CVE-2020-11725
Published: 12 April 2020
** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way.
Notes
Author | Note |
---|---|
cascardo |
This issue is disputed by upstream, info->owner is used intentionally for that specific API. There is nothing to fix here. |
Priority
Status
Package | Release | Status |
---|---|---|
linux
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
eoan |
Ignored
(end of life)
|
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Ignored
(end of life, was ignored [disputed as not a vulnerability])
|
|
trusty |
Not vulnerable
(3.11.0-12.19)
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(was needed ESM criteria)
|
|
Patches:
Introduced by
2225e79b9b0370bc179f44756bee809b5e7b4d06
|
||
linux-aws
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
eoan |
Ignored
(end of life)
|
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Ignored
(end of life, was ignored [disputed as not a vulnerability])
|
|
trusty |
Ignored
(was needed ESM criteria)
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(was needed ESM criteria)
|
|
linux-aws-5.0
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-aws-5.11
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-aws-5.13
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-aws-5.15
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-aws-5.3
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-aws-5.4
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-aws-5.8
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-aws-hwe
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(was needed ESM criteria)
|
|
linux-azure
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Ignored
(end of life)
|
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Ignored
(end of life, was ignored [disputed as not a vulnerability])
|
|
trusty |
Ignored
(was needed ESM criteria)
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(was needed ESM criteria)
|
|
linux-azure-4.15
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-azure-5.11
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-azure-5.13
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-azure-5.15
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-azure-5.3
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-azure-5.4
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-azure-5.8
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-azure-edge
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-azure-fde
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.4.0-1063.66+cvm2.2)
|
|
impish |
Does not exist
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-azure-fde-5.15
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-bluefield
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-dell300x
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-fips
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-gcp
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Ignored
(end of life)
|
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Ignored
(end of life, was ignored [disputed as not a vulnerability])
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(was needed ESM criteria)
|
|
linux-gcp-4.15
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.11
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.13
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.15
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.3
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.4
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.8
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gcp-edge
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gke
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-gke-4.15
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gke-5.15
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gke-5.3
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gke-5.4
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gkeop
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-gkeop-5.4
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-hwe
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(was needed ESM criteria)
|
|
linux-hwe-5.11
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.13
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.15
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.4
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.8
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-hwe-edge
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(was needs-triage ESM criteria)
|
|
linux-ibm
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Ignored
(end of life, was ignored [disputed as not a vulnerability])
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-ibm-5.4
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-intel-5.13
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-intel-iotg
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-intel-iotg-5.15
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-kvm
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
eoan |
Ignored
(end of life)
|
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Ignored
(end of life, was ignored [disputed as not a vulnerability])
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(was needed ESM criteria)
|
|
linux-lowlatency
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Ignored
(end of life, was ignored [disputed as not a vulnerability])
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-lowlatency-hwe-5.15
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-lts-trusty
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Ignored
(was needed ESM criteria)
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oem
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
eoan |
Ignored
(end of life)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oem-5.10
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oem-5.13
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oem-5.14
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oem-5.17
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Ignored
(end of life, was ignored [disputed as not a vulnerability])
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oem-5.6
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Ignored
(end of life, was needed)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oem-6.0
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oem-osp1
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needed)
|
eoan |
Ignored
(end of life)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oracle
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
eoan |
Ignored
(end of life)
|
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Ignored
(end of life, was ignored [disputed as not a vulnerability])
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(was needed ESM criteria)
|
|
linux-oracle-5.0
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.11
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.13
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.15
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.3
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.4
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.8
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-raspi
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Ignored
(disputed as not a vulnerability)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Ignored
(end of life, was ignored [disputed as not a vulnerability])
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-raspi-5.4
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(disputed as not a vulnerability)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-raspi2
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
eoan |
Ignored
(end of life)
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(end of standard support, was needed)
|
|
linux-raspi2-5.3
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-riscv
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Ignored
(end of life, was needed)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Ignored
(disputed as not a vulnerability)
|
|
kinetic |
Ignored
(end of life, was ignored [disputed as not a vulnerability])
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-riscv-5.11
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-riscv-5.8
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Does not exist
|
|
linux-snapdragon
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(disputed as not a vulnerability)
|
|
xenial |
Ignored
(end of standard support, was needed)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://twitter.com/yabbadabbadrew/status/1248632267028582400
- https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474
- https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai@suse.de/
- https://www.cve.org/CVERecord?id=CVE-2020-11725
- NVD
- Launchpad
- Debian