CVE-2021-20194
Published: 23 February 2021
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.
From the Ubuntu security team
Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service (system crash).
Priority
Low
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.8.0-1035.37~20.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.8.0-1033.35~20.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.8.0-1032.34~20.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.8.0-1031.32~20.04.2)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| focal |
Released
(5.8.0-18.20~20.04.1)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.11.0-22.23~20.04.1)
|
| upstream |
Released
(5.11~rc7)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.11.0-1015.16~20.04.1)
|
| upstream |
Released
(5.11~rc7)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1009.10)
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1009.9~20.04.2)
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1007.7~20.04.2)
|
|
| jammy |
Does not exist
|
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1008.8~20.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| focal |
Released
(5.4.0-1011.14)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
|
linux Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-16.17)
|
| bionic |
Not vulnerable
(4.13.0-16.19)
|
|
| groovy |
Released
(5.8.0-45.51)
|
|
| hirsute |
Not vulnerable
(5.11.0-11.12)
|
|
| precise |
Ignored
(was needs-triage ESM criteria)
|
|
| trusty |
Not vulnerable
(3.11.0-12.19)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| xenial |
Not vulnerable
(4.4.0-2.16)
|
|
| focal |
Released
(5.4.0-71.79)
|
|
| jammy |
Not vulnerable
(5.13.0-19.19)
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Not vulnerable
(4.8.0-39.42~16.04.1)
|
|
| bionic |
Ignored
(replaced by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-71.79~18.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Released
(5.8.0-45.51~20.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| precise |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1006.6)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1002.2)
|
|
| focal |
Released
(5.4.0-1037.38)
|
|
| groovy |
Released
(5.8.0-1020.22)
|
|
| hirsute |
Not vulnerable
(5.8.0-1020.22+21.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
| jammy |
Not vulnerable
(5.13.0-1004.4)
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1006.6)
|
| precise |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1001.1)
|
|
| focal |
Released
(5.4.0-1043.45)
|
|
| groovy |
Released
(5.8.0-1025.27)
|
|
| hirsute |
Not vulnerable
(5.8.0-1025.27+21.04.1)
|
|
| trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
| jammy |
Not vulnerable
(5.13.0-1005.6)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-aws-5.3)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-aws-5.4)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-1043.45~18.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
| jammy |
Does not exist
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1004.4)
|
| precise |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
| focal |
Released
(5.4.0-1044.46)
|
|
| hirsute |
Not vulnerable
(5.8.0-1024.26+21.04.1)
|
|
| trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
| groovy |
Released
(5.8.0-1024.26)
|
|
| jammy |
Not vulnerable
(5.13.0-1006.7)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1082.92)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.4)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-1044.46~18.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1006.6)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-gcp-5.3)
|
|
| focal |
Released
(5.4.0-1041.44)
|
|
| hirsute |
Not vulnerable
(5.8.0-1024.25+21.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
| groovy |
Released
(5.8.0-1024.25)
|
|
| jammy |
Not vulnerable
(5.13.0-1005.6)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1071.81)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-gcp-5.4)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-1041.44~18.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-gcp-5.3)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needed now end-of-life)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-1040.42~18.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Released
(5.4.0-1013.14~18.04.1)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1005.5)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1007.9)
|
|
| focal |
Released
(5.4.0-1042.45)
|
|
| groovy |
Released
(5.8.0-1022.23)
|
|
| hirsute |
Not vulnerable
(5.8.0-1022.23+21.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
| jammy |
Not vulnerable
(5.13.0-1008.10)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.3)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.4)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-1042.45~18.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Released
(5.6.0-1053.57)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1007.7)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Released
(5.8.0-1017.20)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| focal |
Released
(5.4.0-1033.36)
|
|
| hirsute |
Not vulnerable
(5.11.0-1003.3)
|
|
| jammy |
Not vulnerable
(5.13.0-1008.9)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| focal |
Ignored
(replaced by linux-raspi)
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Not vulnerable
(4.13.0-1005.5)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
| jammy |
Does not exist
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needed now end-of-life)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Released
(5.4.0-1033.36~18.04.1)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1007.7)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| groovy |
Released
(5.8.0-18.20)
|
|
| hirsute |
Not vulnerable
(5.11.0-1004.4)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Not vulnerable
(5.13.0-1004.4)
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Not vulnerable
(4.4.0-1077.82)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| xenial |
Not vulnerable
(4.4.0-1013.15)
|
|
| jammy |
Does not exist
|
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1005.8)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Released
(5.10.0-1017.18)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Released
(5.4.0-1013.14)
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| xenial |
Ignored
(reached end of standard support)
|
|
| focal |
Released
(5.4.0-1041.43)
|
|
|
linux-ibm Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1003.4)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1009.10~20.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.14.0-1004.4)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1009.10~20.04.2)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-21.21~20.04.1)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1008.9~20.04.2)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-fips Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.11~rc7)
|
|
| xenial |
Not vulnerable
(4.4.0-1073.79)
|
|
| jammy |
Does not exist
|
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1011.13~20.04.2)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1008.9~20.04.3)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1010.11~18.04.2)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1063.66+cvm2.2)
|
|
| upstream |
Released
(5.11~rc7)
|
|
| jammy |
Does not exist
|
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| upstream |
Needs triage
|
Notes
| Author | Note |
|---|---|
| sbeattie | for 5.8 kernels, HARDENED_USERCOPY is enabled, and so is less likely to be vulnerable to code execution. Also, user BPF is disabled if booted under secure boot/lockdown. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20194
- https://bugzilla.redhat.com/show_bug.cgi?id=1912683
- https://patchwork.kernel.org/project/netdevbpf/patch/20210122164232.61770-1-loris.reiff@liblor.ch/#23921223
- https://ubuntu.com/security/notices/USN-4879-1
- https://ubuntu.com/security/notices/USN-4884-1
- https://ubuntu.com/security/notices/USN-4909-1
- https://ubuntu.com/security/notices/USN-4912-1
- NVD
- Launchpad
- Debian