CVE-2021-20194
Published: 23 February 2021
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.
From the Ubuntu Security Team
Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service (system crash).
Notes
Author | Note |
---|---|
sbeattie | for 5.8 kernels, HARDENED_USERCOPY is enabled, and so is less likely to be vulnerable to code execution. Also, user BPF is disabled if booted under secure boot/lockdown. |
Priority
Status
Package | Release | Status |
---|---|---|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
focal |
Not vulnerable
(5.8.0-1035.37~20.04.1)
|
|
upstream |
Released
(5.11~rc7)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
focal |
Not vulnerable
(5.8.0-1033.35~20.04.1)
|
|
upstream |
Released
(5.11~rc7)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
focal |
Not vulnerable
(5.8.0-1032.34~20.04.1)
|
|
upstream |
Released
(5.11~rc7)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
focal |
Not vulnerable
(5.8.0-1031.32~20.04.2)
|
|
upstream |
Released
(5.11~rc7)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
focal |
Released
(5.8.0-18.20~20.04.1)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.11.0-22.23~20.04.1)
|
upstream |
Released
(5.11~rc7)
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.11.0-1015.16~20.04.1)
|
upstream |
Released
(5.11~rc7)
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
(5.13.0-1009.10)
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
focal |
Not vulnerable
(5.11.0-1009.9~20.04.2)
|
|
upstream |
Released
(5.11~rc7)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
impish |
Does not exist
|
|
focal |
Not vulnerable
(5.11.0-1007.7~20.04.2)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Not vulnerable
(5.11.0-1008.8~20.04.1)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
focal |
Released
(5.4.0-1011.14)
|
|
impish |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1011.13)
|
|
linux Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-16.17)
|
trusty |
Not vulnerable
(3.11.0-12.19)
|
|
xenial |
Not vulnerable
(4.4.0-2.16)
|
|
bionic |
Not vulnerable
(4.13.0-16.19)
|
|
upstream |
Released
(5.11~rc7)
|
|
groovy |
Released
(5.8.0-45.51)
|
|
hirsute |
Not vulnerable
(5.11.0-11.12)
|
|
focal |
Released
(5.4.0-71.79)
|
|
jammy |
Not vulnerable
(5.13.0-19.19)
|
|
kinetic |
Not vulnerable
(5.15.0-25.25)
|
|
lunar |
Not vulnerable
(5.15.0-25.25)
|
|
Patches: Introduced by 0d01da6afc5402f60325c5da31b22f7d56689b49 Introduced by 0d01da6afc5402f60325c5da31b22f7d56689b49 |
||
linux-hwe Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
xenial |
Not vulnerable
(4.8.0-39.42~16.04.1)
|
|
trusty |
Does not exist
|
|
bionic |
Ignored
(replaced by linux-hwe-5.4)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
bionic |
Released
(5.4.0-71.79~18.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
focal |
Released
(5.8.0-45.51~20.04.1)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Ignored
(superseded by linux-hwe)
|
|
bionic |
Ignored
(superseded by linux-hwe-5.4)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-kvm Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1006.6)
|
trusty |
Does not exist
|
|
groovy |
Released
(5.8.0-1020.22)
|
|
bionic |
Not vulnerable
(4.15.0-1002.2)
|
|
upstream |
Released
(5.11~rc7)
|
|
xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
hirsute |
Not vulnerable
(5.8.0-1020.22+21.04.1)
|
|
focal |
Released
(5.4.0-1037.38)
|
|
jammy |
Not vulnerable
(5.13.0-1004.4)
|
|
kinetic |
Not vulnerable
(5.15.0-1004.4)
|
|
lunar |
Not vulnerable
(5.15.0-1004.4)
|
|
linux-aws Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1006.6)
|
trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
bionic |
Not vulnerable
(4.15.0-1001.1)
|
|
upstream |
Released
(5.11~rc7)
|
|
xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
groovy |
Released
(5.8.0-1025.27)
|
|
hirsute |
Not vulnerable
(5.8.0-1025.27+21.04.1)
|
|
focal |
Released
(5.4.0-1043.45)
|
|
jammy |
Not vulnerable
(5.13.0-1005.6)
|
|
kinetic |
Not vulnerable
(5.15.0-1004.6)
|
|
lunar |
Not vulnerable
(5.15.0-1004.6)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(superseded by linux-aws-5.3)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(superseded by linux-aws-5.4)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
bionic |
Released
(5.4.0-1043.45~18.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-azure Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1004.4)
|
bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
upstream |
Released
(5.11~rc7)
|
|
xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
hirsute |
Not vulnerable
(5.8.0-1024.26+21.04.1)
|
|
focal |
Released
(5.4.0-1044.46)
|
|
groovy |
Released
