CVE-2022-23037
Published: 10 March 2022
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
From the Ubuntu Security Team
Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest.
Priority
Status
Package | Release | Status |
---|---|---|
linux-nvidia Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux Launchpad, Ubuntu, Debian |
focal |
Released
(5.4.0-117.132)
|
impish |
Ignored
(end of life)
|
|
bionic |
Released
(4.15.0-177.186)
|
|
jammy |
Not vulnerable
(5.15.0-25.25)
|
|
kinetic |
Not vulnerable
(5.15.0-25.25)
|
|
lunar |
Not vulnerable
(5.15.0-25.25)
|
|
trusty |
Ignored
(ESM criteria, was needed)
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Ignored
(ESM criteria, was needed)
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-aws-5.3)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
bionic |
Ignored
(superseded by linux-aws-5.4)
|
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
bionic |
Released
(5.4.0-1078.84~18.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
upstream |
Released
(5.17~rc8)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Ignored
(end of life, was needed)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(5.17~rc8)
|
bionic |
Released
(4.15.0-1128.137)
|
|
focal |
Released
(5.4.0-1078.84)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Not vulnerable
(5.15.0-1004.6)
|
|
kinetic |
Not vulnerable
(5.15.0-1004.6)
|
|
lunar |
Not vulnerable
(5.15.0-1004.6)
|
|
trusty |
Ignored
(ESM criteria, was needed)
|
|
xenial |
Ignored
(ESM criteria, was needed)
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
bionic |
Released
(4.15.0-1138.151)
|
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Ignored
(superseded by linux-azure-5.4)
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
bionic |
Released
(5.4.0-1083.87~18.04.1)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
linux-oem Launchpad, Ubuntu, Debian |
upstream |
Released
(5.17~rc8)
|
bionic |
Ignored
(end of life, was needs-triage)
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-gkeop-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-aws-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-gcp-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-riscv-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-allwinner Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Not vulnerable
|
|
lunar |
Not vulnerable
|
|
upstream |
Needs triage
|
|
linux-allwinner-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-starfive Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Not vulnerable
|
|
lunar |
Not vulnerable
|
|
upstream |
Needs triage
|
|
linux-starfive-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-oem-6.0 Launchpad, Ubuntu, Debian |
jammy |
Not vulnerable
(6.0.0-1006.6)
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
kinetic |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-aws-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-lowlatency-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-aws-5.15 Launchpad, Ubuntu, Debian |
jammy |
Does not exist
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-aws-5.11)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Released
(4.15.0-1128.137~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
focal |
Released
(5.4.0-1083.87)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Not vulnerable
(5.15.0-1003.4)
|
|
kinetic |
Not vulnerable
(5.15.0-1003.4)
|
|
lunar |
Not vulnerable
(5.15.0-1003.4)
|
|
trusty |
Released
(4.15.0-1138.151~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Released
(4.15.0-1138.151~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-azure-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-azure-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-azure-5.11)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
impish |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
jammy |
Not vulnerable
|
|
focal |
Released
(5.4.0-1083.87)
|
|
linux-azure-fde-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
focal |
Not vulnerable
(5.15.0-1007.8~20.04.1)
|
|
linux-azure-fde-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.4.0-1040.44)
|
|
impish |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1011.13)
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
bionic |
Released
(4.15.0-1042.47)
|
|
linux-fips Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gcp-5.3)
|
focal |
Released
(5.4.0-1078.84)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Not vulnerable
(5.15.0-1003.6)
|
|
kinetic |
Not vulnerable
(5.15.0-1003.6)
|
|
lunar |
Not vulnerable
(5.15.0-1003.6)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Released
(4.15.0-1122.136~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
bionic |
Released
(4.15.0-1122.136)
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needs-triage)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gcp-5.4)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1078.84~18.04.1)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-gcp-5.11)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.4.0-1074.79)
|
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-gke-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
bionic |
Released
(5.4.0-1074.79~18.04.1)
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1001.2)
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
focal |
Released
(5.4.0-1046.48)
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
bionic |
Released
(5.4.0-1046.48~18.04.1)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Ignored
