Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-32233

Published: 8 May 2023

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

From the Ubuntu Security Team

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Notes

AuthorNote
cascardo
requires CAP_NET_ADMIN, however this can be done within a new
user namespace and network namespace - so can be mitigated by disabling
unprivileged user namespaces.

Mitigation

If not needed, disable the ability for unprivileged users
to create namespaces. To do this temporarily, do:
  sudo sysctl -w kernel.unprivileged_userns_clone=0
To disable across reboots, do:
  echo kernel.unprivileged_userns_clone=0 | \
  sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf

Priority

High

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
linux-nvidia
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

kinetic Does not exist

lunar Does not exist

upstream
Released (6.4~rc1)
jammy
Released (5.15.0-1026.26)
mantic Does not exist

noble Needs triage

linux-gkeop-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

upstream
Released (6.4~rc1)
focal
Released (5.15.0-1021.26~20.04.1)
mantic Does not exist

noble Does not exist

linux-aws-5.19
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

kinetic Does not exist

lunar Does not exist

upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-gcp-5.19
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

kinetic Does not exist

lunar Does not exist

upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-riscv-5.19
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

kinetic Does not exist

lunar Does not exist

upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-allwinner
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Does not exist

kinetic Not vulnerable

lunar Not vulnerable

upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-allwinner-5.19
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

kinetic Does not exist

lunar Does not exist

upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-starfive
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Does not exist

kinetic Not vulnerable

upstream
Released (6.4~rc1)
lunar
Released (6.2.0-1002.2)
mantic Needed

noble Does not exist

linux-starfive-5.19
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

kinetic Does not exist

lunar Does not exist

upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-xilinx-zynqmp
Launchpad, Ubuntu, Debian
focal
Released (5.4.0-1024.28)
upstream
Released (6.4~rc1)
bionic Does not exist

jammy Not vulnerable

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

noble Does not exist

linux-iot
Launchpad, Ubuntu, Debian
focal
Released (5.4.0-1017.18)
bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-aws-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

lunar Does not exist

jammy Not vulnerable
(6.2.0-1005.5~22.04.1)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-hwe-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

lunar Does not exist

jammy Not vulnerable
(6.2.0-25.25~22.04.2)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-lowlatency-hwe-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

lunar Does not exist

jammy Not vulnerable
(6.2.0-1008.8~22.04.1)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-ibm-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

jammy Does not exist

lunar Does not exist

focal Not vulnerable
(5.15.0-1033.36~20.04.1)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-gcp-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

lunar Does not exist

jammy Not vulnerable
(6.2.0-1009.9~22.04.3)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-azure-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

lunar Does not exist

jammy Not vulnerable
(6.2.0-1005.5~22.04.1)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-azure-fde-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

lunar Does not exist

jammy Not vulnerable
(6.2.0-1005.5~22.04.1)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-azure-5.19
Launchpad, Ubuntu, Debian
jammy Ignored
(superseded by linux-azure-6.2, was pending [5.19.0-1027.30~22.04.2])
bionic Does not exist

focal Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-aws-5.15
Launchpad, Ubuntu, Debian
lunar Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

jammy Does not exist

kinetic Does not exist

upstream
Released (6.4~rc1)
focal
Released (5.15.0-1037.41~20.04.1)
mantic Does not exist

noble Does not exist

linux-aws-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

upstream
Released (6.4~rc1)
bionic
Released (5.4.0-1103.111~18.04.1)
mantic Does not exist

noble Does not exist

linux-aws-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.11)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.11)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial
Released (4.15.0-1157.170~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
mantic Does not exist

noble Does not exist

linux-azure
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.3)
lunar
Released (6.2.0-1005.5)
trusty
Released (4.15.0-1166.181~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream
Released (6.4~rc1)
focal
Released (5.4.0-1109.115)
xenial
Released (4.15.0-1166.181~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
jammy
Released (5.15.0-1039.46)
kinetic
Released (5.19.0-1027.30)
mantic Not vulnerable
(6.5.0-1004.4)
noble Not vulnerable
(6.5.0-1004.4)
linux-azure-4.15
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

upstream
Released (6.4~rc1)
bionic
Released (4.15.0-1166.181)
mantic Does not exist

noble Does not exist

linux-azure-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.13)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.13)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-azure-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.15)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.15)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-azure-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

upstream
Released (6.4~rc1)
focal
Released (5.15.0-1039.46~20.04.1)
mantic Does not exist

noble Does not exist

linux-azure-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.4)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-azure-5.4
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

