Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-16120

Published: 13 October 2020

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.

From the Ubuntu Security Team

Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files.

Notes

AuthorNote
sbeattie
this issue most likely only has an impact on Ubuntu systems
as it is dependent on both unprivileged user namespaces being enabled
as well as a non-upstream patch that allows overlayfs mounts in user
namespaces.
the backport of this issue introduced a regression, LP: #1900141

Mitigation

disable unprivileged user namespaces if not needed via
  sudo sysctl kernel.unprivileged_userns_clone=0
do this permanently by adding
  kernel.unprivileged_userns_clone = 0
to /etc/sysctl.d/99-userns.conf

Priority

Medium

Cvss 3 Severity Score

4.4

Score breakdown

Status

Package Release Status
linux-nvidia
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

kinetic Does not exist

lunar Does not exist

jammy Not vulnerable
(5.15.0-1005.5)
upstream
Released (5.8~rc1)
mantic Does not exist

linux
Launchpad, Ubuntu, Debian
trusty Ignored
(ESM criteria, was needed)
hirsute Not vulnerable
(5.8.0-36.40+21.04.1)
bionic
Released (4.15.0-121.123)
focal
Released (5.4.0-51.56)
groovy Not vulnerable
(5.8.0-16.17)
upstream
Released (5.8~rc1)
jammy Not vulnerable
(5.13.0-19.19)
kinetic Not vulnerable
(5.15.0-25.25)
lunar Not vulnerable
(5.19.0-21.21)
mantic Not vulnerable
(6.2.0-20.20)
xenial Ignored
(, was needed)
Patches:
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by 56230d956739b9cb1cbde439d76227d77979a04d
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by 48bd024b8a40d73ad6b086de2615738da0c7004f
Introduced by

d1d04ef8572bc8c22265057bd3d5a79f223f8f52

Fixed by 05acefb4872dae89e772729efb194af754c877e8
linux-lts-xenial
Launchpad, Ubuntu, Debian
trusty Ignored
(ESM criteria, was needed)
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

linux-gcp-4.15
Launchpad, Ubuntu, Debian
hirsute Does not exist

bionic
Released (4.15.0-1086.98)
focal Does not exist

groovy Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

linux-gcp-5.3
Launchpad, Ubuntu, Debian
upstream
Released (5.8~rc1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

bionic Ignored
(superseded by linux-gcp-5.4, was needs-triage)
linux-riscv
Launchpad, Ubuntu, Debian
focal
Released (5.4.0-36.41)
kinetic Not vulnerable
(5.15.0-1007.7)
lunar Not vulnerable
(5.19.0-1004.4)
bionic Does not exist

groovy Not vulnerable
(5.8.0-1.1)
hirsute Not vulnerable
(5.8.0-10.12+21.04.1)
trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Not vulnerable
(6.2.0-19.19.1)
jammy Ignored
(end of kernel support, was needs-triage)
linux-gkeop-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

focal Not vulnerable
(5.15.0-1003.5~20.04.2)
upstream
Released (5.8~rc1)
mantic Does not exist

linux-aws-5.19
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

kinetic Does not exist

lunar Does not exist

upstream
Released (5.8~rc1)
mantic Does not exist

linux-gcp-5.19
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

kinetic Does not exist

lunar Does not exist

jammy Not vulnerable
(5.19.0-1020.22~22.04.2)
upstream
Released (5.8~rc1)
mantic Does not exist

linux-riscv-5.19
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

kinetic Does not exist

lunar Does not exist

upstream
Released (5.8~rc1)
mantic Does not exist

linux-allwinner
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Does not exist

kinetic Not vulnerable

lunar Not vulnerable

upstream
Released (5.8~rc1)
mantic Does not exist

linux-allwinner-5.19
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

kinetic Does not exist

lunar Does not exist

jammy Not vulnerable
(5.19.0-1007.7~22.04.1)
upstream
Released (5.8~rc1)
mantic Does not exist

linux-starfive
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Does not exist

kinetic Not vulnerable

lunar Not vulnerable
(5.19.0-1003.4)
upstream
Released (5.8~rc1)
mantic Not vulnerable
(6.5.0-1002.3)
linux-starfive-5.19
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

kinetic Does not exist

lunar Does not exist

upstream
Released (5.8~rc1)
mantic Does not exist

linux-gke-5.4
Launchpad, Ubuntu, Debian
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

bionic
Released (5.4.0-1027.28~18.04.1)
upstream
Released (5.8~rc1)
mantic Does not exist

linux-gkeop-5.4
Launchpad, Ubuntu, Debian
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

bionic
Released (5.4.0-1003.3)
upstream
Released (5.8~rc1)
mantic Does not exist

linux-hwe-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

focal Not vulnerable
(5.8.0-23.24~20.04.1)
upstream
Released (5.8~rc1)
mantic Does not exist

