CVE-2023-32233
Published: 8 May 2023
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
From the Ubuntu Security Team
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Notes
| Author | Note |
|---|---|
| cascardo | requires CAP_NET_ADMIN, however this can be done within a new user namespace and network namespace - so can be mitigated by disabling unprivileged user namespaces. |
Mitigation
If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-nvidia Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Pending
(5.15.0-1026.26)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-gkeop-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Pending
(5.15.0-1021.26~20.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-aws-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-gcp-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-riscv-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-allwinner Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Not vulnerable
|
|
| lunar |
Not vulnerable
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-allwinner-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-starfive Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Not vulnerable
|
|
| lunar |
Pending
(6.2.0-1002.2)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-starfive-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-xilinx-zynqmp Launchpad, Ubuntu, Debian |
focal |
Released
(5.4.0-1024.28)
|
| upstream |
Released
(6.4~rc1)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-iot Launchpad, Ubuntu, Debian |
focal |
Released
(5.4.0-1017.18)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-aws-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
(6.2.0-1005.5~22.04.1)
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
(6.2.0-25.25~22.04.2)
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-lowlatency-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
(6.2.0-1008.8~22.04.1)
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-ibm-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.15.0-1033.36~20.04.1)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-gcp-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
(6.2.0-1009.9~22.04.3)
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-azure-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Not vulnerable
(6.2.0-1005.5~22.04.1)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-azure-fde-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Not vulnerable
(6.2.0-1005.5~22.04.1)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-azure-5.19 Launchpad, Ubuntu, Debian |
jammy |
Ignored
(end of life, was pending [5.19.0-1027.30~22.04.2])
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-aws-5.15 Launchpad, Ubuntu, Debian |
lunar |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| focal |
Released
(5.15.0-1037.41~20.04.1)
|
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| bionic |
Released
(5.4.0-1103.111~18.04.1)
|
|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-aws-5.11)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.11)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Released
(4.15.0-1157.170~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
| lunar |
Released
(6.2.0-1005.5)
|
|
| trusty |
Released
(4.15.0-1166.181~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(6.4~rc1)
|
|
| focal |
Released
(5.4.0-1109.115)
|
|
| xenial |
Released
(4.15.0-1166.181~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| jammy |
Released
(5.15.0-1039.46)
|
|
| kinetic |
Released
(5.19.0-1027.30)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| bionic |
Released
(4.15.0-1166.181)
|
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-azure-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.13)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-azure-5.15)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.15)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| focal |
Released
(5.15.0-1039.46~20.04.1)
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.4)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.4)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Released
(5.4.0-1109.115~18.04.1)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-azure-5.11)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.11)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Released
(5.15.0-1039.46)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| focal |
Ignored
(end of life, was pending [5.4.0-1109.115])
|
|
|
linux-azure-fde-5.15 Launchpad, Ubuntu, Debian |
kinetic |
Does not exist
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| focal |
Released
(5.15.0-1039.46~20.04.1)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-azure-fde-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
(5.19.0-1027.30~22.04.2)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| jammy |
Pending
|
|
| focal |
Released
(5.4.0-1064.70)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support, was needed)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-fips Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Ignored
(end of standard support)
|
|
| xenial |
Ignored
(end of standard support)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gcp-5.3)
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Released
(4.15.0-1151.167~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| focal |
Released
(5.4.0-1106.115)
|
|
| kinetic |
Released
(5.19.0-1025.27)
|
|
| lunar |
Released
(6.2.0-1007.7)
|
|
| jammy |
Released
(5.15.0-1035.43)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1151.167)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-gcp-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.13)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-gcp-5.15)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.15)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-5.15 Launchpad, Ubuntu, Debian |
upstream |
Released
(6.4~rc1)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Released
(5.15.0-1035.43~20.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gcp-5.4)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.4)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1106.115~18.04.1)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-gcp-5.11)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.11)
|
|
| xenial |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
focal |
Released
(5.4.0-1100.107)
|
| jammy |
Released
(5.15.0-1034.39)
|
|
| upstream |
Released
(6.4~rc1)
|
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| upstream |
Released
(6.4~rc1)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
upstream |
Released
(6.4~rc1)
|
| xenial |
Does not exist
|
|
| trusty |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-gke-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Released
(5.15.0-1034.39~20.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gke-5.4)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Released
(5.4.0-1070.74)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
| jammy |
Released
(5.15.0-1021.26)
|
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(6.4~rc1)
|
| xenial |
Released
(4.15.0-212.223~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| trusty |
Does not exist
|
|
| bionic |
Ignored
(replaced by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-hwe-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.13)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-hwe-5.15)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.15)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
