A use-after-free vulnerability in the Linux kernels netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.
We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.
Weakness
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | 5.6 (including) | 5.10.204 (excluding) |
| Linux_kernel | Linux | 5.11 (including) | 5.15.143 (excluding) |
| Linux_kernel | Linux | 5.16 (including) | 6.1.68 (excluding) |
| Linux_kernel | Linux | 6.2 (including) | 6.6.7 (excluding) |
| Linux_kernel | Linux | 6.7-rc1 (including) | 6.7-rc1 (including) |
| Linux_kernel | Linux | 6.7-rc2 (including) | 6.7-rc2 (including) |
| Linux_kernel | Linux | 6.7-rc3 (including) | 6.7-rc3 (including) |
| Linux_kernel | Linux | 6.7-rc4 (including) | 6.7-rc4 (including) |
| Red Hat Enterprise Linux 8 | RedHat | kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | kernel-0:4.18.0-513.18.1.el8_9 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | kernel-0:4.18.0-193.128.1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | RedHat | kernel-rt-0:4.18.0-193.128.1.rt13.179.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | RedHat | kernel-0:4.18.0-193.128.1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | RedHat | kernel-0:4.18.0-193.128.1.el8_2 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | kernel-0:4.18.0-305.125.1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | kernel-rt-0:4.18.0-305.125.1.rt7.201.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | kernel-0:4.18.0-305.125.1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | kernel-0:4.18.0-305.125.1.el8_4 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | kernel-0:4.18.0-372.91.1.el8_6 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | kernel-0:4.18.0-477.51.1.el8_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | kernel-0:5.14.0-362.24.1.el9_3 | * |
| Red Hat Enterprise Linux 9 | RedHat | kernel-0:5.14.0-362.24.1.el9_3 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | kernel-0:5.14.0-70.101.1.el9_0 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | kernel-rt-0:5.14.0-70.101.1.rt21.173.el9_0 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | kernel-0:5.14.0-284.55.1.el9_2 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | kernel-rt-0:5.14.0-284.55.1.rt14.340.el9_2 | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | RedHat | kernel-0:4.18.0-372.91.1.el8_6 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/cluster-logging-operator-bundle:v5.8.6-22 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/cluster-logging-rhel9-operator:v5.8.6-11 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/elasticsearch6-rhel9:v6.8.1-407 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/elasticsearch-operator-bundle:v5.8.6-19 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-479 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/elasticsearch-rhel9-operator:v5.8.6-7 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/eventrouter-rhel9:v0.4.0-247 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/fluentd-rhel9:v5.8.6-5 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-227 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/logging-curator5-rhel9:v5.8.1-470 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/logging-loki-rhel9:v2.9.6-14 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/logging-view-plugin-rhel9:v5.8.6-2 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/loki-operator-bundle:v5.8.6-24 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/loki-rhel9-operator:v5.8.6-10 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/lokistack-gateway-rhel9:v0.1.0-525 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/opa-openshift-rhel9:v0.1.0-224 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/vector-rhel9:v0.28.1-56 | * |
| Linux | Ubuntu | jammy | * |
| Linux | Ubuntu | lunar | * |
| Linux | Ubuntu | mantic | * |
| Linux | Ubuntu | upstream | * |
| Linux-allwinner | Ubuntu | lunar | * |
| Linux-allwinner | Ubuntu | upstream | * |
| Linux-allwinner-5.19 | Ubuntu | jammy | * |
| Linux-allwinner-5.19 | Ubuntu | upstream | * |
| Linux-aws | Ubuntu | jammy | * |
| Linux-aws | Ubuntu | lunar | * |
| Linux-aws | Ubuntu | mantic | * |
| Linux-aws | Ubuntu | upstream | * |
| Linux-aws-5.0 | Ubuntu | bionic | * |
| Linux-aws-5.0 | Ubuntu | esm-infra/bionic | * |
| Linux-aws-5.0 | Ubuntu | upstream | * |
| Linux-aws-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-aws-5.11 | Ubuntu | focal | * |
| Linux-aws-5.11 | Ubuntu | upstream | * |
| Linux-aws-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-aws-5.13 | Ubuntu | focal | * |
| Linux-aws-5.13 | Ubuntu | upstream | * |
| Linux-aws-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-aws-5.15 | Ubuntu | focal | * |
| Linux-aws-5.15 | Ubuntu | upstream | * |
| Linux-aws-5.19 | Ubuntu | jammy | * |
| Linux-aws-5.19 | Ubuntu | upstream | * |
| Linux-aws-5.3 | Ubuntu | bionic | * |
| Linux-aws-5.3 | Ubuntu | esm-infra/bionic | * |
| Linux-aws-5.3 | Ubuntu | upstream | * |
| Linux-aws-5.4 | Ubuntu | upstream | * |
| Linux-aws-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-aws-5.8 | Ubuntu | focal | * |
| Linux-aws-5.8 | Ubuntu | upstream | * |
| Linux-aws-6.14 | Ubuntu | upstream | * |
| Linux-aws-6.2 | Ubuntu | jammy | * |
| Linux-aws-6.2 | Ubuntu | upstream | * |
| Linux-aws-6.5 | Ubuntu | jammy | * |
| Linux-aws-6.5 | Ubuntu | upstream | * |
| Linux-aws-6.8 | Ubuntu | upstream | * |
| Linux-aws-fips | Ubuntu | fips-preview/jammy | * |
| Linux-aws-fips | Ubuntu | trusty | * |
| Linux-aws-fips | Ubuntu | upstream | * |
| Linux-aws-fips | Ubuntu | xenial | * |
| Linux-aws-hwe | Ubuntu | upstream | * |
| Linux-azure | Ubuntu | bionic | * |
| Linux-azure | Ubuntu | esm-infra/bionic | * |
| Linux-azure | Ubuntu | jammy | * |
| Linux-azure | Ubuntu | lunar | * |
| Linux-azure | Ubuntu | mantic | * |
| Linux-azure | Ubuntu | upstream | * |
| Linux-azure-4.15 | Ubuntu | upstream | * |
| Linux-azure-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-azure-5.11 | Ubuntu | focal | * |
| Linux-azure-5.11 | Ubuntu | upstream | * |
| Linux-azure-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-azure-5.13 | Ubuntu | focal | * |
| Linux-azure-5.13 | Ubuntu | upstream | * |
| Linux-azure-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-azure-5.15 | Ubuntu | focal | * |
| Linux-azure-5.15 | Ubuntu | upstream | * |
| Linux-azure-5.19 | Ubuntu | jammy | * |
| Linux-azure-5.19 | Ubuntu | upstream | * |
| Linux-azure-5.3 | Ubuntu | bionic | * |
| Linux-azure-5.3 | Ubuntu | esm-infra/bionic | * |
| Linux-azure-5.3 | Ubuntu | upstream | * |
| Linux-azure-5.4 | Ubuntu | upstream | * |
| Linux-azure-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-azure-5.8 | Ubuntu | focal | * |
| Linux-azure-5.8 | Ubuntu | upstream | * |
| Linux-azure-6.11 | Ubuntu | upstream | * |
| Linux-azure-6.14 | Ubuntu | upstream | * |