bionic
Released (5.4.0-1109.115~18.04.1)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-azure-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.11)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.11)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-azure-fde
Launchpad, Ubuntu, Debian
trusty Does not exist

bionic Does not exist

jammy
Released (5.15.0-1039.46)
kinetic Does not exist

lunar Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

focal Ignored
(superseded by linux-azure-fde-5.15, was pending [5.4.0-1109.115])
noble Does not exist

linux-azure-fde-5.15
Launchpad, Ubuntu, Debian
kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

jammy Does not exist

focal
Released (5.15.0-1039.46~20.04.1)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-azure-fde-5.19
Launchpad, Ubuntu, Debian
trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable
(5.19.0-1027.30~22.04.2)
kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

linux-bluefield
Launchpad, Ubuntu, Debian
bionic Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

jammy
Released (5.15.0-1017.19)
focal
Released (5.4.0-1064.70)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-dell300x
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(end of standard support, was needed)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-fips
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Ignored
(end of standard support)
xenial Ignored
(end of standard support)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-gcp
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gcp-5.3)
trusty Does not exist

upstream
Released (6.4~rc1)
xenial
Released (4.15.0-1151.167~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
focal
Released (5.4.0-1106.115)
kinetic
Released (5.19.0-1025.27)
lunar
Released (6.2.0-1007.7)
jammy
Released (5.15.0-1035.43)
mantic Not vulnerable
(6.5.0-1004.4)
noble Not vulnerable
(6.5.0-1004.4)
linux-gcp-4.15
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1151.167)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-gcp-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.13)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.13)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-gcp-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.15)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.15)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-gcp-5.15
Launchpad, Ubuntu, Debian
upstream
Released (6.4~rc1)
bionic Does not exist

focal
Released (5.15.0-1035.43~20.04.1)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

noble Does not exist

linux-gcp-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gcp-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.4)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-gcp-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1106.115~18.04.1)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-gcp-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.11)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.11)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-gke
Launchpad, Ubuntu, Debian
focal
Released (5.4.0-1100.107)
jammy
Released (5.15.0-1034.39)
upstream
Released (6.4~rc1)
bionic Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Ignored
(end of standard support)
mantic Does not exist

noble Needs triage

linux-gke-4.15
Launchpad, Ubuntu, Debian
upstream
Released (6.4~rc1)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

bionic Ignored
(superseded by linux-gke-5.0, was needs-triage)
noble Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
upstream
Released (6.4~rc1)
xenial Does not exist

bionic Ignored
(end of standard support)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

mantic Does not exist

noble Does not exist

linux-gke-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1034.39~20.04.1)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(end of standard support)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gke-5.4)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-gke-5.4
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

bionic Ignored
(end of kernel support, was needs-triage)
noble Does not exist

linux-gkeop
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1070.74)
kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

jammy
Released (5.15.0-1021.26)
mantic Does not exist

noble Does not exist

linux-gkeop-5.4
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

bionic Ignored
(end of kernel support, was needs-triage)
noble Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
upstream
Released (6.4~rc1)
xenial
Released (4.15.0-212.223~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
bionic Ignored
(replaced by linux-hwe-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

mantic Does not exist

noble Does not exist

linux-hwe-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.13)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.13)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-hwe-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.15)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.15)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-hwe-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

focal
Released (5.15.0-73.80~20.04.1)
mantic Does not exist

noble Does not exist

linux-hwe-5.19
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

jammy
Released (5.19.0-43.44~22.04.1)
mantic Does not exist

noble Does not exist

linux-hwe-5.4
Launchpad, Ubuntu, Debian
upstream
Released (6.4~rc1)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

bionic
Released (5.4.0-150.167~18.04.1)
mantic Does not exist

noble Does not exist

linux-hwe-5.8
Launchpad, Ubuntu, Debian
focal Ignored
(superseded by linux-hwe-5.11)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

upstream Ignored
(superseded by linux-hwe-5.11)
bionic Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

noble Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-hwe-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Ignored
(superseded by linux-hwe)
mantic Does not exist

noble Does not exist

linux-ibm
Launchpad, Ubuntu, Debian
bionic Does not exist

jammy
Released (5.15.0-1031.34)
lunar
Released (6.2.0-1003.3)
trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

kinetic
Released (5.19.0-1023.25)
focal
Released (5.4.0-1050.55)
mantic Not vulnerable
(6.5.0-1005.5)
noble Not vulnerable
(6.5.0-1005.5)
linux-ibm-5.4
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

