CVE-2019-11480

Ubuntu kernel snap build process could use unauthenticated sources

CVSS 8.4 HIGHEPSS 0.5%CWE-353

In short

The Ubuntu kernel snap build process accepted packages without verifying their authenticity, allowing an attacker performing a man-in-the-middle attack to inject malicious code into the kernel build. This is critical because compromised kernel packages could affect all systems using that snap.

Technical detail

The pc-kernel snap build process hardcoded apt options (--allow-insecure-repositories and --allow-unauthenticated) when constructing the build chroot, disabling package signature verification. An attacker positioned on the network path between the build environment and Ubuntu archive could perform a MITM attack to deliver malicious packages, resulting in arbitrary code execution within the build environment and potential distribution of compromised kernel binaries.

Summary generated and translated by AI from the official description.

The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Canonical · pc-kernel

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugs.launchpad.net/bugs/1836041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11480