| Linux-azure-6.2 | Ubuntu | jammy | * |
| Linux-azure-6.2 | Ubuntu | upstream | * |
| Linux-azure-6.5 | Ubuntu | jammy | * |
| Linux-azure-6.5 | Ubuntu | upstream | * |
| Linux-azure-6.8 | Ubuntu | upstream | * |
| Linux-azure-edge | Ubuntu | bionic | * |
| Linux-azure-edge | Ubuntu | esm-infra/bionic | * |
| Linux-azure-edge | Ubuntu | upstream | * |
| Linux-azure-fde | Ubuntu | esm-infra/focal | * |
| Linux-azure-fde | Ubuntu | focal | * |
| Linux-azure-fde | Ubuntu | jammy | * |
| Linux-azure-fde | Ubuntu | upstream | * |
| Linux-azure-fde-5.15 | Ubuntu | upstream | * |
| Linux-azure-fde-5.19 | Ubuntu | jammy | * |
| Linux-azure-fde-5.19 | Ubuntu | upstream | * |
| Linux-azure-fde-6.14 | Ubuntu | upstream | * |
| Linux-azure-fde-6.2 | Ubuntu | jammy | * |
| Linux-azure-fde-6.2 | Ubuntu | upstream | * |
| Linux-azure-fde-6.8 | Ubuntu | upstream | * |
| Linux-azure-fips | Ubuntu | fips-preview/jammy | * |
| Linux-azure-fips | Ubuntu | trusty | * |
| Linux-azure-fips | Ubuntu | upstream | * |
| Linux-azure-fips | Ubuntu | xenial | * |
| Linux-azure-nvidia | Ubuntu | upstream | * |
| Linux-azure-nvidia-6.14 | Ubuntu | upstream | * |
| Linux-bluefield | Ubuntu | bluefield/jammy | * |
| Linux-bluefield | Ubuntu | esm-infra/focal | * |
| Linux-bluefield | Ubuntu | focal | * |
| Linux-bluefield | Ubuntu | upstream | * |
| Linux-dell300x | Ubuntu | bionic | * |
| Linux-dell300x | Ubuntu | upstream | * |
| Linux-fips | Ubuntu | fips-preview/jammy | * |
| Linux-fips | Ubuntu | upstream | * |
| Linux-gcp | Ubuntu | bionic | * |
| Linux-gcp | Ubuntu | esm-infra/bionic | * |
| Linux-gcp | Ubuntu | jammy | * |
| Linux-gcp | Ubuntu | lunar | * |
| Linux-gcp | Ubuntu | mantic | * |
| Linux-gcp | Ubuntu | upstream | * |
| Linux-gcp-4.15 | Ubuntu | upstream | * |
| Linux-gcp-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-gcp-5.11 | Ubuntu | focal | * |
| Linux-gcp-5.11 | Ubuntu | upstream | * |
| Linux-gcp-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-gcp-5.13 | Ubuntu | focal | * |
| Linux-gcp-5.13 | Ubuntu | upstream | * |
| Linux-gcp-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-gcp-5.15 | Ubuntu | focal | * |
| Linux-gcp-5.15 | Ubuntu | upstream | * |
| Linux-gcp-5.19 | Ubuntu | jammy | * |
| Linux-gcp-5.19 | Ubuntu | upstream | * |
| Linux-gcp-5.3 | Ubuntu | bionic | * |
| Linux-gcp-5.3 | Ubuntu | esm-infra/bionic | * |
| Linux-gcp-5.3 | Ubuntu | upstream | * |
| Linux-gcp-5.4 | Ubuntu | upstream | * |
| Linux-gcp-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-gcp-5.8 | Ubuntu | focal | * |
| Linux-gcp-5.8 | Ubuntu | upstream | * |
| Linux-gcp-6.11 | Ubuntu | upstream | * |
| Linux-gcp-6.14 | Ubuntu | upstream | * |
| Linux-gcp-6.2 | Ubuntu | jammy | * |
| Linux-gcp-6.2 | Ubuntu | upstream | * |
| Linux-gcp-6.5 | Ubuntu | jammy | * |
| Linux-gcp-6.5 | Ubuntu | upstream | * |
| Linux-gcp-6.8 | Ubuntu | upstream | * |
| Linux-gcp-fips | Ubuntu | fips-preview/jammy | * |
| Linux-gcp-fips | Ubuntu | fips-updates/jammy | * |
| Linux-gcp-fips | Ubuntu | trusty | * |
| Linux-gcp-fips | Ubuntu | upstream | * |
| Linux-gcp-fips | Ubuntu | xenial | * |
| Linux-gke | Ubuntu | esm-infra/focal | * |
| Linux-gke | Ubuntu | focal | * |
| Linux-gke | Ubuntu | jammy | * |
| Linux-gke | Ubuntu | upstream | * |
| Linux-gke | Ubuntu | xenial | * |
| Linux-gke-4.15 | Ubuntu | bionic | * |
| Linux-gke-4.15 | Ubuntu | esm-infra/bionic | * |
| Linux-gke-4.15 | Ubuntu | upstream | * |
| Linux-gke-5.0 | Ubuntu | bionic | * |
| Linux-gke-5.0 | Ubuntu | upstream | * |
| Linux-gke-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-gke-5.15 | Ubuntu | focal | * |
| Linux-gke-5.15 | Ubuntu | upstream | * |
| Linux-gke-5.3 | Ubuntu | bionic | * |
| Linux-gke-5.3 | Ubuntu | upstream | * |
| Linux-gke-5.4 | Ubuntu | bionic | * |
| Linux-gke-5.4 | Ubuntu | esm-infra/bionic | * |
| Linux-gke-5.4 | Ubuntu | upstream | * |
| Linux-gkeop | Ubuntu | jammy | * |
| Linux-gkeop | Ubuntu | upstream | * |
| Linux-gkeop-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-gkeop-5.15 | Ubuntu | focal | * |
| Linux-gkeop-5.15 | Ubuntu | upstream | * |
| Linux-gkeop-5.4 | Ubuntu | bionic | * |
| Linux-gkeop-5.4 | Ubuntu | esm-infra/bionic | * |
| Linux-gkeop-5.4 | Ubuntu | upstream | * |
| Linux-hwe | Ubuntu | bionic | * |
| Linux-hwe | Ubuntu | esm-infra/bionic | * |
| Linux-hwe | Ubuntu | upstream | * |
| Linux-hwe-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-hwe-5.11 | Ubuntu | focal | * |
| Linux-hwe-5.11 | Ubuntu | upstream | * |
| Linux-hwe-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-hwe-5.13 | Ubuntu | focal | * |
| Linux-hwe-5.13 | Ubuntu | upstream | * |
| Linux-hwe-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-hwe-5.15 | Ubuntu | focal | * |
| Linux-hwe-5.15 | Ubuntu | upstream | * |
| Linux-hwe-5.19 | Ubuntu | jammy | * |
| Linux-hwe-5.19 | Ubuntu | upstream | * |
| Linux-hwe-5.4 | Ubuntu | upstream | * |
| Linux-hwe-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-hwe-5.8 | Ubuntu | focal | * |
| Linux-hwe-5.8 | Ubuntu | upstream | * |
| Linux-hwe-6.11 | Ubuntu | upstream | * |
| Linux-hwe-6.14 | Ubuntu | upstream | * |
| Linux-hwe-6.2 | Ubuntu | jammy | * |
| Linux-hwe-6.2 | Ubuntu | upstream | * |
| Linux-hwe-6.5 | Ubuntu | jammy | * |
| Linux-hwe-6.5 | Ubuntu | upstream | * |
| Linux-hwe-6.8 | Ubuntu | upstream | * |
| Linux-hwe-edge | Ubuntu | esm-infra/xenial | * |
| Linux-hwe-edge | Ubuntu | upstream | * |
| Linux-hwe-edge | Ubuntu | xenial | * |
| Linux-ibm | Ubuntu | jammy | * |
| Linux-ibm | Ubuntu | lunar | * |
| Linux-ibm | Ubuntu | mantic | * |
| Linux-ibm | Ubuntu | upstream | * |
| Linux-ibm-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-ibm-5.15 | Ubuntu | focal | * |
| Linux-ibm-5.15 | Ubuntu | upstream | * |
| Linux-ibm-5.4 | Ubuntu | upstream | * |
| Linux-ibm-6.8 | Ubuntu | upstream | * |
| Linux-intel | Ubuntu | upstream | * |
| Linux-intel-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-intel-5.13 | Ubuntu | focal | * |
| Linux-intel-5.13 | Ubuntu | upstream | * |
| Linux-intel-iot-realtime | Ubuntu | jammy | * |
| Linux-intel-iot-realtime | Ubuntu | realtime/jammy | * |
| Linux-intel-iot-realtime | Ubuntu | upstream | * |
| Linux-intel-iotg | Ubuntu | jammy | * |
| Linux-intel-iotg | Ubuntu | upstream | * |
| Linux-intel-iotg-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-intel-iotg-5.15 | Ubuntu | focal | * |
| Linux-intel-iotg-5.15 | Ubuntu | upstream | * |
| Linux-iot | Ubuntu | upstream | * |
| Linux-kvm | Ubuntu | jammy | * |
| Linux-kvm | Ubuntu | lunar | * |
| Linux-kvm | Ubuntu | upstream | * |
| Linux-laptop | Ubuntu | mantic | * |
| Linux-laptop | Ubuntu | upstream | * |
| Linux-lowlatency | Ubuntu | jammy | * |
| Linux-lowlatency | Ubuntu | lunar | * |
| Linux-lowlatency | Ubuntu | mantic | * |
| Linux-lowlatency | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-lowlatency-hwe-5.15 | Ubuntu | focal | * |
