CVE-2024-1085
Published: 31 January 2024
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.
From the Ubuntu Security Team
Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Notes
Author | Note |
---|---|
Priority reason: By passing a certain filter value to nf_tables, an unprivileged local attacker can elevate privileges. |
|
rodrigo-zaiden | from Google kCTF. |
Mitigation
If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-16.19)
|
focal |
Not vulnerable
(5.4.0-9.12)
|
|
jammy |
Released
(5.15.0-101.111)
|
|
mantic |
Released
(6.5.0-26.26)
|
|
trusty |
Not vulnerable
(3.11.0-12.19)
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Not vulnerable
(4.4.0-2.16)
|
|
Patches: Introduced by aaa31047a6d25da0fa101da1ed544e1247949b40 |
||
linux-allwinner-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(end of kernel support)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
focal |
Not vulnerable
(5.4.0-1005.5)
|
|
jammy |
Released
(5.15.0-1056.61)
|
|
mantic |
Released
(6.5.0-1016.16)
|
|
trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-aws-5.3)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-5.3)
|
|
xenial |
Does not exist
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-aws-5.13)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-5.13)
|
|
xenial |
Does not exist
|
|
linux-aws-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-aws-5.15)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-5.15)
|
|
xenial |
Does not exist
|
|
linux-aws-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.15.0-1056.61~20.04.1)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-aws-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-aws-6.2)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-6.2)
|
|
xenial |
Does not exist
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-aws-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-5.4)
|
|
xenial |
Does not exist
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1018.18~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-aws-5.11)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-5.11)
|
|
xenial |
Does not exist
|
|
linux-aws-6.2 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-aws-6.5, was needs-triage)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-aws-6.5, was needed)
|
|
xenial |
Does not exist
|
|
linux-aws-6.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(6.5.0-1016.16~22.04.1)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
focal |
Not vulnerable
(5.4.0-1006.6)
|
|
jammy |
Released
(5.15.0-1059.67)
|
|
mantic |
Released
(6.5.0-1017.17)
|
|
trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1082.92)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-azure-5.13)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-5.13)
|
|
xenial |
Does not exist
|
|
linux-azure-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-azure-5.15)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-5.15)
|
|
xenial |
Does not exist
|
|
linux-azure-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.15.0-1059.67~20.04.1)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-azure-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-azure-6.2)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-6.2)
|
|
xenial |
Does not exist
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-5.4)
|
|
xenial |
Does not exist
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1020.20~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-azure-5.11)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-5.11)
|
|
xenial |
Does not exist
|
|
linux-azure-6.2 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-azure-6.5, was needs-triage)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-6.5, was needed)
|
|
xenial |
Does not exist
|
|
linux-azure-6.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(6.5.0-1017.17~22.04.1)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-azure-5.3)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-5.3)
|
|
xenial |
Does not exist
|
|
linux-azure-fde Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-azure-fde-5.15)
|
|
jammy |
Released
(5.15.0-1059.67.1)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-azure-fde-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.15.0-1059.67~20.04.1.1)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-azure-fde-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-azure-fde-6.2)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-azure-fde-6.2)
|
|
xenial |
Does not exist
|
|
linux-azure-fde-6.2 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(replaced by linux-azure-6.5, was needs-triage)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(replaced by linux-azure-6.5, was needed)
|
|
xenial |
Does not exist
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.4.0-1007.10)
|
|
jammy |
Needed
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
linux-fips Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gcp-5.3)
|
focal |
Not vulnerable
(5.4.0-1005.5)
|
|
jammy |
Released
(5.15.0-1054.62)
|
|
mantic |
Released
(6.5.0-1016.16)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1071.81)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-gcp-5.13)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-5.13)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-gcp-5.15)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-5.15)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.15.0-1054.62~20.04.1)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-gcp-6.2)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-6.2, was needed)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gcp-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-5.4)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1019.19~18.04.2)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-gcp-5.11)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-5.11)
|
|
xenial |
Does not exist
|
|
linux-gcp-6.2 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-gcp-6.5, was needs-triage)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gcp-6.5, was needed)
|
|
xenial |
Does not exist
|
|
linux-gcp-6.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(6.5.0-1016.16~22.04.1)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of kernel support)
|
|
jammy |
Released
(5.15.0-1053.58)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gke-5.0)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gke-5.0)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gke-5.3)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gke-5.3)
|
|
xenial |
Does not exist
|
|
linux-gke-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of kernel support)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-gke-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-gke-5.4)
|
|
xenial |
Does not exist
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of kernel support)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.4.0-1008.9)
|
|
jammy |
Released
(5.15.0-1039.45)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-gkeop-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.15.0-1039.45~20.04.1)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of kernel support)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Ignored
(replaced by linux-hwe-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Not vulnerable
(4.8.0-39.42~16.04.1)
|
|
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-hwe-5.13)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-hwe-5.13)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-hwe-5.15)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-hwe-5.15)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.15.0-101.111~20.04.1)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-hwe-6.2)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-hwe-6.2)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-37.41~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-hwe-5.11)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-hwe-5.11)
|
|
xenial |
Does not exist
|
|
linux-hwe-6.2 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-hwe-6.5)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-hwe-6.5)
