CVE-2021-4197
Published: 31 December 2021
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
From the Ubuntu Security Team
Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-189.200)
|
focal |
Released
(5.4.0-117.132)
|
|
impish |
Released
(5.13.0-37.42)
|
|
jammy |
Not vulnerable
(5.15.0-22.22)
|
|
lunar |
Not vulnerable
(5.19.0-21.21)
|
|
trusty |
Not vulnerable
(3.11.0-12.19)
|
|
upstream |
Released
(5.16)
|
|
hirsute |
Ignored
(end of life)
|
|
xenial |
Released
(4.4.0-229.263)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
kinetic |
Not vulnerable
(5.15.0-25.25)
|
|
Patches: Introduced by 187fe84067bd377047cfcb7f2bbc7c9dc12d290c Introduced by 5136f6365ce3eace5a926e10f16ed2a233db5ba9 |
||
linux-aws Launchpad, Ubuntu, Debian |
jammy |
Not vulnerable
(5.15.0-1002.4)
|
lunar |
Not vulnerable
(5.19.0-1009.9)
|
|
upstream |
Released
(5.16)
|
|
impish |
Released
(5.13.0-1019.21)
|
|
focal |
Released
(5.4.0-1078.84)
|
|
bionic |
Released
(4.15.0-1137.148)
|
|
trusty |
Released
(4.4.0-1109.115)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
hirsute |
Ignored
(end of life)
|
|
xenial |
Released
(4.4.0-1145.160)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
kinetic |
Not vulnerable
(5.15.0-1004.6)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
jammy |
Does not exist
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(superseded by linux-aws-5.3)
|
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
kinetic |
Does not exist
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
kinetic |
Does not exist
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.13.0-1019.21~20.04.1)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
linux-aws-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Not vulnerable
(5.15.0-1014.18~20.04.1)
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-aws-5.4)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
kinetic |
Does not exist
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1078.84~18.04.1)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
kinetic |
Does not exist
|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
upstream |
Released
(5.16)
|
|
kinetic |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Released
(4.15.0-1137.148~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
kinetic |
Does not exist
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
jammy |
Not vulnerable
(5.15.0-1001.2)
|
|
lunar |
Not vulnerable
(5.19.0-1008.8)
|
|
impish |
Released
(5.13.0-1021.24)
|
|
focal |
Released
(5.4.0-1083.87)
|
|
trusty |
Released
(4.15.0-1146.161~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
hirsute |
Ignored
(end of life)
|
|
xenial |
Released
(4.15.0-1146.161~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.16)
|
|
kinetic |
Not vulnerable
(5.15.0-1003.4)
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Released
(4.15.0-1146.161)
|
|
kinetic |
Does not exist
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Ignored
(end of life, was needed)
|
|
kinetic |
Does not exist
|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
jammy |
Does not exist
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Released
(5.13.0-1021.24~20.04.1)
|
|
upstream |
Released
(5.16)
|
|
linux-azure-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.15.0-1007.8~20.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-azure-5.19 Launchpad, Ubuntu, Debian |
lunar |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.4)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
kinetic |
Does not exist
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1083.87~18.04.1)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
kinetic |
Does not exist
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
kinetic |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
kinetic |
Does not exist
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
kinetic |
Does not exist
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
jammy |
Not vulnerable
(5.15.0-1001.2)
|
|
focal |
Released
(5.4.0-1083.87)
|
|
linux-azure-fde-5.15 Launchpad, Ubuntu, Debian |
lunar |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
focal |
Not vulnerable
(5.15.0-1007.8~20.04.1)
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1011.13)
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Released
(5.4.0-1040.44)
|
|
kinetic |
Does not exist
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Released
(4.15.0-1049.54)
|
|
kinetic |
Does not exist
|
|
linux-fips Launchpad, Ubuntu, Debian |
jammy |
Does not exist
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gcp-5.3)
|
jammy |
Not vulnerable
(5.15.0-1001.3)
|
|
lunar |
Not vulnerable
(5.19.0-1008.8)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
hirsute |
Ignored
(end of life)
|
|
xenial |
Released
(4.15.0-1131.147~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
impish |
Released
(5.13.0-1021.25)
|
|
focal |
Released
(5.4.0-1078.84)
|
|
kinetic |
Not vulnerable
(5.15.0-1003.6)
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Released
(4.15.0-1131.147)
|
|
kinetic |
Does not exist
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
hirsute |
Does not exist
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Ignored
(end of life, was needed)
|
|
kinetic |
Does not exist
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
jammy |
Does not exist
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
focal |
Released
(5.13.0-1021.25~20.04.1)
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
linux-gcp-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.15.0-1006.9~20.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gcp-5.4)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
kinetic |
Does not exist
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1078.84~18.04.1)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
kinetic |
Does not exist
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
kinetic |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Ignored
(end of standard support)
|
|
focal |
Released
(5.4.0-1074.79)
|
|
kinetic |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(end of life, was needs-triage)
|
|
kinetic |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(end of standard support, was needs-triage)
|
|
kinetic |
Does not exist
|
|
linux-gke-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Not vulnerable
(5.15.0-1011.14~20.04.1)
|
|
upstream |
Released
(5.16)
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(end of standard support, was needs-triage)
|
|
kinetic |
Does not exist
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Released
(5.4.0-1074.79~18.04.1)
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1001.2)
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Released
(5.4.0-1046.48)
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Released
(5.4.0-1046.48~18.04.1)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Ignored
(replaced by linux-hwe-5.4)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Released
(4.15.0-189.200~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
kinetic |
Does not exist
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
kinetic |
Does not exist
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.13.0-37.42~20.04.1)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.15 Launchpad, Ubuntu, Debian |