| Linux-lowlatency-hwe-5.15 | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-5.19 | Ubuntu | jammy | * |
| Linux-lowlatency-hwe-5.19 | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-6.11 | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-6.2 | Ubuntu | jammy | * |
| Linux-lowlatency-hwe-6.2 | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-6.5 | Ubuntu | jammy | * |
| Linux-lowlatency-hwe-6.5 | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-6.8 | Ubuntu | upstream | * |
| Linux-lts-xenial | Ubuntu | upstream | * |
| Linux-nvidia | Ubuntu | jammy | * |
| Linux-nvidia | Ubuntu | upstream | * |
| Linux-nvidia-6.11 | Ubuntu | upstream | * |
| Linux-nvidia-6.2 | Ubuntu | jammy | * |
| Linux-nvidia-6.2 | Ubuntu | upstream | * |
| Linux-nvidia-6.5 | Ubuntu | jammy | * |
| Linux-nvidia-6.5 | Ubuntu | upstream | * |
| Linux-nvidia-6.8 | Ubuntu | upstream | * |
| Linux-nvidia-lowlatency | Ubuntu | upstream | * |
| Linux-nvidia-tegra | Ubuntu | jammy | * |
| Linux-nvidia-tegra | Ubuntu | upstream | * |
| Linux-nvidia-tegra-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-nvidia-tegra-5.15 | Ubuntu | focal | * |
| Linux-nvidia-tegra-5.15 | Ubuntu | upstream | * |
| Linux-nvidia-tegra-igx | Ubuntu | jammy | * |
| Linux-nvidia-tegra-igx | Ubuntu | upstream | * |
| Linux-oem | Ubuntu | bionic | * |
| Linux-oem | Ubuntu | esm-infra/bionic | * |
| Linux-oem | Ubuntu | upstream | * |
| Linux-oem | Ubuntu | xenial | * |
| Linux-oem-5.10 | Ubuntu | esm-infra/focal | * |
| Linux-oem-5.10 | Ubuntu | focal | * |
| Linux-oem-5.10 | Ubuntu | upstream | * |
| Linux-oem-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-oem-5.13 | Ubuntu | focal | * |
| Linux-oem-5.13 | Ubuntu | upstream | * |
| Linux-oem-5.14 | Ubuntu | esm-infra/focal | * |
| Linux-oem-5.14 | Ubuntu | focal | * |
| Linux-oem-5.14 | Ubuntu | upstream | * |
| Linux-oem-5.17 | Ubuntu | jammy | * |
| Linux-oem-5.17 | Ubuntu | upstream | * |
| Linux-oem-5.6 | Ubuntu | esm-infra/focal | * |
| Linux-oem-5.6 | Ubuntu | focal | * |
| Linux-oem-5.6 | Ubuntu | upstream | * |
| Linux-oem-6.0 | Ubuntu | jammy | * |
| Linux-oem-6.0 | Ubuntu | upstream | * |
| Linux-oem-6.1 | Ubuntu | jammy | * |
| Linux-oem-6.1 | Ubuntu | upstream | * |
| Linux-oem-6.11 | Ubuntu | upstream | * |
| Linux-oem-6.14 | Ubuntu | upstream | * |
| Linux-oem-6.17 | Ubuntu | upstream | * |
| Linux-oem-6.5 | Ubuntu | jammy | * |
| Linux-oem-6.5 | Ubuntu | upstream | * |
| Linux-oem-6.8 | Ubuntu | upstream | * |
| Linux-oem-osp1 | Ubuntu | upstream | * |
| Linux-oracle | Ubuntu | jammy | * |
| Linux-oracle | Ubuntu | lunar | * |
| Linux-oracle | Ubuntu | mantic | * |
| Linux-oracle | Ubuntu | upstream | * |
| Linux-oracle-5.0 | Ubuntu | bionic | * |
| Linux-oracle-5.0 | Ubuntu | esm-infra/bionic | * |
| Linux-oracle-5.0 | Ubuntu | upstream | * |
| Linux-oracle-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-oracle-5.11 | Ubuntu | focal | * |
| Linux-oracle-5.11 | Ubuntu | upstream | * |
| Linux-oracle-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-oracle-5.13 | Ubuntu | focal | * |
| Linux-oracle-5.13 | Ubuntu | upstream | * |
| Linux-oracle-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-oracle-5.15 | Ubuntu | focal | * |
| Linux-oracle-5.15 | Ubuntu | upstream | * |
| Linux-oracle-5.3 | Ubuntu | bionic | * |
| Linux-oracle-5.3 | Ubuntu | esm-infra/bionic | * |
| Linux-oracle-5.3 | Ubuntu | upstream | * |
| Linux-oracle-5.4 | Ubuntu | upstream | * |