(replaced by linux-hwe-5.4)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Released
(4.15.0-177.186~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-hwe-5.13)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.15 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.15.0-33.34~20.04.1)
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
jammy |
Does not exist
|
|
linux-hwe-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
kinetic |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
bionic |
Released
(5.4.0-117.132~18.04.1)
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-hwe-5.11)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-hwe-5.4)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Ignored
(superseded by linux-hwe)
|
|
linux-ibm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.4.0-1026.29)
|
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
kinetic |
Not vulnerable
(5.15.0-1002.2)
|
|
lunar |
Not vulnerable
(5.15.0-1002.2)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1028.32~18.04.1)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needs-triage)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
jammy |
Not vulnerable
(5.15.0-1004.6)
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
focal |
Released
(5.15.0-1008.11~20.04.1)
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
linux-iot Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-kvm Launchpad, Ubuntu, Debian |
impish |
Ignored
(end of life)
|
jammy |
Not vulnerable
(5.15.0-1004.4)
|
|
kinetic |
Not vulnerable
(5.15.0-1004.4)
|
|
lunar |
Not vulnerable
(5.15.0-1004.4)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Ignored
(ESM criteria, was needed)
|
|
bionic |
Released
(4.15.0-1114.117)
|
|
focal |
Released
(5.4.0-1068.72)
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
kinetic |
Not vulnerable
(5.15.0-24.24)
|
|
lunar |
Not vulnerable
(5.15.0-24.24)
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
(5.15.0-24.24)
|
|
upstream |
Released
(5.17~rc8)
|
|
linux-lowlatency-hwe-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.15.0-33.34~20.04.1)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-lowlatency-hwe-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Ignored
(ESM criteria, was needed)
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needs-triage)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needs-triage)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
focal |
Ignored
(end of life, was needed)
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(5.17.0-1003.3)
|
lunar |
Does not exist
|
|
xenial |
Does not exist
|
|
trusty |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Not vulnerable
(5.17.0-1003.3)
|
|
upstream |
Released
(5.17~rc8)
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needs-triage)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-oem-6.1 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needs-triage)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
impish |
Ignored
(end of life)
|
jammy |
Not vulnerable
(5.15.0-1002.4)
|
|
kinetic |
Not vulnerable
(5.15.0-1002.4)
|
|
lunar |
Not vulnerable
(5.15.0-1002.4)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Released
(4.15.0-1093.102~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
bionic |
Released
(4.15.0-1093.102)
|
|
focal |
Released
(5.4.0-1076.83)
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-oracle-5.3)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needs-triage)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needed)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-oracle-5.4)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1076.83~18.04.1)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-oracle-5.11)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-raspi Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.4.0-1065.75)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Not vulnerable
(5.15.0-1005.5)
|
|
kinetic |
Not vulnerable
(5.15.0-1005.5)
|
|
lunar |
Not vulnerable
(5.15.0-1005.5)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1065.75~18.04.1)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
focal |
Ignored
(replaced by linux-raspi)
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Ignored
(end of standard support)
|
|
bionic |
Released
(4.15.0-1109.116)
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-riscv Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-riscv-5.8)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Not vulnerable
(5.15.0-1006.6)
|
|
kinetic |
Not vulnerable
(5.15.0-1007.7)
|
|
lunar |
Not vulnerable
(5.15.0-1007.7)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of life, was needs-triage)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-riscv-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-riscv-5.11)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.17~rc8)
|
|
xenial |
Ignored
(end of standard support)
|
|
bionic |
Released
(4.15.0-1127.136)
|
|
linux-xilinx-zynqmp Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
jammy |
Not vulnerable
|
|
linux-ibm-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-gcp-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-azure-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-azure-fde-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
lunar |
Does not exist
|
|
upstream |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.0 |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |