CVE-2024-56581

Publication date 27 December 2024

Last updated 28 March 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.8 · High

Score breakdown

In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At btrfs_ref_tree_mod() after we successfully inserted the new ref entry (local variable ‘ref’) into the respective block entry’s rbtree (local variable ‘be’), if we find an unexpected action of BTRFS_DROP_DELAYED_REF, we error out and free the ref entry without removing it from the block entry’s rbtree. Then in the error path of btrfs_ref_tree_mod() we call btrfs_free_ref_cache(), which iterates over all block entries and then calls free_block_entry() for each one, and there we will trigger a use-after-free when we are called against the block entry to which we added the freed ref entry to its rbtree, since the rbtree still points to the block entry, as we didn’t remove it from the rbtree before freeing it in the error path at btrfs_ref_tree_mod(). Fix this by removing the new ref entry from the rbtree before freeing it. Syzbot report this with the following stack traces: BTRFS error (device loop0 state EA): Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615 __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523 update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_insert_empty_items+0x9c/0x1a0 fs/btrfs/ctree.c:4314 btrfs_insert_empty_item fs/btrfs/ctree.h:669 [inline] btrfs_insert_orphan_item+0x1f1/0x320 fs/btrfs/orphan.c:23 btrfs_orphan_add+0x6d/0x1a0 fs/btrfs/inode.c:3482 btrfs_unlink+0x267/0x350 fs/btrfs/inode.c:4293 vfs_unlink+0x365/0x650 fs/namei.c:4469 do_unlinkat+0x4ae/0x830 fs/namei.c:4533 __do_sys_unlinkat fs/namei.c:4576 [inline] __se_sys_unlinkat fs/namei.c:4569 [inline] __x64_sys_unlinkat+0xcc/0xf0 fs/namei.c:4569 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f BTRFS error (device loop0 state EA): Ref action 1, root 5, ref_root 5, parent 0, owner 260, offset 0, num_refs 1 __btrfs_mod_ref+0x76b/0xac0 fs/btrfs/extent-tree.c:2521 update_ref_for_cow+0x96a/0x11f0 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411 __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030 btrfs_update_delayed_inode fs/btrfs/delayed-inode.c:1114 [inline] __btrfs_commit_inode_delayed_items+0x2318/0x24a0 fs/btrfs/delayed-inode.c:1137 __btrfs_run_delayed_items+0x213/0x490 fs/btrfs/delayed-inode.c:1171 btrfs_commit_transaction+0x8a8/0x3740 fs/btrfs/transaction.c:2313 prepare_to_relocate+0x3c4/0x4c0 fs/btrfs/relocation.c:3586 relocate_block_group+0x16c/0xd40 fs/btrfs/relocation.c:3611 btrfs_relocate_block_group+0x77d/0xd90 fs/btrfs/relocation.c:4081 btrfs_relocate_chunk+0x12c/0x3b0 fs/btrfs/volumes.c:3377 __btrfs_balance+0x1b0f/0x26b0 fs/btrfs/volumes.c:4161 btrfs_balance+0xbdc/0x10c0 fs/btrfs/volumes.c:4538 BTRFS error (device loop0 state EA): Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615 __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523 update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411 __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030 btrfs_update_delayed_i ---truncated---

