Launchpad bug report.

A fix was committed to the Ubuntu kernel image yesterday and should be down as an SRU shortly for Eoan.