kinetic |
Does not exist
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
jammy |
Does not exist
|
|
focal |
Not vulnerable
(5.15.0-33.34~20.04.1)
|
|
upstream |
Released
(5.16)
|
|
linux-hwe-5.19 Launchpad, Ubuntu, Debian |
lunar |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Released
(5.4.0-117.132~18.04.1)
|
|
kinetic |
Does not exist
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
kinetic |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-hwe-5.4)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Ignored
(superseded by linux-hwe)
|
|
kinetic |
Does not exist
|
|
linux-ibm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
kinetic |
Not vulnerable
(5.15.0-1002.2)
|
|
lunar |
Not vulnerable
(5.19.0-1008.8)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Released
(5.4.0-1026.29)
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1028.32~18.04.1)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1004.6)
|
|
upstream |
Released
(5.16)
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
focal |
Not vulnerable
(5.15.0-1003.5~20.04.1)
|
|
upstream |
Released
(5.16)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1123.128)
|
impish |
Released
(5.13.0-1018.19)
|
|
jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
lunar |
Not vulnerable
(5.19.0-1008.8)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
hirsute |
Ignored
(end of life)
|
|
xenial |
Released
(4.4.0-1110.120)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
focal |
Released
(5.4.0-1068.72)
|
|
kinetic |
Not vulnerable
(5.15.0-1004.4)
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(5.15.0-24.24)
|
lunar |
Not vulnerable
(5.19.0-1007.7)
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-22.22)
|
|
upstream |
Released
(5.16)
|
|
linux-lowlatency-hwe-5.15 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-33.34~20.04.1)
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
jammy |
Does not exist
|
|
linux-lowlatency-hwe-5.19 Launchpad, Ubuntu, Debian |
lunar |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
trusty |
Released
(4.4.0-229.263~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
kinetic |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Ignored
(end of standard support)
|
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Ignored
(end of life, was needs-triage)
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.14.0-1022.24)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(5.17.0-1003.3)
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.17.0-1003.3)
|
|
upstream |
Released
(5.16)
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
linux-oem-6.0 Launchpad, Ubuntu, Debian |
lunar |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
kinetic |
Does not exist
|
|
jammy |
Not vulnerable
(6.0.0-1006.6)
|
|
upstream |
Released
(5.16)
|
|
linux-oem-6.1 Launchpad, Ubuntu, Debian |
lunar |
Does not exist
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
kinetic |
Does not exist
|
|
jammy |
Not vulnerable
(6.1.0-1004.4)
|
|
upstream |
Released
(5.16)
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
bionic |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1102.113)
|
focal |
Released
(5.4.0-1076.83)
|
|
impish |
Released
(5.13.0-1023.28)
|
|
jammy |
Not vulnerable
(5.15.0-1001.3)
|
|
kinetic |
Not vulnerable
(5.15.0-1002.4)
|
|
lunar |
Not vulnerable
(5.19.0-1008.8)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
hirsute |
Ignored
(end of life)
|
|
xenial |
Released
(4.15.0-1102.113~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-oracle-5.3)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Ignored
(end of life, was needed)
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
jammy |
Does not exist
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
focal |
Released
(5.13.0-1025.30~20.04.1)
|
|
linux-oracle-5.15 Launchpad, Ubuntu, Debian |
kinetic |
Does not exist
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
jammy |
Does not exist
|
|
focal |
Not vulnerable
(5.15.0-1007.9~20.04.1)
|
|
upstream |
Released
(5.16)
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-oracle-5.4)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1076.83~18.04.1)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
linux-raspi Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
jammy |
Not vulnerable
(5.15.0-1003.3)
|
|
kinetic |
Not vulnerable
(5.15.0-1005.5)
|
|
lunar |
Not vulnerable
(5.19.0-1004.10)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Released
(5.13.0-1022.24)
|
|
focal |
Released
(5.4.0-1065.75)
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1065.75~18.04.1)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1115.123)
|
focal |
Ignored
(replaced by linux-raspi)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needs-triage)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-riscv Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-riscv-5.8)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Released
(5.13.0-1017.19)
|
|
jammy |
Not vulnerable
(5.15.0-1004.4)
|
|
kinetic |
Not vulnerable
(5.15.0-1007.7)
|
|
lunar |
Not vulnerable
(5.19.0-1004.4)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needs-triage)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1133.143)
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-nvidia Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-gkeop-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-aws-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-gcp-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-riscv-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-allwinner Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Not vulnerable
|
|
lunar |
Not vulnerable
|
|
upstream |
Needs triage
|
|
linux-allwinner-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-starfive Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Not vulnerable
|
|
lunar |
Not vulnerable
|
|
upstream |
Needs triage
|
|
linux-starfive-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-aws-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-lowlatency-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-ibm-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-gcp-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-azure-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-azure-fde-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-iot Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-riscv-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-azure-fde-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-xilinx-zynqmp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
jammy |
Not vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4197
- https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
- https://bugzilla.redhat.com/show_bug.cgi?id=2035652
- https://ubuntu.com/security/notices/USN-5278-1
- https://ubuntu.com/security/notices/USN-5337-1
- https://ubuntu.com/security/notices/USN-5368-1
- https://ubuntu.com/security/notices/USN-5467-1
- https://ubuntu.com/security/notices/USN-5500-1
- https://ubuntu.com/security/notices/USN-5505-1
- https://ubuntu.com/security/notices/USN-5513-1
- https://ubuntu.com/security/notices/USN-5515-1
- https://ubuntu.com/security/notices/USN-5541-1
- NVD
- Launchpad
- Debian