Has the CVE-2019-11815 bug been patched in the kernel version 4.15.0-50-generic?

Question

The bug has been patched in the Linux kernel 5.0.8 version, according to the news. What about the kernel version 4.15.0-50-generic? How to check a given kernel to find out whether CVE-2019-11815 has been patched? How to patch the CVE-2019-11815 bug in Ubuntu 18.04.2 LTS with the kernel version 4.15.0-50-generic?

score 1 · Answer 1 · answered May 14 '19 at 23:55

1

This affects all Linux kernels prior to 5.0.8 — therefore, it will affect version 4.15.0. It is currently being patched by the Ubuntu security team. For more details, check out the Ubuntu CVE Tracker page on CVE-2019-11815.

answered May 14 '19 at 23:55

Eate

421

score 1 · Answer 2 · answered May 15 '19 at 00:31

This question has been nagging me for a long time: How do I map Linux Kernels to Ubuntu Kernels? Unfortunately I'm no closer today to that answer than I was back then.

So below is my best guess for you.

Go to: https://kernel.ubuntu.com/~kernel-ppa/mainline and sort by date by clicking column header. Sort again for descending order and scroll until you see 5.0.8:

Everything released after 5.0.8 will presumably have CVE-2019-11815 patch applied.
5.0.8 was compiled on the Ubuntu Kernel Farm on April 15, 2019.
Personally I've downloaded and installed 4.14.114 LTS kernel compiled on April 27, 2019 so it would have the patch applied.

So the big question is what date was your kernel 4.15.0-50 compiled?

Look in /boot directory at my 4.14.114 as an example:

$ ll /boot/*4.14.114*
-rw-r--r-- 1 root root   213788 Apr 27 04:08 /boot/config-4.14.114-0414114-generic
-rw-r--r-- 1 root root 63203180 Apr 29 19:43 /boot/initrd.img-4.14.114-0414114-generic
-rw------- 1 root root  3983979 Apr 27 04:08 /boot/System.map-4.14.114-0414114-generic
-rw------- 1 root root  8681248 May 12 10:37 /boot/vmlinuz-4.14.114-0414114-generic

Firstly ignore /boot/vmlinuz-4.14.114-0414114-generic because my grub boot flags the last time each kernel was booted so the date May 12 2019 is bogus for your purpose.

The file /boot/vmlinuz-4.14.114-0414114-generic or /boot/System.map-4.14.114-0414114-generic should tell you the time your kernel was released. If after April 15, 2019 you should have the desired patch applied.

The remaining file /boot/initrd.img-4.14.114-0414114-generic should be the date the kernel was installed on your system.

Of course you will replace 4.14.114 above with 4.15.0!!!

There is also a publication linking Ubuntu kernel release numbers to stable Linux kernel release numbers but I find it confusing. If you figure it out please post an answer.

score 1 · Accepted Answer · answered May 15 '19 at 12:36

1

You can see the change log of this update on https://launchpad.net/ubuntu/+source/linux/4.15.0-50.54

answered May 15 '19 at 12:36

OS GYN

26
1

Has the CVE-2019-11815 bug been patched in the kernel version 4.15.0-50-generic?

3 Answers3