CVE-2020-26541
Published: 2 October 2020
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
From the Ubuntu Security Team
It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Released
(5.8.0-1043.46~20.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.13~rc1)
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Released
(5.11.0-34.36~20.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.13~rc1)
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Released
(5.11.0-1018.19~20.04.2)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Not vulnerable
(5.13.0-1009.10)
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| hirsute |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Released
(5.11.0-1017.18~20.04.1)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| hirsute |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Released
(5.11.0-1015.16~20.04.1)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| hirsute |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Released
(5.11.0-1017.18~20.04.1)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Released
(5.4.0-1023.26)
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux Launchpad, Ubuntu, Debian |
precise |
Ignored
(was needs-triage ESM criteria)
|
| xenial |
Ignored
(was needs-triage ESM criteria)
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| impish |
Not vulnerable
(5.13.0-14.14)
|
|
| trusty |
Ignored
(was needed ESM criteria)
|
|
| hirsute |
Released
(5.11.0-34.36)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Needed
|
|
| focal |
Released
(5.4.0-92.103)
|
|
| jammy |
Not vulnerable
(5.13.0-19.19)
|
|
| kinetic |
Not vulnerable
(5.15.0-25.25)
|
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
|
linux-hwe Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(was needs-triage ESM criteria)
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needed now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-92.103~18.04.2)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(was needs-triage ESM criteria)
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
precise |
Ignored
(was needs-triage ESM criteria)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| trusty |
Ignored
(was needed ESM criteria)
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| impish |
Not vulnerable
(5.13.0-1001.1)
|
|
| bionic |
Needed
|
|
| focal |
Released
(5.4.0-1051.53)
|
|
| hirsute |
Released
(5.11.0-1015.16)
|
|
| jammy |
Not vulnerable
(5.13.0-1004.4)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| xenial |
Ignored
(was needs-triage ESM criteria)
|
|
| kinetic |
Not vulnerable
(5.15.0-1004.4)
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| xenial |
Ignored
(was needs-triage ESM criteria)
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| impish |
Not vulnerable
(5.13.0-1005.6)
|
|
| trusty |
Ignored
(was needed ESM criteria)
|
|
| focal |
Released
(5.4.0-1061.64)
|
|
| bionic |
Needed
|
|
| hirsute |
Released
(5.11.0-1017.18)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Not vulnerable
(5.13.0-1005.6)
|
|
| kinetic |
Not vulnerable
(5.15.0-1004.6)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Released
(5.4.0-1061.64~18.04.1)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| xenial |
Ignored
(was needs-triage ESM criteria)
|
|
| kinetic |
Does not exist
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| groovy |
Ignored
(reached end-of-life)
|
|
| impish |
Not vulnerable
(5.13.0-1004.5)
|
|
| trusty |
Ignored
(was needed ESM criteria)
|
|
| focal |
Released
(5.4.0-1065.68)
|
|
| hirsute |
Released
(5.11.0-1015.16)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| jammy |
Not vulnerable
(5.13.0-1006.7)
|
|
| xenial |
Ignored
(was needs-triage ESM criteria)
|
|
| kinetic |
Not vulnerable
(5.15.0-1003.4)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Needed
|
|
| upstream |
Released
(5.13~rc1)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-1065.68~18.04.1)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| impish |
Not vulnerable
(5.13.0-1003.4)
|
|
| focal |
Released
(5.4.0-1059.63)
|
|
| hirsute |
Released
(5.11.0-1018.20)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| jammy |
Not vulnerable
(5.13.0-1005.6)
|
|
| xenial |
Ignored
(was needs-triage ESM criteria)
|
|
| kinetic |
Not vulnerable
(5.15.0-1003.6)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Needed
|
|
| upstream |
Released
(5.13~rc1)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-1059.63~18.04.1)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Ignored
(was needed now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| impish |
Not vulnerable
(5.13.0-1008.10)
|
|
| bionic |
Needed
|
|
| focal |
Released
(5.4.0-1059.63)
|
|
| hirsute |
Released
(5.11.0-1017.18)
|
|
| jammy |
Not vulnerable
(5.13.0-1008.10)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| xenial |
Ignored
(was needs-triage ESM criteria)
|
|
| kinetic |
Not vulnerable
(5.15.0-1002.4)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-1059.63~18.04.1)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| hirsute |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| impish |
Not vulnerable
(5.13.0-1006.7)
|
|
| focal |
Released
(5.4.0-1048.53)
|
|
| hirsute |
Released
(5.11.0-1017.18)
|
|
| bionic |
Does not exist
|
|
| jammy |
Not vulnerable
(5.13.0-1008.9)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Not vulnerable
(5.15.0-1005.5)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Needed
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needed now end-of-life)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
| bionic |
Released
(5.4.0-1048.53~18.04.1)
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| impish |
Not vulnerable
(5.13.0-1002.2)
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| hirsute |
Released
(5.11.0-1018.19)
|
|
| bionic |
Does not exist
|
|
| jammy |
Not vulnerable
(5.13.0-1004.4)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Not vulnerable
(5.15.0-1007.7)
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Needed
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(was pending [5.8.0-67.75] now end-of-life)
|
|
| hirsute |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Released
(5.4.0-1057.60~18.04.1)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Released
(5.4.0-1029.30~18.04.2)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Needed
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Does not exist
|
|
| focal |
Released
(5.10.0-1049.51)
|
|
| hirsute |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| bionic |
Does not exist
|
|
| focal |
Released
(5.4.0-1029.30)
|
|
| hirsute |
Does not exist
|
|
| jammy |
Needs triage
|
|
| kinetic |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(reached end of standard support)
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Released
(5.4.0-1057.60)
|
|
| hirsute |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Does not exist
|
|
|
linux-ibm Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Released
(5.4.0-1010.11)
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
| kinetic |
Not vulnerable
(5.15.0-1002.2)
|
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Released
(5.11.0-1018.20~20.04.2)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.14.0-1004.4)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1007.7)
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1009.10~20.04.2)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-21.21~20.04.1)
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1008.9~20.04.2)
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-fips Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.13~rc1)
|
|
| xenial |
Ignored
(out of standard support)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1011.13~20.04.2)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1008.9~20.04.3)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1010.11~18.04.2)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Needed
|
|
| upstream |
Released
(5.13~rc1)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Does not exist
|
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-22.22)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Not vulnerable
(5.15.0-24.24)
|
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
(5.17.0-1003.3)
|
|
| upstream |
Released
(5.13~rc1)
|
|
| kinetic |
Not vulnerable
(5.17.0-1003.3)
|
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
|
linux-lowlatency-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
|
linux-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
|
linux-aws-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| focal |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
|
linux-gcp-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
|
linux-gke-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
|
linux-azure-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
|
linux-oracle-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
|
linux-azure-fde-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-oem-6.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26541
- https://lkml.org/lkml/2020/9/15/1871
- https://lore.kernel.org/lkml/20200916004927.64276-1-eric.snowberg@oracle.com/
- https://lore.kernel.org/lkml/20210122181054.32635-1-eric.snowberg@oracle.com/
- https://lore.kernel.org/lkml/161428671215.677100.6372209948022011988.stgit@warthog.procyon.org.uk/
- https://lore.kernel.org/lkml/1884195.1615482306@warthog.procyon.org.uk/
- https://ubuntu.com/security/notices/USN-5070-1
- https://ubuntu.com/security/notices/USN-5106-1
- https://ubuntu.com/security/notices/USN-5120-1
- https://ubuntu.com/security/notices/USN-5210-1
- NVD
- Launchpad
- Debian