CVE-2023-3777
Published: 3 August 2023
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
From the Ubuntu Security Team
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Notes
| Author | Note |
|---|---|
Priority reason: By using unprivileged user namespaces, this can be exploited to achieve local privilege escalation. |
|
| rodrigo-zaiden | Google kCTF submission |
Mitigation
If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-hwe Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| xenial |
Not vulnerable
(4.8.0-39.42~16.04.1)
|
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-37.41~18.04.1)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-hwe-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.11)
|
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-hwe-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.13)
|
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-hwe-5.15)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-hwe-5.15)
|
|
|
linux-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| focal |
Released
(5.15.0-82.91~20.04.1)
|
|
|
linux-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Needed
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(superseded by linux-hwe)
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
xenial |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Not vulnerable
(4.15.0-1002.2)
|
|
| focal |
Not vulnerable
(5.4.0-1004.4)
|
|
| upstream |
Released
(6.5~rc3)
|
|
| xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
| lunar |
Released
(6.2.0-1011.11)
|
|
| jammy |
Released
(5.15.0-1040.45)
|
|
|
linux-allwinner Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-allwinner-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Needed
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.3)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-hwe-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.4)
|
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1018.18~18.04.1)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-aws-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.11)
|
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-aws-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.13)
|
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-aws-5.15)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-aws-5.15)
|
|
|
linux-aws-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| focal |
Released
(5.15.0-1043.48~20.04.1)
|
|
|
linux-aws-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
| focal |
Not vulnerable
(5.4.0-1006.6)
|
|
| trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
| upstream |
Released
(6.5~rc3)
|
|
| xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
| jammy |
Released
(5.15.0-1045.52)
|
|
| lunar |
Released
(6.2.0-1010.10)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1082.92)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.4)
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1020.20~18.04.1)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-azure-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.11)
|
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-azure-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.13)
|
|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-azure-5.15)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-azure-5.15)
|
|
|
linux-azure-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| focal |
Released
(5.15.0-1045.52~20.04.1)
|
|
|
linux-azure-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1006.6)
|
|
| upstream |
Released
(6.5~rc3)
|
|
| jammy |
Released
(5.15.0-1045.52.1)
|
|
|
linux-azure-fde-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| focal |
Pending
|
|
|
linux-azure-fde-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Needs triage
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1007.10)
|
|
| upstream |
Released
(6.5~rc3)
|
|
| jammy |
Pending
|
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-azure-5.3)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-fips Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Ignored
(superseded by linux-gcp-5.3)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| upstream |
Released
(6.5~rc3)
|
|
| xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
| lunar |
Released
(6.2.0-1012.12)
|
|
| jammy |
Released
(5.15.0-1040.48)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(4.15.0-1071.81)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-gcp-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.4)
|
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1019.19~18.04.2)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-gcp-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.11)
|
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-gcp-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.13)
|
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-gcp-5.15)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gcp-5.15)
|
|
|
linux-gcp-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Released
(5.15.0-1040.48~20.04.1)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-gcp-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Released
(5.15.0-1040.45)
|
|
| focal |
Not vulnerable
(5.4.0-1033.35)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-gke-5.4)
|
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-gke-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| focal |
Ignored
(end of life, was needed)
|
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1008.9)
|
|
| jammy |
Released
(5.15.0-1026.31)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-gkeop-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Released
(5.15.0-1026.31~20.04.1)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-ibm Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1003.4)