Status

Package Ubuntu Release Status
linux 24.10 oracular
Fixed 6.11.0-21.21
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-135.146
20.04 LTS focal
Fixed 5.4.0-211.231
18.04 LTS bionic Ignored ESM criteria, was needed
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected
linux-allwinner-5.19 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored end of kernel support
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws 24.10 oracular
Fixed 6.11.0-1011.12
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-1080.87
20.04 LTS focal
Vulnerable, work in progress
18.04 LTS bionic Ignored ESM criteria, was needed
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected
linux-aws-5.0 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored superseded by linux-aws-5.3
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-5.11 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-aws-5.13
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-5.13 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-aws-5.15
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Fixed 5.15.0-1080.87~20.04.1
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-5.19 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-aws-6.2
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-5.3 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored superseded by linux-aws-5.4
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-5.4 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic
Vulnerable, work in progress
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-5.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-aws-5.11
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-6.2 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-aws-6.5
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-6.5 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-aws-6.8
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-6.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Vulnerable, work in progress
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-fips 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Fixed 5.15.0-1080.87+fips1
20.04 LTS focal FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Vulnerable, work in progress
18.04 LTS bionic FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Vulnerable
16.04 LTS xenial FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro. Not in release
14.04 LTS trusty Not in release
linux-aws-hwe 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Ignored ESM criteria, was needed
14.04 LTS trusty Not in release
linux-azure 24.10 oracular
Fixed 6.11.0-1012.12
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-1084.93
20.04 LTS focal
Fixed 5.4.0-1147.154
18.04 LTS bionic Ignored superseded by linux-azure-5.3
16.04 LTS xenial Ignored ESM criteria, was needed
14.04 LTS trusty Ignored ESM criteria, was needed
linux-azure-4.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored ESM criteria, was needed
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-5.11 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-azure-5.13
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-5.13 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-azure-5.15
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Vulnerable, work in progress
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-5.19 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-azure-6.2
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-5.3 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored superseded by linux-azure-5.4
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-5.4 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-5.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-azure-5.11
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-6.2 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-azure-6.5
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-6.5 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-azure-6.8
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-6.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Vulnerable
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-edge 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored superseded by linux-azure-5.3
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-fde 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Vulnerable
20.04 LTS focal Ignored superseded by linux-azure-fde-5.15
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-fde-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Vulnerable
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-fde-5.19 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-azure-fde-6.2
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-fde-6.2 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored replaced by linux-azure-6.5
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-fips 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Fixed 5.15.0-1083.92+fips1
20.04 LTS focal FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Fixed 5.4.0-1147.154+fips1
18.04 LTS bionic FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Vulnerable
16.04 LTS xenial FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro. Not in release
14.04 LTS trusty Not in release
linux-bluefield 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Fixed 5.4.0-1101.108
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-fips 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Fixed 5.15.0-135.146+fips1
20.04 LTS focal FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Fixed 5.4.0-1116.126
18.04 LTS bionic FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Vulnerable
16.04 LTS xenial FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Not affected
14.04 LTS trusty Not in release
linux-gcp 24.10 oracular
Fixed 6.11.0-1011.11
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-1079.88
20.04 LTS focal
Fixed 5.4.0-1145.154
18.04 LTS bionic Ignored superseded by linux-gcp-5.3
16.04 LTS xenial Ignored ESM criteria, was needed
14.04 LTS trusty Not in release
linux-gcp-4.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored ESM criteria, was needed
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-5.11 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-gcp-5.13
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-5.13 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-gcp-5.15
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Vulnerable, work in progress
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-5.19 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-gcp-6.2
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-5.3 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored superseded by linux-gcp-5.4
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-5.4 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-5.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-gcp-5.11
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-6.2 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-gcp-6.5
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-6.5 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-gcp-6.8
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-6.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Vulnerable
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-fips 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Fixed 5.15.0-1079.88+fips1
20.04 LTS focal FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Fixed 5.4.0-1145.154+fips1
18.04 LTS bionic FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Vulnerable
16.04 LTS xenial FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro. Not in release
14.04 LTS trusty Not in release
linux-gke 24.10 oracular Not in release
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-1077.83
20.04 LTS focal Ignored end of kernel support
18.04 LTS bionic Not in release
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Not in release
linux-gke-4.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored superseded by linux-gke-5.0
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gke-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored end of kernel support
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gke-5.4 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored end of kernel support
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gkeop 24.10 oracular Not in release
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-1062.70
20.04 LTS focal Ignored end of life, was needs-triage
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gkeop-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored end of life, was needs-triage
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gkeop-5.4 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored end of kernel support
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored replaced by linux-hwe-5.4
16.04 LTS xenial Ignored ESM criteria, was needed
14.04 LTS trusty Not in release
linux-hwe-5.11 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-hwe-5.13
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe-5.13 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-hwe-5.15
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Vulnerable, work in progress
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe-5.19 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-hwe-6.2
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe-5.4 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe-5.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-hwe-5.11
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe-6.11 24.10 oracular Not in release
24.04 LTS noble
Fixed 6.11.0-21.21~24.04.1
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe-6.2 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-hwe-6.5
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe-6.5 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-hwe-6.8
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe-6.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Vulnerable, work in progress
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe-edge 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored superseded by linux-hwe-5.4
16.04 LTS xenial Ignored superseded by linux-hwe
14.04 LTS trusty Not in release
linux-ibm 24.10 oracular Not in release
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-1072.75
20.04 LTS focal
Fixed 5.4.0-1088.93
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-ibm-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Vulnerable, work in progress
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-ibm-5.4 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic
Vulnerable, work in progress
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-intel 24.10 oracular Not in release
24.04 LTS noble
Vulnerable
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-intel-5.13 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored end of kernel support
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-intel-iot-realtime 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Fixed 5.15.0-1073.75
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-intel-iotg 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Fixed 5.15.0-1075.81
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-intel-iotg-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Vulnerable, work in progress
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-iot 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Vulnerable, work in progress
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-kvm 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Fixed 5.15.0-1076.81
20.04 LTS focal
Fixed 5.4.0-1129.138
18.04 LTS bionic Ignored ESM criteria, was needed
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release
linux-lowlatency 24.10 oracular
Fixed 6.11.0-1011.12
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-135.146
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lowlatency-hwe-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Fixed 5.15.0-135.146~20.04.1
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lowlatency-hwe-5.19 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-lowlatency-hwe-6.2
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lowlatency-hwe-6.11 24.10 oracular Not in release
24.04 LTS noble
Not affected
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lowlatency-hwe-6.2 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-lowlatency-hwe-6.5
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lowlatency-hwe-6.5 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-lowlatency-hwe-6.8
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lowlatency-hwe-6.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Vulnerable, work in progress
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lts-xenial 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty
Not affected
linux-nvidia 24.10 oracular Not in release
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-1074.75
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-nvidia-6.2 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-nvidia-6.5
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-nvidia-6.5 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-nvidia-6.8
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-nvidia-6.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Vulnerable, work in progress
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-nvidia-lowlatency 24.10 oracular Not in release
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-nvidia-tegra 24.10 oracular Not in release
24.04 LTS noble
Vulnerable
22.04 LTS jammy
Fixed 5.15.0-1033.33
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-nvidia-tegra-igx 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Fixed 5.15.0-1021.21
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored replaced by linux-hwe-5.4
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Not in release
linux-oem-5.10 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-oem-5.13
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem-5.13 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-oem-5.14
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem-5.14 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored replaced by linux-hwe-5.15
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem-5.17 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-oem-6.1
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem-5.6 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-oem-5.10
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem-6.0 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-oem-6.1
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem-6.1 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-oem-6.5
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem-6.11 24.10 oracular Not in release
24.04 LTS noble
Fixed 6.11.0-1017.17
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem-6.5 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-oem-6.8
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem-6.8 24.10 oracular Not in release
24.04 LTS noble
Vulnerable
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle 24.10 oracular
Fixed 6.11.0-1013.14
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-1077.83
20.04 LTS focal
Fixed 5.4.0-1140.150
18.04 LTS bionic Ignored ESM criteria, was needed
16.04 LTS xenial Ignored ESM criteria, was needed
14.04 LTS trusty Not in release
linux-oracle-5.0 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored superseded by linux-oracle-5.3
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle-5.11 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-oracle-5.13
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle-5.13 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-oracle-5.15
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Fixed 5.15.0-1077.83~20.04.1
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle-5.3 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Ignored superseded by linux-oracle-5.4
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle-5.4 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle-5.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-oracle-5.11
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle-6.5 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-oracle-6.8
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle-6.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Vulnerable
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-raspi 24.10 oracular
Vulnerable, work in progress
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-1074.77
20.04 LTS focal
Vulnerable, work in progress
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-raspi-5.4 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic
Vulnerable, work in progress
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-raspi-realtime 24.10 oracular Not in release
24.04 LTS noble
Vulnerable
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-raspi2 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored replaced by linux-raspi
18.04 LTS bionic Ignored end of standard support
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Not in release
linux-realtime 24.10 oracular
Fixed 6.11.0-1007.7
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy
Fixed 5.15.0-1080.88
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-riscv 24.10 oracular
Fixed 6.11.0-21.21.1
24.04 LTS noble
Vulnerable, work in progress
22.04 LTS jammy Ignored end of kernel support
20.04 LTS focal Ignored superseded by linux-riscv-5.8
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-riscv-5.11 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-riscv-5.13
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-riscv-5.15 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Fixed 5.15.0-1075.79~20.04.1
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-riscv-5.19 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored end of kernel support
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-riscv-5.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Ignored superseded by linux-riscv-5.11
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-riscv-6.5 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-riscv-6.8
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-riscv-6.8 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Vulnerable
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-starfive-5.19 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored end of kernel support
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-starfive-6.2 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored superseded by linux-starfive-6.5
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-starfive-6.5 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Ignored end of kernel support
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-xilinx-zynqmp 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy
Fixed 5.15.0-1044.48
20.04 LTS focal
Fixed 5.4.0-1060.64
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
linux