linux-aws
Launchpad, Ubuntu, Debian
hirsute Not vulnerable
(5.8.0-1018.20+21.04.1)
bionic
Released (4.15.0-1086.91)
focal
Released (5.4.0-1028.29)
groovy Not vulnerable
(5.8.0-1004.4)
upstream
Released (5.8~rc1)
trusty Ignored
(ESM criteria, was needed)
jammy Not vulnerable
(5.13.0-1005.6)
kinetic Not vulnerable
(5.15.0-1004.6)
lunar Not vulnerable
(5.19.0-1009.9)
mantic Not vulnerable
(6.2.0-1003.3)
xenial Ignored
(, was needed)
linux-azure
Launchpad, Ubuntu, Debian
hirsute Not vulnerable
(5.8.0-1016.17+21.04.1)
groovy Not vulnerable
(5.8.0-1004.4)
upstream
Released (5.8~rc1)
focal
Released (5.4.0-1031.32)
jammy Not vulnerable
(5.13.0-1006.7)
kinetic Not vulnerable
(5.15.0-1003.4)
lunar Not vulnerable
(5.19.0-1008.8)
trusty
Released (4.15.0-1098.109~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
xenial
Released (4.15.0-1098.109~16.04.1)
mantic Not vulnerable
(6.2.0-1003.3)
bionic Ignored
(superseded by linux-azure-5.3, was needs-triage)
linux-dell300x
Launchpad, Ubuntu, Debian
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

bionic Not vulnerable
(4.15.0-1005.8)
upstream
Released (5.8~rc1)
mantic Does not exist

linux-gkeop
Launchpad, Ubuntu, Debian
bionic Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

focal Not vulnerable
(5.4.0-1008.9)
upstream
Released (5.8~rc1)
jammy Not vulnerable
(5.15.0-1001.2)
mantic Does not exist

linux-oem-5.10
Launchpad, Ubuntu, Debian
bionic Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

focal Not vulnerable
(5.10.0-1008.9)
upstream
Released (5.8~rc1)
mantic Does not exist

linux-aws-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

upstream Ignored
(superseded by linux-aws-6.5, was needs-triage)
mantic Does not exist

linux-hwe-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

upstream Ignored
(superseded by linux-hwe-6.5, was needs-triage)
mantic Does not exist

linux-lowlatency-hwe-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

lunar Does not exist

mantic Does not exist

jammy Ignored
(superseded by linux-lowlatency-hwe-6.5, was needs-triage)
upstream Ignored
(superseded by linux-lowlatency-hwe-6.5, was needs-triage)
linux-ibm-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(5.15.0-1033.36~20.04.1)
jammy Does not exist

lunar Does not exist

upstream
Released (5.8~rc1)
mantic Does not exist

linux-gcp-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

mantic Does not exist

upstream Ignored
(superseded by linux-gcp-6.5, was needs-triage)
linux-azure-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

mantic Does not exist

upstream Ignored
(superseded by linux-azure-6.5, was needs-triage)
linux-azure-fde-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

mantic Does not exist

upstream Ignored
(replaced by linux-azure-6.5, was needs-triage)
linux-aws-5.0
Launchpad, Ubuntu, Debian
trusty Does not exist

focal Does not exist

groovy Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

hirsute Does not exist

mantic Does not exist

bionic Ignored
(superseded by linux-aws-5.3, was needs-triage)
linux-hwe
Launchpad, Ubuntu, Debian
bionic
Released (5.3.0-68.63)
focal Does not exist

groovy Does not exist

trusty Does not exist

xenial
Released (4.15.0-120.122~16.04.1)
hirsute Does not exist

upstream
Released (5.8~rc1)
mantic Does not exist

linux-hwe-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-51.56~18.04.1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

linux-aws-5.3
Launchpad, Ubuntu, Debian
focal Does not exist

groovy Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
hirsute Does not exist

xenial Does not exist

mantic Does not exist

bionic Ignored
(superseded by linux-aws-5.4, was needs-triage)
linux-azure-4.15
Launchpad, Ubuntu, Debian
upstream
Released (5.8~rc1)
bionic
Released (4.15.0-1099.110)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

linux-azure-5.3
Launchpad, Ubuntu, Debian
upstream
Released (5.8~rc1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

bionic Ignored
(superseded by linux-azure-5.4, was needs-triage)
linux-azure-5.4
Launchpad, Ubuntu, Debian
upstream
Released (5.8~rc1)
bionic
Released (5.4.0-1031.32~18.04.1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

linux-gcp
Launchpad, Ubuntu, Debian
upstream
Released (5.8~rc1)
focal
Released (5.4.0-1028.29)
groovy Not vulnerable
(5.8.0-1002.2)
hirsute Not vulnerable
(5.8.0-1015.15+21.04.1)
jammy Not vulnerable
(5.13.0-1005.6)
kinetic Not vulnerable
(5.15.0-1003.6)
lunar Not vulnerable
(5.19.0-1008.8)
trusty Does not exist

xenial
Released (4.15.0-1086.98~16.04.1)
mantic Not vulnerable
(6.2.0-1005.5)
bionic Ignored
(superseded by linux-gcp-5.3, was needs-triage)
linux-gke-5.0
Launchpad, Ubuntu, Debian
bionic
Released (5.0.0-1049.50)
focal Does not exist

