CVE-2021-47546
Published: 24 May 2024
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6_rule_suppress The kernel leaks memory when a `fib` rule is present in IPv6 nftables firewall rules and a suppress_prefix rule is present in the IPv6 routing rules (used by certain tools such as wg-quick). In such scenarios, every incoming packet will leak an allocation in `ip6_dst_cache` slab cache. After some hours of `bpftrace`-ing and source code reading, I tracked down the issue to ca7a03c41753 ("ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule"). The problem with that change is that the generic `args->flags` always have `FIB_LOOKUP_NOREF` set[1][2] but the IPv6-specific flag `RT6_LOOKUP_F_DST_NOREF` might not be, leading to `fib6_rule_suppress` not decreasing the refcount when needed. How to reproduce: - Add the following nftables rule to a prerouting chain: meta nfproto ipv6 fib saddr . mark . iif oif missing drop This can be done with: sudo nft create table inet test sudo nft create chain inet test test_chain '{ type filter hook prerouting priority filter + 10; policy accept; }' sudo nft add rule inet test test_chain meta nfproto ipv6 fib saddr . mark . iif oif missing drop - Run: sudo ip -6 rule add table main suppress_prefixlength 0 - Watch `sudo slabtop -o | grep ip6_dst_cache` to see memory usage increase with every incoming ipv6 packet. This patch exposes the protocol-specific flags to the protocol specific `suppress` function, and check the protocol-specific `flags` argument for RT6_LOOKUP_F_DST_NOREF instead of the generic FIB_LOOKUP_NOREF when decreasing the refcount, like this. [1]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L71 [2]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L99
Priority
Status
Package | Release | Status |
---|---|---|
linux
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-16.19)
|
focal |
Released
(5.4.0-100.113)
|
|
jammy |
Not vulnerable
(5.15.0-17.17)
|
|
mantic |
Not vulnerable
(6.2.0-20.20)
|
|
noble |
Not vulnerable
(6.5.0-9.9)
|
|
trusty |
Not vulnerable
(3.11.0-12.19)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Not vulnerable
(4.4.0-2.16)
|
|
Patches:
Introduced by
ca7a03c4175366a92cee0ccc4fec0038c3266e26
|
||
linux-allwinner-5.19
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(end of kernel support)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
linux-aws
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
focal |
Released
(5.4.0-1066.69)
|
|
jammy |
Not vulnerable
(5.15.0-1002.4)
|
|
mantic |
Not vulnerable
(6.2.0-1003.3)
|
|
noble |
Not vulnerable
(6.5.0-1008.8)
|
|
trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
linux-aws-5.0
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-aws-5.3)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-5.3)
|
|
linux-aws-5.11
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-aws-5.13)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-5.13)
|
|
linux-aws-5.13
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-aws-5.15)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-5.15)
|
|
linux-aws-5.15
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-1014.18~20.04.1)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-aws-5.19
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-aws-6.2)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-6.2)
|
|
linux-aws-5.3
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-aws-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-5.4)
|
|
linux-aws-5.4
Launchpad, Ubuntu, Debian |
bionic |
Pending
(5.4.0-1066.69~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-aws-5.8
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-aws-5.11)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-5.11)
|
|
linux-aws-6.2
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-aws-6.5)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-6.5)
|
|
linux-aws-6.5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(6.5.0-1008.8~22.04.1)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-aws-fips
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-aws-hwe
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
linux-azure
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
focal |
Released
(5.4.0-1070.73)
|
|
jammy |
Not vulnerable
(5.15.0-1001.2)
|
|
mantic |
Not vulnerable
(6.2.0-1003.3)
|
|
noble |
Not vulnerable
(6.5.0-1007.7)
|
|
trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
linux-azure-4.15
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1082.92)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-azure-5.11
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-azure-5.13)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-5.13)
|
|
linux-azure-5.13
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-azure-5.15)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-5.15)
|
|
linux-azure-5.15
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-1007.8~20.04.1)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-azure-5.19
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-azure-6.2)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-6.2)
|
|
linux-azure-5.3
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-5.4)
|
|
linux-azure-5.4
Launchpad, Ubuntu, Debian |
bionic |
Pending
(5.4.0-1070.73~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-azure-5.8
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-azure-5.11)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-5.11)
|
|
linux-azure-6.2
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-azure-6.5)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-6.5)
|
|
linux-azure-6.5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(6.5.0-1007.7~22.04.1)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-azure-edge
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-5.3)
|
|
linux-azure-fde
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-azure-fde-5.15)
|
jammy |
Not vulnerable
(5.15.0-1019.24.1)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-azure-fde-5.15
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-1019.24~20.04.1.1)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-azure-fde-5.19
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-azure-fde-6.2)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-fde-6.2)
|
|
linux-azure-fde-6.2
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(replaced by linux-azure-6.5)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(replaced by linux-azure-6.5)
|
|
linux-azure-fips
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-bluefield
Launchpad, Ubuntu, Debian |
focal |
Released
(5.4.0-1028.31)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-fips
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-gcp
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gcp-5.3)
|
focal |
Released
(5.4.0-1065.69)
|
|
jammy |
Not vulnerable
(5.15.0-1001.3)
|
|
mantic |
Not vulnerable
(6.2.0-1005.5)
|
|
noble |
Not vulnerable