Severity score breakdown

Parameter Value
Base score 7.8 · High
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-7379-1
    • Linux kernel vulnerabilities
    • 27 March 2025
    • USN-7380-1
    • Linux kernel (Low Latency) vulnerabilities
    • 27 March 2025
    • USN-7381-1
    • Linux kernel (Low Latency) vulnerabilities
    • 27 March 2025
    • USN-7382-1
    • Linux kernel (OEM) vulnerabilities
    • 27 March 2025
    • USN-7387-1
    • Linux kernel vulnerabilities
    • 27 March 2025
    • USN-7388-1
    • Linux kernel vulnerabilities
    • 27 March 2025
    • USN-7387-3
    • Linux kernel (Real-time) vulnerabilities
    • 28 March 2025
    • USN-7389-1
    • Linux kernel (NVIDIA Tegra) vulnerabilities
    • 28 March 2025
    • USN-7390-1
    • Linux kernel (Xilinx ZynqMP) vulnerabilities
    • 28 March 2025
    • USN-7387-2
    • Linux kernel (FIPS) vulnerabilities
    • 28 March 2025
    • USN-7391-1
    • Linux kernel vulnerabilities
    • 28 March 2025
    • USN-7392-1
    • Linux kernel vulnerabilities
    • 28 March 2025
    • USN-7392-2
    • Linux kernel vulnerabilities
    • 28 March 2025
    • USN-7393-1
    • Linux kernel (FIPS) vulnerabilities
    • 28 March 2025

Other references