CVE-2021-3493
Published: 15 April 2021
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
From the Ubuntu Security Team
It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges.
Notes
| Author | Note |
|---|---|
| sbeattie | issue is specific to Ubuntu or any other distribution that patched the kernel to allow unprivileged overlay mounts, prior to the 5.11 commit (459c7c565ac36b) that permits it upstream. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.8.0-1035.37~20.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.8.0-1033.35~20.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.8.0-1032.34~20.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.8.0-1031.32~20.04.2)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Released
(5.8.0-22.24~20.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| focal |
Released
(5.4.0-1011.14)
|
|
| impish |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-1011.13)
|
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-22.23~20.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1015.16~20.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1009.10)
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1009.9~20.04.2)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1007.7~20.04.2)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1008.8~20.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-16.17)
|
| trusty |
Not vulnerable
(3.11.0-12.19)
|
|
| hirsute |
Not vulnerable
(5.11.0-11.12)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| bionic |
Released
(4.15.0-142.146)
|
|
| focal |
Released
(5.4.0-72.80)
|
|
| groovy |
Released
(5.8.0-50.56)
|
|
| xenial |
Released
(4.4.0-209.241)
|
|
| jammy |
Not vulnerable
(5.13.0-19.19)
|
|
| kinetic |
Not vulnerable
(5.15.0-25.25)
|
|
| lunar |
Not vulnerable
(5.15.0-25.25)
|
|
|
Patches: Introduced by 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 |
||
|
linux-hwe Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| bionic |
Released
(5.3.0-73.69)
|
|
| xenial |
Released
(4.15.0-142.146~16.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| bionic |
Released
(5.4.0-72.80~18.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| focal |
Released
(5.8.0-50.56~20.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| trusty |
Released
(4.4.0-209.241~14.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1006.6)
|
| trusty |
Does not exist
|
|
| hirsute |
Not vulnerable
(5.11.0-1003.3)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| bionic |
Released
(4.15.0-1090.92)
|
|
| focal |
Released
(5.4.0-1038.39)
|
|
| groovy |
Released
(5.8.0-1024.26)
|
|
| xenial |
Released
(4.4.0-1092.101)
|
|
| jammy |
Not vulnerable
(5.13.0-1004.4)
|
|
| kinetic |
Not vulnerable
(5.15.0-1004.4)
|
|
| lunar |
Not vulnerable
(5.15.0-1004.4)
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1006.6)
|
| hirsute |
Not vulnerable
(5.11.0-1003.3)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| bionic |
Released
(4.15.0-1099.106)
|
|
| focal |
Released
(5.4.0-1045.47)
|
|
| groovy |
Released
(5.8.0-1030.32)
|
|
| trusty |
Released
(4.4.0-1091.95)
|
|
| xenial |
Released
(4.4.0-1127.141)
|
|
| jammy |
Not vulnerable
(5.13.0-1005.6)
|
|
| kinetic |
Not vulnerable
(5.15.0-1004.6)
|
|
| lunar |
Not vulnerable
(5.15.0-1004.6)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-aws-5.3)
|
|
| focal |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-aws-5.4)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| bionic |
Released
(5.4.0-1045.47~18.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| xenial |
Released
(4.15.0-1099.106~16.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1004.4)
|
| bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
| hirsute |
Not vulnerable
(5.11.0-1002.2)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| focal |
Released
(5.4.0-1046.48)
|
|
| groovy |
Released
(5.8.0-1029.31)
|
|
| trusty |
Released
(4.15.0-1113.126~14.04.1)
|
|
| xenial |
Released
(4.15.0-1113.126~16.04.1)
|
|
| jammy |
Not vulnerable
(5.13.0-1006.7)
|
|
| kinetic |
Not vulnerable
(5.15.0-1003.4)
|
|
| lunar |
Not vulnerable
(5.15.0-1003.4)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| bionic |
Released
(4.15.0-1113.126)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.4)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| bionic |
Released
(5.4.0-1046.48~18.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| bionic |
Released
(4.15.0-1017.21)
|
|
| lunar |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1006.6)
|
| trusty |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-gcp-5.3)
|
|
| hirsute |
Not vulnerable
(5.11.0-1003.3)
|
|
| focal |
Released
(5.4.0-1042.45)
|
|
| groovy |
Released
(5.8.0-1028.29)
|
|
| xenial |
Released
(4.15.0-1098.111~16.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Not vulnerable
(5.13.0-1005.6)
|
|
| kinetic |
Not vulnerable
(5.15.0-1003.6)
|
|
| lunar |
Not vulnerable
(5.15.0-1003.6)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(4.15.0-1098.111)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-gcp-5.4)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-1042.45~18.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-gcp-5.3)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| bionic |
Released
(5.3.0-1042.45)
|
|
| lunar |
Does not exist