bionic
Released (5.4.0-1050.55~18.04.1)
mantic Does not exist

noble Does not exist

linux-intel-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

focal Ignored
(end of kernel support, was needs-triage)
noble Does not exist

linux-intel-iotg
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

jammy
Released (5.15.0-1031.36)
mantic Does not exist

noble Does not exist

linux-intel-iotg-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

upstream
Released (6.4~rc1)
focal
Released (5.15.0-1031.36~20.04.1)
mantic Does not exist

noble Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1141.146)
lunar
Released (6.2.0-1006.6)
trusty Does not exist

upstream
Released (6.4~rc1)
xenial
Released (4.4.0-1120.130)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
focal
Released (5.4.0-1092.98)
jammy
Released (5.15.0-1034.39)
kinetic
Released (5.19.0-1024.25)
mantic Does not exist

noble Does not exist

linux-lowlatency
Launchpad, Ubuntu, Debian
lunar
Released (6.2.0-1005.5)
upstream
Released (6.4~rc1)
bionic Does not exist

focal Does not exist

trusty Does not exist

xenial Does not exist

kinetic
Released (5.19.0-1025.26)
jammy
Released (5.15.0-73.80)
mantic Not vulnerable
(6.3.0-7.7.1)
noble Not vulnerable
(6.3.0-7.7.1)
linux-lowlatency-hwe-5.15
Launchpad, Ubuntu, Debian
upstream
Released (6.4~rc1)
bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

focal
Released (5.15.0-73.80~20.04.1)
mantic Does not exist

noble Does not exist

linux-lowlatency-hwe-5.19
Launchpad, Ubuntu, Debian
upstream
Released (6.4~rc1)
bionic Does not exist

focal Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

jammy
Released (5.19.0-1025.26~22.04.1)
mantic Does not exist

noble Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty
Released (4.4.0-241.275~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-oem
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Ignored
(end of standard support)
upstream
Released (6.4~rc1)
mantic Does not exist

bionic Ignored
(replaced by linux-hwe-5.4, was needs-triage)
noble Does not exist

linux-oem-5.10
Launchpad, Ubuntu, Debian
upstream
Released (6.4~rc1)
bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

focal Ignored
(superseded by linux-oem-5.13, was needs-triage)
noble Does not exist

linux-oem-5.14
Launchpad, Ubuntu, Debian
upstream
Released (6.4~rc1)
bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

focal Ignored
(replaced by linux-hwe-5.15, was needs-triage)
mantic Does not exist

noble Does not exist

linux-oem-5.17
Launchpad, Ubuntu, Debian
kinetic Ignored
(end of life, was needs-triage)
trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

bionic Does not exist

focal Does not exist

lunar Does not exist

jammy
Released (5.17.0-1032.33)
mantic Does not exist

noble Does not exist

linux-oem-5.6
Launchpad, Ubuntu, Debian
bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

focal Ignored
(superseded by linux-oem-5.10, was needs-triage)
noble Does not exist

linux-oem-6.0
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

jammy
Released (6.0.0-1017.17)
mantic Does not exist

noble Does not exist

linux-oem-6.1
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

jammy
Released (6.1.0-1013.13)
mantic Does not exist

noble Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
bionic Ignored
(end of standard support, was needs-triage)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1120.131)
jammy
Released (5.15.0-1036.42)
lunar
Released (6.2.0-1005.5)
trusty Does not exist

upstream
Released (6.4~rc1)
focal
Released (5.4.0-1102.111)
xenial
Released (4.15.0-1120.131~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
kinetic
Released (5.19.0-1024.27)
mantic Not vulnerable
(6.5.0-1005.5)
noble Not vulnerable
(6.5.0-1005.5)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-oracle-5.3)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-oracle-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oracle-5.13)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.13)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-oracle-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

focal Ignored
(superseded by linux-oracle-5.15, was needs-triage)
noble Does not exist

linux-oracle-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

focal
Released (5.15.0-1036.42~20.04.1)
mantic Does not exist

noble Does not exist

linux-oracle-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-oracle-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.4)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-oracle-5.4
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

upstream
Released (6.4~rc1)
bionic
Released (5.4.0-1102.111~18.04.1)
mantic Does not exist

noble Does not exist

linux-oracle-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oracle-5.11)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.11)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-raspi
Launchpad, Ubuntu, Debian
bionic Does not exist