(5.8.0-1024.26)
|
|
jammy |
Not vulnerable
(5.13.0-1006.7)
|
|
kinetic |
Not vulnerable
(5.15.0-1003.4)
|
|
lunar |
Not vulnerable
(5.15.0-1003.4)
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Not vulnerable
(4.15.0-1082.92)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(superseded by linux-azure-5.4)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
bionic |
Released
(5.4.0-1044.46~18.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gcp Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1006.6)
|
trusty |
Does not exist
|
|
bionic |
Ignored
(superseded by linux-gcp-5.3)
|
|
upstream |
Released
(5.11~rc7)
|
|
xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
hirsute |
Not vulnerable
(5.8.0-1024.25+21.04.1)
|
|
focal |
Released
(5.4.0-1041.44)
|
|
groovy |
Released
(5.8.0-1024.25)
|
|
jammy |
Not vulnerable
(5.13.0-1005.6)
|
|
kinetic |
Not vulnerable
(5.15.0-1003.6)
|
|
lunar |
Not vulnerable
(5.15.0-1003.6)
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Not vulnerable
(4.15.0-1071.81)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(superseded by linux-gcp-5.4)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
bionic |
Released
(5.4.0-1041.44~18.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(superseded by linux-gcp-5.3)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Ignored
(was needs-triage now end-of-life)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Ignored
(was needs-triage now end-of-life)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
bionic |
Ignored
(was needed now end-of-life)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
bionic |
Released
(5.4.0-1040.42~18.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Released
(5.4.0-1013.14~18.04.1)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1005.5)
|
trusty |
Does not exist
|
|
bionic |
Not vulnerable
(4.15.0-1007.9)
|
|
groovy |
Released
(5.8.0-1022.23)
|
|
upstream |
Released
(5.11~rc7)
|
|
xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
hirsute |
Not vulnerable
(5.8.0-1022.23+21.04.1)
|
|
focal |
Released
(5.4.0-1042.45)
|
|
jammy |
Not vulnerable
(5.13.0-1008.10)
|
|
kinetic |
Not vulnerable
(5.15.0-1002.4)
|
|
lunar |
Not vulnerable
(5.15.0-1002.4)
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(superseded by linux-oracle-5.3)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(superseded by linux-oracle-5.4)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
bionic |
Released
(5.4.0-1042.45~18.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Ignored
(was needs-triage now end-of-life)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
xenial |
Ignored
(superseded by linux-hwe)
|
|
lunar |
Does not exist
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
focal |
Released
(5.6.0-1053.57)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Ignored
(was needs-triage now end-of-life)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-raspi Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1007.7)
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Released
(5.8.0-1017.20)
|
|
upstream |
Released
(5.11~rc7)
|
|
hirsute |
Not vulnerable
(5.11.0-1003.3)
|
|
focal |
Released
(5.4.0-1033.36)
|
|
jammy |
Not vulnerable
(5.13.0-1008.9)
|
|
kinetic |
Not vulnerable
(5.15.0-1005.5)
|
|
lunar |
Not vulnerable
(5.15.0-1005.5)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
focal |
Ignored
(replaced by linux-raspi)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Not vulnerable
(4.13.0-1005.5)
|
|
upstream |
Released
(5.11~rc7)
|
|
xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
bionic |
Ignored
(was needed now end-of-life)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Released
(5.4.0-1033.36~18.04.1)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-riscv Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1007.7)
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Released
(5.8.0-18.20)
|
|
hirsute |
Not vulnerable
(5.11.0-1004.4)
|
|
focal |
Ignored
(was needs-triage now end-of-life)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Not vulnerable
(5.13.0-1004.4)
|
|
kinetic |
Not vulnerable
(5.15.0-1007.7)
|
|
lunar |
Not vulnerable
(5.15.0-1007.7)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Not vulnerable
(4.4.0-1077.82)
|
|
upstream |
Released
(5.11~rc7)
|
|
xenial |
Not vulnerable
(4.4.0-1013.15)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Not vulnerable
(4.15.0-1005.8)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
focal |
Released
(5.10.0-1017.18)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
focal |
Released
(5.4.0-1013.14)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Needs triage