(6.5.0-1007.7)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
linux-gcp-4.15
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1071.81)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-gcp-5.11
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-gcp-5.13)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-5.13)
|
|
linux-gcp-5.13
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-gcp-5.15)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-5.15)
|
|
linux-gcp-5.15
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-1006.9~20.04.1)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-gcp-5.19
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-gcp-6.2)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-6.2)
|
|
linux-gcp-5.3
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gcp-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-5.4)
|
|
linux-gcp-5.4
Launchpad, Ubuntu, Debian |
bionic |
Pending
(5.4.0-1065.69~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-gcp-5.8
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-gcp-5.11)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-5.11)
|
|
linux-gcp-6.2
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-gcp-6.5)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-6.5)
|
|
linux-gcp-6.5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(6.5.0-1010.10~22.04.3)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-gcp-fips
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-gke
Launchpad, Ubuntu, Debian |
focal |
Ignored
(end of kernel support)
|
jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
mantic |
Does not exist
|
|
noble |
Not vulnerable
(6.8.0-1003.5)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-gke-4.15
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gke-5.0)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gke-5.0)
|
|
linux-gke-5.15
Launchpad, Ubuntu, Debian |
focal |
Ignored
(end of kernel support)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
linux-gke-5.4
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of kernel support)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
linux-gkeop
Launchpad, Ubuntu, Debian |
focal |
Released
(5.4.0-1034.35)
|
jammy |
Not vulnerable
(5.15.0-1001.2)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-gkeop-5.15
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-1003.5~20.04.2)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-gkeop-5.4
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of kernel support)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
linux-hwe
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(replaced by linux-hwe-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Not vulnerable
(4.8.0-39.42~16.04.1)
|
|
linux-hwe-5.11
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-hwe-5.13)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-hwe-5.13)
|
|
linux-hwe-5.13
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-hwe-5.15)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-hwe-5.15)
|
|
linux-hwe-5.15
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-33.34~20.04.1)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-hwe-5.19
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-hwe-6.2)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-hwe-6.2)
|
|
linux-hwe-5.4
Launchpad, Ubuntu, Debian |
bionic |
Pending
(5.4.0-100.113~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-hwe-5.8
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-hwe-5.11)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-hwe-5.11)
|
|
linux-hwe-6.2
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-hwe-6.5)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-hwe-6.5)
|
|
linux-hwe-6.5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(6.5.0-14.14~22.04.1)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-hwe-6.8
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
(6.8.0-38.38~22.04.1)
|
|
noble |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Does not exist
|
|
linux-hwe-edge
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-hwe-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Ignored
(superseded by linux-hwe)
|
|
linux-ibm
Launchpad, Ubuntu, Debian |
focal |
Released
(5.4.0-1015.16)
|
jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
mantic |
Ignored
(end of kernel support)
|
|
noble |
Not vulnerable
(6.5.0-1009.9)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-ibm-5.15
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-1033.36~20.04.1)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-ibm-5.4
Launchpad, Ubuntu, Debian |
bionic |
Pending
(5.4.0-1015.16~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-intel
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Not vulnerable
(6.8.0-1001.6)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Does not exist
|
|
linux-intel-5.13
Launchpad, Ubuntu, Debian |
focal |
Ignored
(end of kernel support)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
linux-intel-iot-realtime
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Does not exist
|
|
linux-intel-iotg
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(5.15.0-1004.6)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-intel-iotg-5.15
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-1003.5~20.04.1)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-iot
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.4.0-1001.3)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-kvm
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
focal |
Released
(5.4.0-1056.58)
|
|
jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
linux-laptop
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Not vulnerable
(6.5.0-1003.6)
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-lowlatency
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(5.15.0-22.22)
|
|
mantic |
Not vulnerable
(6.2.0-1003.3)
|
|
noble |
Not vulnerable
(6.5.0-9.9.1)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-lowlatency-hwe-5.15
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-33.34~20.04.1)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-lowlatency-hwe-5.19
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-lowlatency-hwe-6.2)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-lowlatency-hwe-6.2)
|
|
linux-lowlatency-hwe-6.2
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-lowlatency-hwe-6.5)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-lowlatency-hwe-6.5)
|
|
linux-lowlatency-hwe-6.5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(6.5.0-14.14.1~22.04.1)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-lowlatency-hwe-6.8
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
(6.8.0-38.38.1~22.04.2)
|
|
noble |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-nvidia
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(5.15.0-1005.5)
|
|
mantic |
Does not exist
|
|
noble |
Not vulnerable
