CVE-2021-4197
Published: 31 December 2021
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
From the Ubuntu Security Team
Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Released
(5.13.0-1021.24~20.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
focal |
Released
(5.13.0-1021.25~20.04.1)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Ignored
(replaced by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| xenial |
Released
(4.15.0-189.200~16.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux Launchpad, Ubuntu, Debian |
focal |
Released
(5.4.0-117.132)
|
| impish |
Released
(5.13.0-37.42)
|
|
| upstream |
Released
(5.16)
|
|
| bionic |
Released
(4.15.0-189.200)
|
|
| trusty |
Not vulnerable
(3.11.0-12.19)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| xenial |
Released
(4.4.0-229.263)
|
|
| jammy |
Not vulnerable
(5.15.0-22.22)
|
|
| kinetic |
Not vulnerable
(5.15.0-25.25)
|
|
| lunar |
Not vulnerable
(5.19.0-21.21)
|
|
|
Patches: Introduced by 187fe84067bd377047cfcb7f2bbc7c9dc12d290c Introduced by 5136f6365ce3eace5a926e10f16ed2a233db5ba9 |
||
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| bionic |
Released
(5.4.0-117.132~18.04.1)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
xenial |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| trusty |
Released
(4.4.0-229.263~14.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Released
(4.15.0-1123.128)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| xenial |
Released
(4.4.0-1110.120)
|
|
| upstream |
Released
(5.16)
|
|
| impish |
Released
(5.13.0-1018.19)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
| focal |
Released
(5.4.0-1068.72)
|
|
| kinetic |
Not vulnerable
(5.15.0-1004.4)
|
|
| lunar |
Not vulnerable
(5.19.0-1008.8)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-aws-5.3)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-aws-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Released
(5.4.0-1078.84~18.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| xenial |
Released
(4.15.0-1137.148~16.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(5.16)
|
| impish |
Released
(5.13.0-1019.21)
|
|
| focal |
Released
(5.4.0-1078.84)
|
|
| bionic |
Released
(4.15.0-1137.148)
|
|
| trusty |
Released
(4.4.0-1109.115)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| xenial |
Released
(4.4.0-1145.160)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.4)
|
|
| kinetic |
Not vulnerable
(5.15.0-1004.6)
|
|
| lunar |
Not vulnerable
(5.19.0-1009.9)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
| impish |
Released
(5.13.0-1021.24)
|
|
| focal |
Released
(5.4.0-1083.87)
|
|
| trusty |
Released
(4.15.0-1146.161~14.04.1)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| xenial |
Released
(4.15.0-1146.161~16.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Not vulnerable
(5.15.0-1001.2)
|
|
| kinetic |
Not vulnerable
(5.15.0-1003.4)
|
|
| lunar |
Not vulnerable
(5.19.0-1008.8)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| bionic |
Released
(4.15.0-1146.161)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Released
(5.4.0-1083.87~18.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Released
(5.4.0-1040.44)
|
|
| jammy |
Not vulnerable
(5.15.0-1011.13)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| bionic |
Released
(4.15.0-1049.54)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Ignored
(superseded by linux-gcp-5.3)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| xenial |
Released
(4.15.0-1131.147~16.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| impish |
Released
(5.13.0-1021.25)
|
|
| focal |
Released
(5.4.0-1078.84)
|
|
| jammy |
Not vulnerable
(5.15.0-1001.3)
|
|
| kinetic |
Not vulnerable
(5.15.0-1003.6)
|
|
| lunar |
Not vulnerable
(5.19.0-1008.8)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| bionic |
Released
(4.15.0-1131.147)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-gcp-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| bionic |
Released
(5.4.0-1078.84~18.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| xenial |
Ignored
(reached end of standard support)
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Released
(5.4.0-1074.79)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| bionic |
Released
(5.4.0-1074.79~18.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Released
(5.4.0-1046.48)
|
|
| jammy |
Not vulnerable
(5.15.0-1001.2)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| bionic |
Released
(5.4.0-1046.48~18.04.1)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-ibm Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
| focal |
Released
(5.4.0-1026.29)
|
|
| kinetic |
Not vulnerable
(5.15.0-1002.2)
|
|
| lunar |
Not vulnerable
(5.19.0-1008.8)
|
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| xenial |
Released
(4.15.0-1102.113~16.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| impish |
Released
(5.13.0-1023.28)
|
|
| bionic |
Released
(4.15.0-1102.113)
