CVE-2021-43057
Published: 28 October 2021
An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.
From the Ubuntu security team
Jann Horn discovered that the SELinux subsystem in the Linux kernel did not properly handle subjective credentials for tasks in some situations. On systems where SELinux has been enabled, a local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Priority
Low
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-16.19)
|
| focal |
Not vulnerable
(5.4.0-9.12)
|
|
| hirsute |
Not vulnerable
(5.8.0-36.40+21.04.1)
|
|
| impish |
Released
(5.13.0-22.22)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| trusty |
Not vulnerable
(3.11.0-12.19)
|
|
| xenial |
Not vulnerable
(4.4.0-2.16)
|
|
| jammy |
Not vulnerable
(5.15.0-17.17)
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Ignored
(replaced by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| xenial |
Not vulnerable
(4.8.0-39.42~16.04.1)
|
|
| jammy |
Does not exist
|
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-37.41~18.04.1)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.8.0-23.24~20.04.1)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-22.23~20.04.1)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
xenial |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Not vulnerable
(4.15.0-1002.2)
|
|
| focal |
Not vulnerable
(5.4.0-1004.4)
|
|
| hirsute |
Not vulnerable
(5.8.0-1010.11+21.04.1)
|
|
| impish |
Released
(5.13.0-1006.6)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
| jammy |
Not vulnerable
(5.13.0-1006.6+22.04.1)
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| hirsute |
Not vulnerable
(5.8.0-1018.20+21.04.1)
|
|
| impish |
Released
(5.13.0-1007.8)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
| xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.4)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-aws-5.3)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-aws-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1018.18~18.04.1)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1009.9~20.04.2)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
| jammy |
Does not exist
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
| focal |
Not vulnerable
(5.4.0-1006.6)
|
|
| hirsute |
Not vulnerable
(5.8.0-1016.17+21.04.1)
|
|
| impish |
Released
(5.13.0-1008.9)
|
|
| trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
| jammy |
Not vulnerable
(5.15.0-1001.2)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1082.92)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1020.20~18.04.1)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1007.7~20.04.2)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1007.10)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1005.8)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Ignored
(superseded by linux-gcp-5.3)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| hirsute |
Not vulnerable
(5.8.0-1015.15+21.04.1)
|
|
| impish |
Released
(5.13.0-1007.8)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
| jammy |
Not vulnerable
(5.15.0-1001.3)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| bionic |
Not vulnerable
(4.15.0-1071.81)
|
|
| jammy |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-gcp-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| bionic |
Not vulnerable
(5.4.0-1019.19~18.04.2)
|
|
| jammy |
Does not exist
|
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1009.10~20.04.1)
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(reached end of standard support)
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1033.35)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1025.25~18.04.1)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1008.9)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1001.1)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-ibm Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1003.4)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| jammy |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Not vulnerable
(4.15.0-1007.9)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| hirsute |
Not vulnerable
(5.8.0-1014.14+21.04.1)
|
|
| impish |
Released
(5.13.0-1010.12)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
| jammy |
Not vulnerable
(5.15.0-1001.3)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.3)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.4)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1019.19~18.04.1)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1008.8~20.04.1)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| jammy |
Does not exist
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.10.0-1008.9)
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Released
(5.13.0-1020.24)
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Released
(5.14.0-1005.5)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1007.7)
|
|
| hirsute |
Not vulnerable
(5.8.0-1008.11+21.04.1)
|
|
| impish |
Released
(5.13.0-1011.13)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| focal |
Ignored
(replaced by linux-raspi)
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
| bionic |
Not vulnerable
(4.13.0-1005.5)
|
|
| jammy |
Does not exist
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(was needs-triage now end-of-life)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1013.13~18.04.1)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.8)
|
|
| hirsute |
Not vulnerable
(5.8.0-10.12+21.04.1)
|
|
| impish |
Released
(5.13.0-1006.6)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Not vulnerable
(5.13.0-1006.6+22.04.1)
|
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.11.0-1015.16~20.04.1)
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
| bionic |
Not vulnerable
(4.4.0-1077.82)
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1009.10~20.04.2)
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Released
(5.13.0-22.22~20.04.1)
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1008.9~20.04.2)
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-fips Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Not vulnerable
(4.4.0-1074.80)
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1011.13~20.04.2)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| impish |
Does not exist
|
|
| focal |
Not vulnerable
(5.13.0-1008.9~20.04.3)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1010.11~18.04.2)
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1063.66+cvm2.2)
|
|
| impish |
Does not exist
|
|
| upstream |
Released
(5.15~rc3)
|
|
| jammy |
Does not exist
|
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-22.22)
|
|
| upstream |
Released
(5.15~rc3)
|
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
(5.17.0-1003.3)
|
|
| upstream |
Released
(5.15~rc3)
|
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Needs triage
|
Notes
| Author | Note |
|---|---|
| sbeattie | Ubuntu systems are configured to use AppArmor by default, a system would need to be configured via kernel command line to use SELinux or Smack to be affected. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43057
- https://git.kernel.org/linus/a3727a8bac0a9e77c70820655fd8715523ba3db7 (5.15-rc3)
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2229
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3727a8bac0a9e77c70820655fd8715523ba3db7
- https://ubuntu.com/security/notices/USN-5162-1
- NVD
- Launchpad
- Debian