CVE-2023-21264
Published: 14 August 2023
In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
From the Ubuntu Security Team
It was discovered that the ARM64 KVM implementation in the Linux kernel did not properly restrict hypervisor memory access. An attacker in a guest VM could use this to execute arbitrary code in the host OS.
Notes
| Author | Note |
|---|---|
Priority reason: Local guest-to-host data theft and potential privilege escalation. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-hwe Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| xenial |
Not vulnerable
(4.8.0-39.42~16.04.1)
|
|
| mantic |
Does not exist
|
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-37.41~18.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-hwe-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.11)
|
|
| mantic |
Does not exist
|
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-hwe-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.13)
|
|
| mantic |
Does not exist
|
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-hwe-5.15)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.15)
|
|
| mantic |
Does not exist
|
|
|
linux-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-33.34~20.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| jammy |
Ignored
(end of life, was needed)
|
|
| mantic |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
xenial |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Not vulnerable
(4.15.0-1002.2)
|
|
| focal |
Not vulnerable
(5.4.0-1004.4)
|
|
| jammy |
Not vulnerable
(5.13.0-1004.4)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
| lunar |
Released
(6.2.0-1013.13)
|
|
| mantic |
Does not exist
|
|
|
linux-allwinner Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-allwinner-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| jammy |
Ignored
(end of life, was needed)
|
|
| mantic |
Does not exist
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.3)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.4)
|
|
| mantic |
Does not exist
|
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1018.18~18.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-aws-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.11)
|
|
| mantic |
Does not exist
|
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-aws-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.13)
|
|
| mantic |
Does not exist
|
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-aws-5.15)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.15)
|
|
| mantic |
Does not exist
|
|
|
linux-aws-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1014.18~20.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-aws-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
| mantic |
Does not exist
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
| focal |
Not vulnerable
(5.4.0-1006.6)
|
|
| jammy |
Not vulnerable
(5.13.0-1006.7)
|
|
| trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
| lunar |
Released
(6.2.0-1012.12)
|
|
| mantic |
Not vulnerable
(6.5.0-1004.4)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1082.92)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.4)
|
|
| mantic |
Does not exist
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1020.20~18.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-azure-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.11)
|
|
| mantic |
Does not exist
|
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-azure-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.13)
|
|
| mantic |
Does not exist
|
|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-azure-5.15)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.15)
|
|
| mantic |
Does not exist
|
|
|
linux-azure-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1007.8~20.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-azure-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1006.6)
|
|
| jammy |
Not vulnerable
(5.13.0-1006.7)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-azure-fde-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1007.8~20.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-azure-fde-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1007.10)
|
|
| jammy |
Not vulnerable
(5.15.0-1011.13)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-fips Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Ignored
(superseded by linux-gcp-5.3)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| jammy |
Not vulnerable
(5.13.0-1005.6)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
| lunar |
Released
(6.2.0-1014.14)
|
|
| mantic |
Not vulnerable
(6.5.0-1004.4)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1071.81)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-gcp-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.4)
|
|
| mantic |
Does not exist
|
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1019.19~18.04.2)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-gcp-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.11)
|
|
| mantic |
Does not exist
|
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-gcp-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.13)
|
|
| mantic |
Does not exist
|
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-gcp-5.15)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.15)
|
|
| mantic |
Does not exist
|
|
|
linux-gcp-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1006.9~20.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gcp-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gke-5.4)
|
|
| mantic |
Does not exist
|
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gke-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1008.9)
|
|
| jammy |
Not vulnerable
(5.15.0-1001.2)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-gkeop-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1003.5~20.04.2)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-ibm Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1003.4)
|
|
| jammy |
Not vulnerable
(5.15.0-1002.2)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| lunar |
Released
(6.2.0-1010.10)
|
|
| mantic |
Ignored
(end of life, was pending)
|
