CVE-2019-11480 is a vulnerability in Canonical C Kernel
Published on April 14, 2020
Ubuntu kernel snap build process could use unauthenticated sources
The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16
Vulnerability Analysis
Weakness Type
Missing Support for Integrity Check
The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum. If integrity check values or "checksums" are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of checksum functionality in a protocol removes the first application-level check of data that can be used. The end-to-end philosophy of checks states that integrity checks should be performed at the lowest level that they can be completely implemented. Excluding further sanity checks and input validation performed by applications, the protocol's checksum is the most important level of checksum, since it can be performed more completely than at any previous level and takes into account entire messages, as opposed to single packets.
Products Associated with CVE-2019-11480
Want to know whenever a new CVE is published for Canonical C Kernel? stack.watch will email you.
Affected Versions
Canonical pc-kernel:- Version unspecified, <= 2019-07-16 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.