CVE-2023-3390
Published: 28 June 2023
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.
From the Ubuntu Security Team
It was discovered that the netfilter subsystem in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Notes
| Author | Note |
|---|---|
| sbeattie | requires CAP_NET_ADMIN in any namespace |
Mitigation
If not needed, disable the ability for unprivileged users
to create namespaces. To do this temporarily, do:
sudo sysctl -w kernel.unprivileged_userns_clone=0
To disable across reboots, do:
echo kernel.unprivileged_userns_clone=0 | \
sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-hwe Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| xenial |
Released
(4.15.0-214.225~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Released
(5.4.0-155.172~18.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-hwe-5.11)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.11)
|
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-hwe-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.13)
|
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-hwe-5.15)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.15)
|
|
|
linux-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| focal |
Released
(5.15.0-78.85~20.04.1)
|
|
|
linux-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Released
(5.19.0-50.50)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
xenial |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| trusty |
Released
(4.4.0-243.277~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
linux-kvm Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Released
(4.15.0-1143.148)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Released
(6.2.0-1009.9)
|
|
| upstream |
Released
(6.4~rc7)
|
|
| jammy |
Released
(5.15.0-1038.43)
|
|
| focal |
Released
(5.4.0-1095.101)
|
|
| xenial |
Released
(4.4.0-1122.132)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
linux-allwinner Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Needed
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-allwinner-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Needed
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.3)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.4)
|
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| bionic |
Released
(5.4.0-1106.114~18.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-aws-5.11)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.11)
|
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-aws-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.13)
|
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-aws-5.15)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.15)
|
|
|
linux-aws-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| focal |
Released
(5.15.0-1040.45~20.04.1)
|
|
|
linux-aws-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Released
(5.19.0-1029.30~22.04.1)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| xenial |
Released
(4.15.0-1159.172~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Released
(6.2.0-1008.8)
|
|
| upstream |
Released
(6.4~rc7)
|
|
| jammy |
Released
(5.15.0-1042.49)
|
|
| focal |
Released
(5.4.0-1112.118)
|
|
| trusty |
Released
(4.15.0-1168.183~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| xenial |
Released
(4.15.0-1168.183~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| bionic |
Released
(4.15.0-1168.183)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.4)
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Released
(5.4.0-1112.118~18.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-azure-5.11)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.11)
|
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-azure-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.13)
|
|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-azure-5.15)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.15)
|
|
|
linux-azure-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| focal |
Released
(5.15.0-1042.49~20.04.1)
|
|
|
linux-azure-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Needed
|
|
| upstream |
Released
(6.4~rc7)
|
|
| jammy |
Released
(5.15.0-1042.49.1)
|
|
|
linux-azure-fde-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| focal |
Released
(5.15.0-1042.49~20.04.1.1)
|
|
|
linux-azure-fde-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Needs triage
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Needed
|
|
| jammy |
Needed
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-fips Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Ignored
(superseded by linux-gcp-5.3)
|
|
| focal |
Released
(5.4.0-1109.118)
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Released
(6.2.0-1010.10)
|
|
| upstream |
Released
(6.4~rc7)
|
|
| xenial |
Released
(4.15.0-1153.170~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| jammy |
Released
(5.15.0-1038.46)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Released
(4.15.0-1153.170)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-gcp-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.4)
|
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Released
(5.4.0-1109.118~18.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-gcp-5.11)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.11)
|
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-gcp-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.13)
|
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-gcp-5.15)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.15)
|
|
|
linux-gcp-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| focal |
Released
(5.15.0-1038.46~20.04.1)
|
|
|
linux-gcp-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Released
(5.19.0-1030.32~22.04.1)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Released
(5.4.0-1104.111)
|
|
| upstream |
Released
(6.4~rc7)
|
|
| jammy |
Released
(5.15.0-1038.43)
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gke-5.4)
|
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-gke-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| focal |
Released
(5.15.0-1038.43~20.04.1)
|
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Released
(5.4.0-1073.77)
|
|
| upstream |
Released
(6.4~rc7)
|
|
| jammy |
Released
(5.15.0-1024.29)
|
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-gkeop-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| focal |
Released
(5.15.0-1024.29~20.04.1)
|
|
|
linux-ibm Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Released
(5.4.0-1053.58)
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Released
(6.2.0-1006.6)
|
|
| upstream |
Released
(6.4~rc7)
|
|
| jammy |
Released
(5.15.0-1034.37)
|
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Released
(5.4.0-1053.58~18.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| jammy |
Released
(5.15.0-1036.41)
|
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Released
(5.15.0-1036.41~20.04.1)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-iot Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Released
(5.4.0-1018.19)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Released
(6.2.0-1009.9)
|
|
| upstream |
Released
(6.4~rc7)
|
|
| jammy |
Released
(5.15.0-78.85)
|
|
|
linux-lowlatency-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| focal |
Released
(5.15.0-78.85~20.04.1)
|
|
|
linux-lowlatency-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Needed
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-nvidia Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Released
(5.15.0-1029.29)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Ignored
(was needed ESM criteria)
|
|
| focal |
Released
(5.4.0-1105.114)
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Released
(6.2.0-1008.8)
|
|
| upstream |
Released
(6.4~rc7)
|
|
| xenial |
Released
(4.15.0-1122.133~16.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| jammy |
Released
(5.15.0-1039.45)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.3)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.4)
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Released
(5.4.0-1105.114~18.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-oracle-5.11)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.11)
|
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-oracle-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.13)
|
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-oracle-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
| focal |
Released
(5.15.0-1039.45~20.04.1)
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-oem-5.14)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oem-5.14)
|
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needed)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-oem-6.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Released
(6.0.0-1021.21)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-oem-6.1 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Released
(6.1.0-1019.19)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Released
(5.4.0-1090.101)
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Released
(6.2.0-1009.11)
|
|
| upstream |
Released
(6.4~rc7)
|
|
| jammy |
Released
(5.15.0-1034.37)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Ignored
(replaced by linux-raspi)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-raspi2-5.4)
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Released
(5.4.0-1090.101~18.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.8)
|
|
| jammy |
Ignored
(was needs-triage now end-of-life)
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Needed
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.11)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-riscv-5.11)
|
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.13)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-riscv-5.13)
|
|
|
linux-riscv-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Released
(5.15.0-1037.41~20.04.2)
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-riscv-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Needed
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-starfive Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Needed
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-starfive-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Needed
|
|
| upstream |
Released
(6.4~rc7)
|
|
|
linux-xilinx-zynqmp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(was needs-triage now end-of-life)
|
|
| upstream |
Released
(6.4~rc7)
|
|
| focal |
Released
(5.4.0-1026.30)
|
|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-214.225)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
| focal |
Released
(5.4.0-155.172)
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Released
(6.2.0-26.26)
|
|
| trusty |
Not vulnerable
(3.11.0-12.19)
|
|
| upstream |
Released
(6.4~rc7)
|
|
| xenial |
Released
(4.4.0-243.277)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| jammy |
Released
(5.15.0-78.85)
|
|
|
Patches: Introduced by 958bee14d0718ca7a5002c0f48a099d1d345812a |
||
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1159.172)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
| focal |
Released
(5.4.0-1106.114)
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Released
(6.2.0-1008.8)
|
|
| trusty |
Released
(4.4.0-1121.127)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(6.4~rc7)
|
|
| xenial |
Released
(4.4.0-1159.174)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| jammy |
Released
(5.15.0-1040.45)
|
|
|
linux-aws-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-lowlatency-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-ibm-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-gcp-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-azure-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-azure-fde-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390
- https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97
- https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97
- https://ubuntu.com/security/notices/USN-6246-1
- https://ubuntu.com/security/notices/USN-6250-1
- https://ubuntu.com/security/notices/USN-6251-1
- https://ubuntu.com/security/notices/USN-6252-1
- https://ubuntu.com/security/notices/USN-6254-1
- https://ubuntu.com/security/notices/USN-6255-1
- https://ubuntu.com/security/notices/USN-6260-1
- https://ubuntu.com/security/notices/USN-6261-1
- https://ubuntu.com/security/notices/USN-6285-1
- https://ubuntu.com/security/notices/USN-6385-1
- NVD
- Launchpad
- Debian