| focal |
Released
(5.15.0-73.80~20.04.1)
|
|
|
linux-hwe-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
| jammy |
Released
(5.19.0-43.44~22.04.1)
|
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
upstream |
Released
(6.4~rc1)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Released
(5.4.0-150.167~18.04.1)
|
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
focal |
Ignored
(superseded by linux-hwe-5.11)
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.11)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-hwe-5.4)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
|
linux-ibm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| jammy |
Released
(5.15.0-1031.34)
|
|
| lunar |
Released
(6.2.0-1003.3)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
| kinetic |
Released
(5.19.0-1023.25)
|
|
| focal |
Released
(5.4.0-1050.55)
|
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
| bionic |
Released
(5.4.0-1050.55~18.04.1)
|
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
| jammy |
Released
(5.15.0-1031.36)
|
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| focal |
Released
(5.15.0-1031.36~20.04.1)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1141.146)
|
| lunar |
Released
(6.2.0-1006.6)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Released
(4.4.0-1120.130)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| focal |
Released
(5.4.0-1092.98)
|
|
| jammy |
Released
(5.15.0-1034.39)
|
|
| kinetic |
Released
(5.19.0-1024.25)
|
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
lunar |
Released
(6.2.0-1005.5)
|
| upstream |
Released
(6.4~rc1)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Released
(5.19.0-1025.26)
|
|
| jammy |
Released
(5.15.0-73.80)
|
|
|
linux-lowlatency-hwe-5.15 Launchpad, Ubuntu, Debian |
upstream |
Released
(6.4~rc1)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Released
(5.15.0-73.80~20.04.1)
|
|
|
linux-lowlatency-hwe-5.19 Launchpad, Ubuntu, Debian |
upstream |
Released
(6.4~rc1)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Released
(5.19.0-1025.26~22.04.1)
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Released
(4.4.0-241.275~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(end of standard support)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
focal |
Ignored
(end of life, was needs-triage)
|
| upstream |
Released
(6.4~rc1)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
upstream |
Released
(6.4~rc1)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Released
(5.17.0-1032.33)
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oem-6.0 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
| jammy |
Released
(6.0.0-1017.17)
|
|
|
linux-oem-6.1 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
| jammy |
Released
(6.1.0-1013.13)
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needs-triage)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1120.131)
|
| jammy |
Released
(5.15.0-1036.42)
|
|
| lunar |
Released
(6.2.0-1005.5)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| focal |
Released
(5.4.0-1102.111)
|
|
| xenial |
Released
(4.15.0-1120.131~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| kinetic |
Released
(5.19.0-1024.27)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-oracle-5.3)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-oracle-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.13)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
| focal |
Released
(5.15.0-1036.42~20.04.1)
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-oracle-5.4)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.4)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| bionic |
Released
(5.4.0-1102.111~18.04.1)
|
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-oracle-5.11)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.11)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| focal |
Released
(5.4.0-1086.97)
|
|
| lunar |
Released
(6.2.0-1006.8)
|
|
| upstream |
Released
(6.4~rc1)
|
|
| jammy |
Released
(5.15.0-1030.32)
|
|
| kinetic |
Released
(5.19.0-1019.26)
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Pending
(5.4.0-1086.97~18.04.1)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
focal |
Ignored
(replaced by linux-raspi)
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Ignored
(end of standard support, was needed)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-raspi2-5.4)
|
|
| xenial |
Does not exist
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Ignored
(superseded by linux-riscv-5.8)
|
|
| kinetic |
Released
(5.19.0-1019.21)
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Released
(6.2.0-23.23.1)
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-riscv-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Released
(5.15.0-1034.38~20.04.1)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(end of standard support)
|
|
| upstream |
Released
(6.4~rc1)
|
|
| bionic |
Released
(4.15.0-1151.161)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-aws-5.3)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-aws-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.4)
|
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-aws-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.13)
|
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-aws-5.15)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.15)
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc1)
|
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-oem-5.14)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oem-5.14)
|
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.11)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-riscv-5.11)
|
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-riscv-5.13)
|
|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-212.223)
|
| focal |
Released
(5.4.0-150.167)
|
|
| jammy |
Released
(5.15.0-73.80)
|
|
| kinetic |
Released
(5.19.0-43.44)
|
|
| trusty |
Needed
|
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Released
(4.4.0-241.275)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| lunar |
Released
(6.2.0-23.23)
|
|
|
Patches: Introduced by 20a69341f2d00cd042e81c82289fba8a13c05a25 |
||
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1157.170)
|
| lunar |
Released
(6.2.0-1005.5)
|
|
| trusty |
Released
(4.4.0-1119.125)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(6.4~rc1)
|
|
| xenial |
Released
(4.4.0-1157.172)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| focal |
Released
(5.4.0-1103.111)
|
|
| jammy |
Released
(5.15.0-1037.41)
|
|
| kinetic |
Released
(5.19.0-1026.27)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32233
- https://www.openwall.com/lists/oss-security/2023/05/08/4
- https://www.openwall.com/lists/oss-security/2023/05/15/5
- https://ubuntu.com/security/notices/USN-6122-1
- https://ubuntu.com/security/notices/USN-6123-1
- https://ubuntu.com/security/notices/USN-6124-1
- https://ubuntu.com/security/notices/USN-6127-1
- https://ubuntu.com/security/notices/USN-6130-1
- https://ubuntu.com/security/notices/USN-6131-1
- https://ubuntu.com/security/notices/USN-6132-1
- https://ubuntu.com/security/notices/USN-6135-1
- https://ubuntu.com/security/notices/USN-6149-1
- https://ubuntu.com/security/notices/USN-6150-1
- https://ubuntu.com/security/notices/USN-6162-1
- https://ubuntu.com/security/notices/USN-6175-1
- https://ubuntu.com/security/notices/USN-6186-1
- https://ubuntu.com/security/notices/USN-6222-1
- https://ubuntu.com/security/notices/USN-6256-1
- NVD
- Launchpad
- Debian