|
|
| lunar |
Released
(6.2.0-1008.8)
|
|
| upstream |
Released
(6.5~rc3)
|
|
| jammy |
Released
(5.15.0-1036.39)
|
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1010.11~18.04.2)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| jammy |
Released
(5.15.0-1038.43)
|
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| focal |
Released
(5.15.0-1038.43~20.04.1)
|
|
|
linux-iot Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1001.3)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| lunar |
Released
(6.2.0-1011.11)
|
|
| jammy |
Released
(5.15.0-82.91)
|
|
|
linux-lowlatency-hwe-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| focal |
Released
(5.15.0-82.91~20.04.1)
|
|
|
linux-lowlatency-hwe-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Needed
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-nvidia Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| jammy |
Released
(5.15.0-1031.31)
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Not vulnerable
(4.15.0-1007.9)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| upstream |
Released
(6.5~rc3)
|
|
| xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
| jammy |
Released
(5.15.0-1041.47)
|
|
| lunar |
Released
(6.2.0-1010.10)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.3)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(superseded by linux-oracle-5.4)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.4)
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1019.19~18.04.1)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-oracle-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.11)
|
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-oracle-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oracle-5.13)
|
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-oracle-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| focal |
Released
(5.15.0-1041.47~20.04.1)
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-oem-5.14)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-oem-5.14)
|
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| jammy |
Ignored
(end of life, was pending)
|
|
|
linux-oem-6.0 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| jammy |
Released
(6.0.0-1021.21)
|
|
|
linux-oem-6.1 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| jammy |
Released
(6.1.0-1020.20)
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1007.7)
|
|
| upstream |
Released
(6.5~rc3)
|
|
| jammy |
Released
(5.15.0-1036.39)
|
|
| lunar |
Released
(6.2.0-1011.13)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Ignored
(replaced by linux-raspi)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-raspi2-5.4)
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| bionic |
Not vulnerable
(5.4.0-1013.13~18.04.1)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.8)
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Released
(6.2.0-31.31.1)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.11)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-riscv-5.11)
|
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Ignored
(superseded by linux-riscv-5.13)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Ignored
(superseded by linux-riscv-5.13)
|
|
|
linux-riscv-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| focal |
Released
(5.15.0-1039.43~20.04.2)
|
|
|
linux-riscv-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-starfive Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| lunar |
Released
(6.2.0-1003.3)
|
|
|
linux-starfive-5.19 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-xilinx-zynqmp Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1020.24)
|
|
| jammy |
Ignored
(end of life, was needs-triage)
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-16.19)
|
| focal |
Not vulnerable
(5.4.0-9.12)
|
|
| jammy |
Released
(5.15.0-82.91)
|
|
| trusty |
Not vulnerable
(3.11.0-12.19)
|
|
| upstream |
Released
(6.5~rc3)
|
|
| xenial |
Not vulnerable
(4.4.0-2.16)
|
|
| lunar |
Released
(6.2.0-31.31)
|
|
|
Patches: Introduced by d0e2c7de92c7f2b3d355ad76b0bb9fc43d1beb87 |
||
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
| upstream |
Released
(6.5~rc3)
|
|
| xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
| lunar |
Released
(6.2.0-1010.10)
|
|
| jammy |
Released
(5.15.0-1043.48)
|
|
|
linux-aws-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Released
(6.2.0-1010.10~22.04.1)
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
|
linux-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| jammy |
Released
(6.2.0-31.31~22.04.1)
|
|
|
linux-lowlatency-hwe-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Released
(6.5~rc3)
|
|
| jammy |
Released
(6.2.0-1011.11~22.04.1)
|
|
|
linux-ibm-5.15 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-gcp-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-azure-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-azure-fde-6.2 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3777
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8
- https://google.github.io/security-research/kernelctf/rules
- https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230720071721.14777-1-pablo@netfilter.org/
- https://ubuntu.com/security/notices/USN-6315-1
- https://ubuntu.com/security/notices/USN-6316-1
- https://ubuntu.com/security/notices/USN-6318-1
- https://ubuntu.com/security/notices/USN-6321-1
- https://ubuntu.com/security/notices/USN-6325-1
- https://ubuntu.com/security/notices/USN-6328-1
- https://ubuntu.com/security/notices/USN-6330-1
- https://ubuntu.com/security/notices/USN-6332-1
- https://ubuntu.com/security/notices/USN-6348-1
- https://ubuntu.com/security/notices/USN-6385-1
- NVD
- Launchpad
- Debian