|
|
| jammy |
Not vulnerable
(5.15.0-1001.3)
|
|
| focal |
Released
(5.4.0-1076.83)
|
|
| kinetic |
Not vulnerable
(5.15.0-1002.4)
|
|
| lunar |
Not vulnerable
(5.19.0-1008.8)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.3)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| bionic |
Released
(5.4.0-1076.83~18.04.1)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Released
(5.14.0-1022.24)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Released
(5.13.0-1022.24)
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Released
(5.4.0-1065.75)
|
|
| jammy |
Not vulnerable
(5.15.0-1003.3)
|
|
| kinetic |
Not vulnerable
(5.15.0-1005.5)
|
|
| lunar |
Not vulnerable
(5.19.0-1004.10)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| focal |
Ignored
(replaced by linux-raspi)
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Released
(4.15.0-1115.123)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
| lunar |
Does not exist
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Released
(5.4.0-1065.75~18.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.8)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Released
(5.13.0-1017.19)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Not vulnerable
(5.15.0-1004.4)
|
|
| kinetic |
Not vulnerable
(5.15.0-1007.7)
|
|
| lunar |
Not vulnerable
(5.19.0-1004.4)
|
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Released
(4.15.0-1133.143)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Released
(5.13.0-37.42~20.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Released
(5.13.0-1019.21~20.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-fips Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| xenial |
Ignored
(out of standard support)
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Released
(5.13.0-1025.30~20.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Released
(5.4.0-1028.32~18.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| jammy |
Not vulnerable
(5.15.0-1001.2)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Released
(5.4.0-1083.87)
|
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-22.22)
|
|
| upstream |
Released
(5.16)
|
|
| kinetic |
Not vulnerable
(5.15.0-24.24)
|
|
| lunar |
Not vulnerable
(5.19.0-1007.7)
|
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
(5.17.0-1003.3)
|
|
| upstream |
Released
(5.16)
|
|
| kinetic |
Not vulnerable
(5.17.0-1003.3)
|
|
| lunar |
Does not exist
|
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-1004.6)
|
|
| upstream |
Released
(5.16)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1003.5~20.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-lowlatency-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-33.34~20.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-33.34~20.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-aws-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| kinetic |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1014.18~20.04.1)
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1006.9~20.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1011.14~20.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1007.8~20.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oracle-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1007.9~20.04.1)
|
|
| upstream |
Released
(5.16)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-azure-fde-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| upstream |
Released
(5.16)
|
|
| focal |
Not vulnerable
(5.15.0-1007.8~20.04.1)
|
|
| lunar |
Does not exist
|
|
|
linux-oem-6.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| jammy |
Not vulnerable
(6.0.0-1006.6)
|
|
| upstream |
Released
(5.16)
|
|
| lunar |
Does not exist
|
|
|
linux-oem-6.1 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| jammy |
Not vulnerable
(6.1.0-1004.4)
|
|
| upstream |
Released
(5.16)
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Does not exist
|
|
|
linux-lowlatency-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Does not exist
|
|
|
linux-azure-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Does not exist
|
|
|
linux-iot Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-riscv-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-azure-fde-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-xilinx-zynqmp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4197
- https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
- https://bugzilla.redhat.com/show_bug.cgi?id=2035652
- https://ubuntu.com/security/notices/USN-5278-1
- https://ubuntu.com/security/notices/USN-5337-1
- https://ubuntu.com/security/notices/USN-5368-1
- https://ubuntu.com/security/notices/USN-5467-1
- https://ubuntu.com/security/notices/USN-5500-1
- https://ubuntu.com/security/notices/USN-5505-1
- https://ubuntu.com/security/notices/USN-5513-1
- https://ubuntu.com/security/notices/USN-5515-1
- https://ubuntu.com/security/notices/USN-5541-1
- NVD
- Launchpad
- Debian