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1010.11~18.04.2)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-1004.6)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1003.5~20.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-iot Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1001.3)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-22.22)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| lunar |
Released
(6.2.0-1013.13)
|
|
| mantic |
Not vulnerable
(6.5.0-5.5.1)
|
|
|
linux-lowlatency-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-33.34~20.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-lowlatency-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| jammy |
Ignored
(end of life, was needed)
|
|
| mantic |
Does not exist
|
|
|
linux-nvidia Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Not vulnerable
(5.15.0-1005.5)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Not vulnerable
(4.15.0-1007.9)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| jammy |
Not vulnerable
(5.13.0-1008.10)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
| lunar |
Released
(6.2.0-1012.12)
|
|
| mantic |
Not vulnerable
(6.5.0-1005.5)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.3)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.4)
|
|
| mantic |
Does not exist
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1019.19~18.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-oracle-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.11)
|
|
| mantic |
Does not exist
|
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-oracle-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.13)
|
|
| mantic |
Does not exist
|
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-oracle-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1007.9~20.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-oem-5.14)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oem-5.14)
|
|
| mantic |
Does not exist
|
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| jammy |
Ignored
(end of life, was needed)
|
|
| mantic |
Does not exist
|
|
|
linux-oem-6.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| jammy |
Ignored
(end of life, was needed)
|
|
| mantic |
Does not exist
|
|
|
linux-oem-6.1 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Needed
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1007.7)
|
|
| jammy |
Not vulnerable
(5.13.0-1008.9)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| lunar |
Released
(6.2.0-1013.15)
|
|
| mantic |
Not vulnerable
(6.5.0-1002.2)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Ignored
(replaced by linux-raspi)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-raspi2-5.4)
|
|
| mantic |
Does not exist
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1013.13~18.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.8)
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| lunar |
Released
(6.2.0-33.33.1)
|
|
| mantic |
Not vulnerable
(6.5.0-9.9.1)
|
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-riscv-5.11)
|
|
| mantic |
Does not exist
|
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-riscv-5.13)
|
|
| mantic |
Does not exist
|
|
|
linux-riscv-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1015.17~20.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-riscv-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-starfive Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| lunar |
Released
(6.2.0-1005.6)
|
|
| mantic |
Not vulnerable
(6.5.0-1002.3)
|
|
|
linux-starfive-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-xilinx-zynqmp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1020.24)
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| mantic |
Does not exist
|
|
|
linux-aws-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| jammy |
Released
(6.2.0-1012.12~22.04.1)
|
|
| mantic |
Does not exist
|
|
|
linux-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| jammy |
Released
(6.2.0-33.33~22.04.1)
|
|
| mantic |
Does not exist
|
|
|
linux-lowlatency-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| jammy |
Released
(6.2.0-1013.13~22.04.1)
|
|
| mantic |
Does not exist
|
|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-16.19)
|
| focal |
Not vulnerable
(5.4.0-9.12)
|
|
| jammy |
Not vulnerable
(5.13.0-19.19)
|
|
| trusty |
Not vulnerable
(3.11.0-12.19)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| xenial |
Not vulnerable
(4.4.0-2.16)
|
|
| lunar |
Released
(6.2.0-33.33)
|
|
| mantic |
Not vulnerable
(6.5.0-5.5)
|
|
|
Patches: Introduced by e82edcc75c4e2389a3d7223c4ef1737bd9a07e5d |
||
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| jammy |
Not vulnerable
(5.13.0-1005.6)
|
|
| trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
| upstream |
Released
(6.4~rc5)
|
|
| xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
| lunar |
Released
(6.2.0-1012.12)
|
|
| mantic |
Not vulnerable
(6.5.0-1005.5)
|
|
|
linux-ibm-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1033.36~20.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
|
linux-gcp-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Released
(6.2.0-1014.14~22.04.1)
|
|
| mantic |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
|
linux-azure-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Released
(6.2.0-1012.12~22.04.1)
|
|
| mantic |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
|
linux-azure-fde-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| jammy |
Released
(6.2.0-1012.12~22.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
|
linux-nvidia-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Released
(6.4~rc5)
|
|
| jammy |
Released
(6.2.0-1011.11)
|
|
|
linux-starfive-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| jammy |
Not vulnerable
(6.2.0-1006.7~22.04.1)
|
|
| upstream |
Released
(6.4~rc5)
|
|
|
linux-laptop Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
linux-oem-6.5 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.7 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21264
- https://source.android.com/docs/security/bulletin/2023-08-01
- https://git.kernel.org/linus/09cce60bddd6461a93a5bf434265a47827d1bc6f
- https://ubuntu.com/security/notices/USN-6383-1
- https://ubuntu.com/security/notices/USN-6466-1
- NVD
- Launchpad
- Debian