| Linux-oracle-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-oracle-5.8 | Ubuntu | focal | * |
| Linux-oracle-5.8 | Ubuntu | upstream | * |
| Linux-oracle-6.14 | Ubuntu | upstream | * |
| Linux-oracle-6.5 | Ubuntu | jammy | * |
| Linux-oracle-6.5 | Ubuntu | upstream | * |
| Linux-oracle-6.8 | Ubuntu | upstream | * |
| Linux-raspi | Ubuntu | jammy | * |
| Linux-raspi | Ubuntu | lunar | * |
| Linux-raspi | Ubuntu | mantic | * |
| Linux-raspi | Ubuntu | noble | * |
| Linux-raspi | Ubuntu | upstream | * |
| Linux-raspi-5.4 | Ubuntu | upstream | * |
| Linux-raspi-realtime | Ubuntu | noble | * |
| Linux-raspi-realtime | Ubuntu | upstream | * |
| Linux-raspi2 | Ubuntu | bionic | * |
| Linux-raspi2 | Ubuntu | esm-infra/focal | * |
| Linux-raspi2 | Ubuntu | focal | * |
| Linux-raspi2 | Ubuntu | upstream | * |
| Linux-raspi2 | Ubuntu | xenial | * |
| Linux-raspi2-5.3 | Ubuntu | bionic | * |
| Linux-raspi2-5.3 | Ubuntu | upstream | * |
| Linux-realtime | Ubuntu | jammy | * |
| Linux-realtime | Ubuntu | realtime/jammy | * |
| Linux-realtime | Ubuntu | upstream | * |
| Linux-realtime-6.14 | Ubuntu | upstream | * |
| Linux-realtime-6.8 | Ubuntu | upstream | * |
| Linux-riscv | Ubuntu | esm-infra/focal | * |
| Linux-riscv | Ubuntu | focal | * |
| Linux-riscv | Ubuntu | jammy | * |
| Linux-riscv | Ubuntu | lunar | * |
| Linux-riscv | Ubuntu | mantic | * |
| Linux-riscv | Ubuntu | upstream | * |
| Linux-riscv-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-riscv-5.11 | Ubuntu | focal | * |
| Linux-riscv-5.11 | Ubuntu | upstream | * |
| Linux-riscv-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-riscv-5.15 | Ubuntu | focal | * |
| Linux-riscv-5.15 | Ubuntu | upstream | * |
| Linux-riscv-5.19 | Ubuntu | jammy | * |
| Linux-riscv-5.19 | Ubuntu | upstream | * |
| Linux-riscv-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-riscv-5.8 | Ubuntu | focal | * |
| Linux-riscv-5.8 | Ubuntu | upstream | * |
| Linux-riscv-6.14 | Ubuntu | upstream | * |
| Linux-riscv-6.5 | Ubuntu | upstream | * |
| Linux-riscv-6.8 | Ubuntu | upstream | * |
| Linux-snapdragon | Ubuntu | bionic | * |
| Linux-snapdragon | Ubuntu | upstream | * |
| Linux-snapdragon | Ubuntu | xenial | * |
| Linux-starfive | Ubuntu | lunar | * |
| Linux-starfive | Ubuntu | mantic | * |
| Linux-starfive | Ubuntu | upstream | * |
| Linux-starfive-5.19 | Ubuntu | jammy | * |
| Linux-starfive-5.19 | Ubuntu | upstream | * |
| Linux-starfive-6.2 | Ubuntu | jammy | * |
| Linux-starfive-6.2 | Ubuntu | upstream | * |
| Linux-starfive-6.5 | Ubuntu | upstream | * |
| Linux-xilinx | Ubuntu | upstream | * |
| Linux-xilinx-zynqmp | Ubuntu | jammy | * |
| Linux-xilinx-zynqmp | Ubuntu | upstream | * |
Potential Mitigations
References
- http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
- http://www.openwall.com/lists/oss-security/2023/12/22/13
- http://www.openwall.com/lists/oss-security/2023/12/22/6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a
- https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a
- https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
- http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
- http://www.openwall.com/lists/oss-security/2023/12/22/13
- http://www.openwall.com/lists/oss-security/2023/12/22/6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a
- https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a
- https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html