(6.8.0-1007.7)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-nvidia-6.2
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-nvidia-6.5)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-nvidia-6.5)
|
|
linux-nvidia-6.5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(6.5.0-1004.4)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-nvidia-6.8
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
(6.8.0-1008.8~22.04.1)
|
|
noble |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Does not exist
|
|
linux-nvidia-lowlatency
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
noble |
Not vulnerable
(6.8.0-1009.9.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Does not exist
|
|
linux-oem
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(replaced by linux-hwe-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
linux-oem-5.10
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-oem-5.13)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oem-5.13)
|
|
linux-oem-5.13
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-oem-5.14)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oem-5.14)
|
|
linux-oem-5.14
Launchpad, Ubuntu, Debian |
focal |
Ignored
(replaced by linux-hwe-5.15)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(replaced by linux-hwe-5.15)
|
|
linux-oem-5.17
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-oem-6.1)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oem-6.1)
|
|
linux-oem-5.6
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-oem-5.10)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oem-5.10)
|
|
linux-oem-6.0
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-oem-6.1)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oem-6.1)
|
|
linux-oem-6.1
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-oem-6.5)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oem-6.5)
|
|
linux-oem-6.5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(6.5.0-1003.3)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-oem-6.8
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Not vulnerable
(6.8.0-1003.3)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Does not exist
|
|
linux-oracle
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1007.9)
|
focal |
Released
(5.4.0-1064.68)
|
|
jammy |
Not vulnerable
(5.15.0-1001.3)
|
|
mantic |
Not vulnerable
(6.2.0-1003.3)
|
|
noble |
Not vulnerable
(6.5.0-1010.10)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
linux-oracle-5.0
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-oracle-5.3)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oracle-5.3)
|
|
linux-oracle-5.11
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-oracle-5.13)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oracle-5.13)
|
|
linux-oracle-5.13
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-oracle-5.15)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oracle-5.15)
|
|
linux-oracle-5.15
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-1007.9~20.04.1)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-oracle-5.3
Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-oracle-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oracle-5.4)
|
|
linux-oracle-5.4
Launchpad, Ubuntu, Debian |
bionic |
Pending
(5.4.0-1064.68~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-oracle-5.8
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-oracle-5.11)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oracle-5.11)
|
|
linux-oracle-6.5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(6.5.0-1013.13~22.04.4)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-raspi
Launchpad, Ubuntu, Debian |
focal |
Released
(5.4.0-1053.60)
|
jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
mantic |
Not vulnerable
(6.2.0-1004.5)
|
|
noble |
Not vulnerable
(6.5.0-1005.7)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-raspi-5.4
Launchpad, Ubuntu, Debian |
bionic |
Pending
(5.4.0-1053.60~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-raspi-realtime
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Does not exist
|
|
linux-raspi2
Launchpad, Ubuntu, Debian |
focal |
Ignored
(replaced by linux-raspi)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(replaced by linux-raspi)
|
|
linux-realtime
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by Ubuntu Pro ppa version)
|
|
noble |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Does not exist
|
|
linux-riscv
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-riscv-5.8)
|
jammy |
Ignored
(end of kernel support)
|
|
mantic |
Not vulnerable
(6.2.0-19.19.1)
|
|
noble |
Not vulnerable
(6.5.0-9.9.1)
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-riscv-5.11
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-riscv-5.13)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-riscv-5.13)
|
|
linux-riscv-5.15
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-1015.17~20.04.1)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-riscv-5.19
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(end of kernel support)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
linux-riscv-5.8
Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-riscv-5.11)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-riscv-5.11)
|
|
linux-riscv-6.5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(6.5.0-17.17.1.1~22.04.1)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-riscv-6.8
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
(6.8.0-38.38.1~22.04.1)
|
|
noble |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
xenial |
Does not exist
|
|
linux-starfive
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Not vulnerable
(6.5.0-1002.3)
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-starfive-5.19
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(end of kernel support)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
linux-starfive-6.2
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
(superseded by linux-starfive-6.5)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-starfive-6.5)
|
|
linux-starfive-6.5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Not vulnerable
(6.5.0-1007.8~22.04.1)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
|
linux-xilinx-zynqmp
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.4.0-1020.24)
|
jammy |
Not vulnerable
(5.15.0-1022.26)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(5.16~rc4, 5.4.164, 5.15.7)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References
- https://www.cve.org/CVERecord?id=CVE-2021-47546
- https://git.kernel.org/linus/cdef485217d30382f3bf6448c54b4401648fe3f1 (5.16-rc4)
- https://git.kernel.org/stable/c/209d35ee34e25f9668c404350a1c86d914c54ffa
- https://git.kernel.org/stable/c/8ef8a76a340ebdb2c2eea3f6fb0ebbed09a16383
- https://git.kernel.org/stable/c/cdef485217d30382f3bf6448c54b4401648fe3f1
- https://git.kernel.org/stable/c/ee38eb8cf9a7323884c2b8e0adbbeb2192d31e29
- NVD
- Launchpad
- Debian