|
|
xenial |
Does not exist
|
|
linux-hwe-6.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(6.5.0-26.26~22.04.1)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-hwe-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Ignored
(superseded by linux-hwe)
|
|
linux-ibm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.4.0-1003.4)
|
|
jammy |
Released
(5.15.0-1049.52)
|
|
mantic |
Ignored
(end of kernel support)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-ibm-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.15.0-1049.52~20.04.1)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-ibm-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1010.11~18.04.2)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-intel-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(end of kernel support)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
linux-intel-iotg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(5.15.0-1051.57)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-intel-iotg-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.15.0-1051.57~20.04.1)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-iot Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.4.0-1001.3)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
focal |
Not vulnerable
(5.4.0-1004.4)
|
|
jammy |
Released
(5.15.0-1053.58)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
linux-laptop Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Released
(6.5.0-1012.15)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-lowlatency Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(5.15.0-101.111)
|
|
mantic |
Released
(6.5.0-26.26.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-lowlatency-hwe-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.15.0-101.111~20.04.1)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-lowlatency-hwe-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-lowlatency-hwe-6.2)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-lowlatency-hwe-6.2)
|
|
xenial |
Does not exist
|
|
linux-lowlatency-hwe-6.2 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-lowlatency-hwe-6.5)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-lowlatency-hwe-6.5)
|
|
xenial |
Does not exist
|
|
linux-lowlatency-hwe-6.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(6.5.0-26.26.1~22.04.1)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-nvidia Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(5.15.0-1047.47)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-nvidia-6.2 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-nvidia-6.5, was needs-triage)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-nvidia-6.5, was needed)
|
|
xenial |
Does not exist
|
|
linux-nvidia-6.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Ignored
(replaced by linux-hwe-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-oem-5.13)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oem-5.13)
|
|
xenial |
Does not exist
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-oem-5.14)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oem-5.14)
|
|
xenial |
Does not exist
|
|
linux-oem-5.14 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(replaced by linux-hwe-5.15)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(replaced by linux-hwe-5.15)
|
|
xenial |
Does not exist
|
|
linux-oem-5.17 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-oem-6.1)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oem-6.1)
|
|
xenial |
Does not exist
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-oem-5.10)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oem-5.10)
|
|
xenial |
Does not exist
|
|
linux-oem-6.0 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-oem-6.1)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oem-6.1)
|
|
xenial |
Does not exist
|
|
linux-oem-6.1 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(6.1.0-1035.35)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-oem-6.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(6.5.0-1018.19)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1007.9)
|
focal |
Not vulnerable
(5.4.0-1005.5)
|
|
jammy |
Released
(5.15.0-1054.60)
|
|
mantic |
Released
(6.5.0-1019.19)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-oracle-5.3)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oracle-5.3)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-oracle-5.13)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oracle-5.13)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-oracle-5.15)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oracle-5.15)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.15.0-1054.60~20.04.1)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(superseded by linux-oracle-5.4)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oracle-5.4)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1019.19~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-oracle-5.11)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-oracle-5.11)
|
|
xenial |
Does not exist
|
|
linux-oracle-6.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(6.5.0-1019.19~22.04.1)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-raspi Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.4.0-1007.7)
|
|
jammy |
Released
(5.15.0-1049.52)
|
|
mantic |
Released
(6.5.0-1013.16)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1013.13~18.04.1)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Ignored
(replaced by linux-raspi)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(replaced by linux-raspi)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-raspi2-5.4)
|
|
xenial |
Does not exist
|
|
linux-riscv Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-riscv-5.8)
|
|
jammy |
Ignored
(end of kernel support)
|
|
mantic |
Released
(6.5.0-26.26.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-riscv-5.13)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-riscv-5.13)
|
|
xenial |
Does not exist
|
|
linux-riscv-5.15 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(5.15.0-1052.56~20.04.1)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-riscv-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(end of kernel support)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Ignored
(superseded by linux-riscv-5.11)
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-riscv-5.11)
|
|
xenial |
Does not exist
|
|
linux-riscv-6.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(6.5.0-26.26.1~22.04.1)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-starfive Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Released
(6.5.0-1010.11)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-starfive-5.19 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(end of kernel support)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
linux-starfive-6.2 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Ignored
(superseded by linux-starfive-6.5)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(superseded by linux-starfive-6.5)
|
|
xenial |
Does not exist
|
|
linux-starfive-6.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Released
(6.5.0-1010.11~22.04.1)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
|
linux-xilinx-zynqmp Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.4.0-1020.24)
|
|
jammy |
Needs triage
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.8~rc1)
|
|
xenial |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7
- https://git.kernel.org/linus/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 (6.8-rc1)
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7
- https://ubuntu.com/security/notices/USN-6688-1
- https://ubuntu.com/security/notices/USN-6704-1
- https://ubuntu.com/security/notices/USN-6705-1
- https://ubuntu.com/security/notices/USN-6707-1
- https://ubuntu.com/security/notices/USN-6704-2
- https://ubuntu.com/security/notices/USN-6707-2
- https://ubuntu.com/security/notices/USN-6704-3
- https://ubuntu.com/security/notices/USN-6707-3
- https://ubuntu.com/security/notices/USN-6704-4
- https://ubuntu.com/security/notices/USN-6707-4
- https://www.cve.org/CVERecord?id=CVE-2024-1085
- NVD
- Launchpad
- Debian