trusty Does not exist

xenial Does not exist

focal
Released (5.4.0-1086.97)
lunar
Released (6.2.0-1006.8)
upstream
Released (6.4~rc1)
jammy
Released (5.15.0-1030.32)
kinetic
Released (5.19.0-1019.26)
mantic Not vulnerable
(6.5.0-1002.2)
noble Not vulnerable
(6.5.0-1002.2)
linux-raspi-5.4
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

bionic Pending
(5.4.0-1086.97~18.04.1)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
focal Ignored
(replaced by linux-raspi)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Ignored
(end of standard support)
bionic Ignored
(end of standard support, was needed)
upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-raspi2-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(end of standard support)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-raspi2-5.4)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-riscv
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.8)
kinetic
Released (5.19.0-1019.21)
trusty Does not exist

xenial Does not exist

lunar
Released (6.2.0-23.23.1)
upstream
Released (6.4~rc1)
mantic Needed

jammy Ignored
(end of kernel support, was needs-triage)
noble Needed

linux-riscv-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.15.0-1034.38~20.04.1)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Ignored
(end of standard support)
upstream
Released (6.4~rc1)
bionic
Released (4.15.0-1151.161)
mantic Does not exist

noble Does not exist

linux-aws-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-aws-5.3)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

xenial Does not exist

upstream
Released (6.4~rc1)
mantic Does not exist

noble Does not exist

linux-aws-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

trusty Does not exist

xenial Does not exist

focal Ignored
(superseded by linux-aws-5.13)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

upstream Ignored
(superseded by linux-aws-5.13)
mantic Does not exist

noble Does not exist

linux-aws-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-aws-5.4)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.4)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-aws-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.15)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.15)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.3)
focal Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream
Released (6.4~rc1)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-oem-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oem-5.14)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oem-5.14)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-riscv-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.13)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-riscv-5.13)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux-riscv-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.11)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-riscv-5.11)
xenial Does not exist

mantic Does not exist

noble Does not exist

linux
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-212.223)
focal
Released (5.4.0-150.167)
jammy
Released (5.15.0-73.80)
kinetic
Released (5.19.0-43.44)
trusty Needed

upstream
Released (6.4~rc1)
xenial
Released (4.4.0-241.275)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
lunar
Released (6.2.0-23.23)
mantic Not vulnerable
(6.3.0-7.7)
noble Not vulnerable
(6.3.0-7.7)
Patches:
Introduced by

20a69341f2d00cd042e81c82289fba8a13c05a25

Fixed by c1592a89942e9678f7d9c8030efa777c0d57edab
linux-aws
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1157.170)
lunar
Released (6.2.0-1005.5)
trusty
Released (4.4.0-1119.125)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream
Released (6.4~rc1)
xenial
Released (4.4.0-1157.172)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
focal
Released (5.4.0-1103.111)
jammy
Released (5.15.0-1037.41)
kinetic
Released (5.19.0-1026.27)
mantic Not vulnerable
(6.5.0-1005.5)
noble Not vulnerable
(6.5.0-1005.5)
linux-nvidia-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

mantic Does not exist

upstream Ignored
(superseded by linux-nvidia-6.5, was needs-triage)
noble Does not exist

linux-starfive-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

mantic Does not exist

upstream Ignored
(superseded by linux-starfive-6.5, was needs-triage)
noble Does not exist

linux-laptop
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Does not exist

lunar Does not exist

mantic Not vulnerable

upstream Needs triage

noble Does not exist

linux-oem-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

mantic Does not exist

upstream Needs triage

noble Does not exist

linux-hwe-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

mantic Does not exist

upstream Needs triage

noble Does not exist

linux-lowlatency-hwe-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

mantic Does not exist

upstream Needs triage

noble Does not exist

linux-riscv-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Needed

mantic Does not exist

upstream Needs triage

noble Does not exist

linux-starfive-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Needed

mantic Does not exist

upstream Needs triage

noble Does not exist

linux-aws-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

mantic Does not exist

upstream Needs triage

noble Does not exist

linux-azure-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

mantic Does not exist

upstream Needs triage

noble Does not exist

linux-gcp-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

mantic Does not exist

upstream Needs triage

noble Does not exist

linux-oracle-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

mantic Does not exist

upstream Needs triage

noble Does not exist

linux-nvidia-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

mantic Does not exist

upstream Needs triage

noble Does not exist

linux-aws-fips
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

linux-azure-fips
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

linux-gcp-fips
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

linux-oem-6.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Does not exist

mantic Does not exist

noble Not vulnerable

upstream Needs triage

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H