|
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| bionic |
Released
(5.4.0-1042.44~18.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| focal |
Released
(5.4.0-1014.15)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-1014.15~18.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1005.5)
|
| trusty |
Does not exist
|
|
| bionic |
Released
(4.15.0-1070.78)
|
|
| focal |
Released
(5.4.0-1043.46)
|
|
| groovy |
Released
(5.8.0-1026.27)
|
|
| xenial |
Released
(4.15.0-1070.78~16.04.1)
|
|
| hirsute |
Not vulnerable
(5.11.0-1002.2)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Not vulnerable
(5.13.0-1008.10)
|
|
| kinetic |
Not vulnerable
(5.15.0-1002.4)
|
|
| lunar |
Not vulnerable
(5.15.0-1002.4)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.3)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.4)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(5.4.0-1043.46~18.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
| lunar |
Does not exist
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Released
(5.6.0-1054.58)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Released
(5.10.0-1022.23)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1007.7)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Released
(5.4.0-1034.37)
|
|
| groovy |
Released
(5.8.0-1021.24)
|
|
| hirsute |
Not vulnerable
(5.11.0-1003.3)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Not vulnerable
(5.13.0-1008.9)
|
|
| kinetic |
Not vulnerable
(5.15.0-1005.5)
|
|
| lunar |
Not vulnerable
(5.15.0-1005.5)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| focal |
Ignored
(replaced by linux-raspi)
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| bionic |
Released
(4.15.0-1084.89)
|
|
| xenial |
Released
(4.4.0-1151.162)
|
|
| lunar |
Does not exist
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| bionic |
Released
(5.3.0-1039.41)
|
|
| lunar |
Does not exist
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| bionic |
Released
(5.4.0-1034.37~18.04.1)
|
|
| lunar |
Does not exist
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(5.11.0-1007.7)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by generic focal kernel)
|
|
| groovy |
Released
(5.8.0-22.24)
|
|
| hirsute |
Not vulnerable
(5.11.0-1004.4)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Not vulnerable
(5.13.0-1004.4)
|
|
| kinetic |
Not vulnerable
(5.15.0-1007.7)
|
|
| lunar |
Not vulnerable
(5.15.0-1007.7)
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| bionic |
Released
(4.15.0-1101.110)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| xenial |
Released
(4.4.0-1155.165)
|
|
| lunar |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| bionic |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| focal |
Released
(5.4.0-1042.44)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
| kinetic |
Does not exist
|
|
| xenial |
Ignored
(reached end of standard support)
|
|
| lunar |
Does not exist
|
|
|
linux-ibm Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1003.4)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
| kinetic |
Not vulnerable
(5.15.0-1002.2)
|
|
| lunar |
Not vulnerable
(5.15.0-1002.2)
|
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1009.10~20.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.14.0-1004.4)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1007.7)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1009.10~20.04.2)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-21.21~20.04.1)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1008.9~20.04.2)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-fips Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| xenial |
Ignored
(out of standard support)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1011.13~20.04.2)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1008.9~20.04.3)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1010.11~18.04.2)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.11~rc1)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Released
(5.4.0-1046.48)
|
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-22.22)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| kinetic |
Not vulnerable
(5.15.0-24.24)
|
|
| lunar |
Not vulnerable
(5.15.0-24.24)
|
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
(5.17.0-1003.3)
|
|
| upstream |
Released
(5.11~rc1)
|
|
| kinetic |
Not vulnerable
(5.17.0-1003.3)
|
|
| lunar |
Does not exist
|
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-1004.6)
|
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1003.5~20.04.1)
|
|
|
linux-lowlatency-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| focal |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-fde-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1007.8~20.04.1)
|
|
|
linux-oem-6.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Does not exist
|
|
|
linux-oem-6.1 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Does not exist
|
|
|
linux-lowlatency-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Does not exist
|
|
|
linux-iot Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-riscv-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-azure-fde-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-xilinx-zynqmp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |