CVE-2023-3777
Publication date 3 August 2023
Last updated 9 October 2024
Ubuntu priority
Cvss 3 Severity Score
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
From the Ubuntu Security Team
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Read the notes from the security team
Why is this CVE high priority?
By using unprivileged user namespaces, this can be exploited to achieve local privilege escalation.
Mitigation
If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Fixed 5.15.0-82.91
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-allwinner | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-allwinner-5.19 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored end of kernel support, was needed | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Fixed 5.15.0-1043.48
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-aws-5.0 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored superseded by linux-hwe-5.3 | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-5.11 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-aws-5.13 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-5.13 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-aws-5.15 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 5.15.0-1043.48~20.04.1
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-5.19 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored superseded by linux-aws-6.2, was needs-triage | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-5.3 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored superseded by linux-hwe-5.4 | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-5.4 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-5.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-aws-5.11 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-6.2 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Fixed 6.2.0-1010.10~22.04.1
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-6.5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-6.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-fips | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws-hwe | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-azure | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Fixed 5.15.0-1045.52
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic | Ignored superseded by linux-azure-5.3 | |
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-azure-4.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-5.11 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-azure-5.13 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-5.13 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-azure-5.15 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 5.15.0-1045.52~20.04.1
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-5.19 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored superseded by linux-azure-6.2, was needs-triage | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-5.3 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored superseded by linux-azure-5.4 | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-5.4 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-5.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-azure-5.11 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-6.2 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored superseded by linux-azure-6.5, was needs-triage | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-6.5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-edge | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored superseded by linux-azure-5.3 | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-fde | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Fixed 5.15.0-1045.52.1
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-fde-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 5.15.0-1046.53~20.04.1.1
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-fde-5.19 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored superseded by linux-azure-fde-6.2, was needs-triage | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-fde-6.2 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored replaced by linux-azure-6.5, was needs-triage | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-azure-fips | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-bluefield | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-dell300x | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored end of standard support | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-fips | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Fixed 5.15.0-1040.48
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic | Ignored superseded by linux-gcp-5.3 | |
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-gcp-4.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-5.11 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-gcp-5.13 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-5.13 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-gcp-5.15 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 5.15.0-1040.48~20.04.1
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-5.19 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored superseded by linux-gcp-6.2, was needs-triage | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-5.3 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored superseded by linux-gcp-5.4 | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-5.4 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-5.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-gcp-5.11 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-6.2 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored superseded by linux-gcp-6.5, was needs-triage | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-6.5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-6.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gcp-fips | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Fixed 5.15.0-1040.45
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored end of standard support | |
14.04 LTS trusty | Not in release | |
linux-gke-4.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored superseded by linux-gke-5.0, was needs-triage | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke-5.0 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored end of standard support | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored end of kernel support, was needed | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke-5.3 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored end of standard support | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke-5.4 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored end of kernel support, was needs-triage | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gkeop | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Fixed 5.15.0-1026.31
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gkeop-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 5.15.0-1026.31~20.04.1
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gkeop-5.4 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored end of kernel support, was needs-triage | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored replaced by linux-hwe-5.4, was needs-triage | |
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-5.11 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-hwe-5.13 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe-5.13 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-hwe-5.15 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 5.15.0-82.91~20.04.1
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe-5.19 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored superseded by linux-hwe-6.2, was needed | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe-5.4 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe-5.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-hwe-5.11 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe-6.2 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Fixed 6.2.0-31.31~22.04.1
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe-6.5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe-6.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe-edge | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored superseded by linux-hwe-5.4 | |
16.04 LTS xenial | Ignored superseded by linux-hwe | |
14.04 LTS trusty | Not in release | |
linux-ibm | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Fixed 5.15.0-1036.39
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-ibm-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 5.15.0-1036.39~20.04.1
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-ibm-5.4 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-intel | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-intel-5.13 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored end of kernel support, was needs-triage | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-intel-iot-realtime | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-intel-iotg | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Fixed 5.15.0-1038.43
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-intel-iotg-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 5.15.0-1038.43~20.04.1
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-iot | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-kvm | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Fixed 5.15.0-1040.45
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-laptop | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lowlatency | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Fixed 5.15.0-82.91
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lowlatency-hwe-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 5.15.0-82.91~20.04.1
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lowlatency-hwe-5.19 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored superseded by linux-lowlatency-hwe-6.2, was needed | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lowlatency-hwe-6.2 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Fixed 6.2.0-1011.11~22.04.1
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lowlatency-hwe-6.5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lowlatency-hwe-6.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Not affected
|
|
linux-nvidia | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Fixed 5.15.0-1031.31
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-nvidia-6.2 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored superseded by linux-nvidia-6.5, was needs-triage | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-nvidia-6.5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-nvidia-6.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-nvidia-lowlatency | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored replaced by linux-hwe-5.4, was needs-triage | |
16.04 LTS xenial | Ignored end of standard support | |
14.04 LTS trusty | Not in release | |
linux-oem-5.10 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-oem-5.13, was needs-triage | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem-5.13 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-oem-5.14 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem-5.14 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored replaced by linux-hwe-5.15, was needs-triage | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem-5.17 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored superseded by linux-oem-6.1, was pending | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem-5.6 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-oem-5.10, was needs-triage | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem-6.0 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Fixed 6.0.0-1021.21
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem-6.1 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Fixed 6.1.0-1020.20
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem-6.5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem-6.8 | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem-osp1 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oracle | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Fixed 5.15.0-1041.47
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-oracle-5.0 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored superseded by linux-oracle-5.3 | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oracle-5.11 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-oracle-5.13 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oracle-5.13 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-oracle-5.15, was needs-triage | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oracle-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 5.15.0-1041.47~20.04.1
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oracle-5.3 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored superseded by linux-oracle-5.4 | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oracle-5.4 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oracle-5.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-oracle-5.11 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oracle-6.5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oracle-6.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Fixed 5.15.0-1036.39
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi-5.4 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi-realtime | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored replaced by linux-raspi | |
18.04 LTS bionic | Ignored end of standard support | |
16.04 LTS xenial | Ignored end of standard support | |
14.04 LTS trusty | Not in release | |
linux-raspi2-5.3 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored end of standard support | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-realtime | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored superseded by Ubuntu Pro ppa version | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-riscv | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy | Ignored end of kernel support, was needs-triage | |
20.04 LTS focal | Ignored superseded by linux-riscv-5.8 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-riscv-5.11 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-riscv-5.13 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-riscv-5.15 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 5.15.0-1039.43~20.04.2
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-riscv-5.19 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored end of kernel support, was needs-triage | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-riscv-5.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored superseded by linux-riscv-5.11 | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-riscv-6.5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-riscv-6.8 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-snapdragon | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored end of standard support | |
16.04 LTS xenial | Ignored end of standard support | |
14.04 LTS trusty | Not in release | |
linux-starfive | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-starfive-5.19 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored end of kernel support, was needs-triage | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-starfive-6.2 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-starfive-6.5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-xilinx-zynqmp | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Fixed 5.15.0-1025.29
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release |
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 · High |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6315-1
- Linux kernel vulnerabilities
- 29 August 2023
- USN-6316-1
- Linux kernel (OEM) vulnerabilities
- 29 August 2023
- USN-6318-1
- Linux kernel vulnerabilities
- 29 August 2023
- USN-6321-1
- Linux kernel vulnerabilities
- 30 August 2023
- USN-6325-1
- Linux kernel vulnerabilities
- 31 August 2023
- USN-6328-1
- Linux kernel (Oracle) vulnerabilities
- 31 August 2023
- USN-6330-1
- Linux kernel (GCP) vulnerabilities
- 31 August 2023
- USN-6332-1
- Linux kernel (Azure) vulnerabilities
- 31 August 2023
- USN-6348-1
- Linux kernel vulnerabilities
- 6 September 2023
- USN-6385-1
- Linux kernel (OEM) vulnerabilities
- 19 September 2023
- LSN-0098-1
- Kernel Live Patch Security Notice
- 10 October 2023
- LSN-0099-1
- Kernel Live Patch Security Notice
- 28 November 2023
Other references
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8
- https://google.github.io/security-research/kernelctf/rules
- https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230720071721.14777-1-pablo@netfilter.org/
- https://www.cve.org/CVERecord?id=CVE-2023-3777