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
upstream |
Released
(5.11~rc7)
|
|
xenial |
Ignored
(reached end of standard support)
|
|
focal |
Released
(5.4.0-1041.43)
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-ibm Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
focal |
Not vulnerable
(5.4.0-1003.4)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
kinetic |
Not vulnerable
(5.15.0-1002.2)
|
|
lunar |
Not vulnerable
(5.15.0-1002.2)
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Not vulnerable
(5.11.0-1009.10~20.04.1)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Not vulnerable
(5.14.0-1004.4)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
focal |
Not vulnerable
(5.13.0-1007.7)
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Not vulnerable
(5.13.0-1009.10~20.04.2)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Not vulnerable
(5.13.0-21.21~20.04.1)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Not vulnerable
(5.13.0-1008.9~20.04.2)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-fips Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
upstream |
Released
(5.11~rc7)
|
|
xenial |
Ignored
(out of standard support)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Not vulnerable
(5.13.0-1011.13~20.04.2)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Not vulnerable
(5.13.0-1008.9~20.04.3)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
bionic |
Not vulnerable
(5.4.0-1010.11~18.04.2)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Released
(5.4.0-1044.46)
|
|
upstream |
Released
(5.11~rc7)
|
|
jammy |
Needs triage
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-22.22)
|
|
upstream |
Released
(5.11~rc7)
|
|
kinetic |
Not vulnerable
(5.15.0-24.24)
|
|
lunar |
Not vulnerable
(5.15.0-24.24)
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.17.0-1003.3)
|
|
upstream |
Released
(5.11~rc7)
|
|
kinetic |
Not vulnerable
(5.17.0-1003.3)
|
|
lunar |
Does not exist
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
upstream |
Needs triage
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1004.6)
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
upstream |
Needs triage
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
focal |
Not vulnerable
(5.15.0-1003.5~20.04.1)
|
|
linux-lowlatency-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
upstream |
Needs triage
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
upstream |
Needs triage
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-aws-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
jammy |
Does not exist
|
|
upstream |
Needs triage
|
|
focal |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gcp-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
upstream |
Needs triage
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-gke-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
upstream |
Needs triage
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-azure-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
upstream |
Needs triage
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-oracle-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
upstream |
Needs triage
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-azure-fde-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
upstream |
Needs triage
|
|
lunar |
Does not exist
|
|
focal |
Not vulnerable
(5.15.0-1007.8~20.04.1)
|
|
linux-oem-6.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Needs triage
|
|
kinetic |
Does not exist
|
|
upstream |
Needs triage
|
|
lunar |
Does not exist
|
|
linux-oem-6.1 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
upstream |
Needs triage
|
|
lunar |
Does not exist
|
|
linux-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
upstream |
Needs triage
|
|
lunar |
Does not exist
|
|
linux-lowlatency-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
upstream |
Needs triage
|
|
lunar |
Does not exist
|
|
linux-azure-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
upstream |
Needs triage
|
|
lunar |
Does not exist
|
|
linux-iot Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-riscv-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-azure-fde-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-xilinx-zynqmp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20194
- https://bugzilla.redhat.com/show_bug.cgi?id=1912683
- https://patchwork.kernel.org/project/netdevbpf/patch/20210122164232.61770-1-loris.reiff@liblor.ch/#23921223
- https://ubuntu.com/security/notices/USN-4879-1
- https://ubuntu.com/security/notices/USN-4884-1
- https://ubuntu.com/security/notices/USN-4909-1
- https://ubuntu.com/security/notices/USN-4912-1
- NVD
- Launchpad
- Debian