groovy Does not exist

trusty Does not exist

xenial Does not exist

hirsute Does not exist

upstream
Released (5.8~rc1)
mantic Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
bionic
Released (5.3.0-1038.40)
focal Does not exist

groovy Does not exist

trusty Does not exist

hirsute Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

linux-oem
Launchpad, Ubuntu, Debian
upstream
Released (5.8~rc1)
bionic
Released (4.15.0-1099.109)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Ignored
(end of standard support, was needs-triage)
mantic Does not exist

linux-oem-5.6
Launchpad, Ubuntu, Debian
focal
Released (5.6.0-1031.32)
upstream
Released (5.8~rc1)
bionic Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
upstream
Released (5.8~rc1)
bionic
Released (5.0.0-1069.75)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

linux-oracle-5.3
Launchpad, Ubuntu, Debian
upstream
Released (5.8~rc1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

bionic Ignored
(superseded by linux-oracle-5.4, was needs-triage)
linux-oracle-5.4
Launchpad, Ubuntu, Debian
upstream
Released (5.8~rc1)
bionic
Released (5.4.0-1028.29~18.04.1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

xenial Does not exist

mantic Does not exist

linux-raspi
Launchpad, Ubuntu, Debian
groovy Not vulnerable
(5.8.0-1002.5)
jammy Not vulnerable
(5.13.0-1008.9)
kinetic Not vulnerable
(5.15.0-1005.5)
lunar Not vulnerable
(5.19.0-1004.10)
bionic Does not exist

focal
Released (5.4.0-1021.24)
hirsute Not vulnerable
(5.8.0-1008.11+21.04.1)
trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Not vulnerable
(6.2.0-1004.5)
linux-oracle
Launchpad, Ubuntu, Debian
kinetic Not vulnerable
(5.15.0-1002.4)
lunar Not vulnerable
(5.19.0-1008.8)
bionic
Released (4.15.0-1057.62)
focal
Released (5.4.0-1028.29)
groovy Not vulnerable
(5.8.0-1001.1)
hirsute Not vulnerable
(5.8.0-1014.14+21.04.1)
jammy Not vulnerable
(5.13.0-1008.10)
trusty Does not exist

upstream
Released (5.8~rc1)
xenial
Released (4.15.0-1056.61~16.04.1)
mantic Not vulnerable
(6.2.0-1003.3)
linux-aws-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1028.29~18.04.1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial
Released (4.15.0-1085.90~16.04.1)
mantic Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

bionic Ignored
(superseded by linux-azure-5.3, was needs-triage)
linux-gcp-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1028.29~18.04.1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

linux-gcp-edge
Launchpad, Ubuntu, Debian
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

bionic Ignored
(end of kernel support, was needs-triage)
linux-gke-4.15
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1072.76)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
mantic Does not exist

bionic Ignored
(superseded by linux-hwe-5.4, was needs-triage)
xenial Ignored
(superseded by linux-hwe, was needs-triage)
linux-kvm
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1077.79)
focal
Released (5.4.0-1026.27)
groovy Not vulnerable
(5.8.0-1001.1)
hirsute Not vulnerable
(5.8.0-1010.11+21.04.1)
jammy Not vulnerable
(5.13.0-1004.4)
kinetic Not vulnerable
(5.15.0-1004.4)
lunar Not vulnerable
(5.19.0-1008.8)
trusty Does not exist

upstream
Released (5.8~rc1)
mantic Does not exist

xenial Ignored
(, was needed)
linux-lts-trusty
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

linux-oracle-5.0
Launchpad, Ubuntu, Debian
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

bionic Ignored
(superseded by linux-oracle-5.3, was needs-triage)
linux-raspi-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1021.24~18.04.1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1073.78)
groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Ignored
(end of standard support, was needed)
mantic Does not exist

focal Ignored
(replaced by linux-raspi, was needs-triage)
linux-raspi2-5.3
Launchpad, Ubuntu, Debian
bionic
Released (5.3.0-1035.37)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Does not exist

mantic Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1089.98)
focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream
Released (5.8~rc1)
xenial Ignored
(end of standard support, was needed)
mantic Does not exist

linux-nvidia-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

mantic Does not exist

upstream Ignored
(superseded by linux-nvidia-6.5, was needs-triage)
linux-starfive-6.2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

lunar Does not exist

mantic Does not exist

upstream Ignored
(superseded by linux-starfive-6.5, was needs-triage)
linux-laptop
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Does not exist

lunar Does not exist

mantic Not vulnerable
(6.5.0-1003.6)
upstream
Released (5.8~rc1)
linux-oem-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

lunar Does not exist

mantic Does not exist

jammy Not vulnerable
(6.5.0-1003.3)
upstream
Released (5.8~rc1)
linux-hwe-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

lunar Does not exist

mantic Does not exist

jammy Not vulnerable
(6.5.0-14.14~22.04.1)
upstream
Released (5.8~rc1)
linux-lowlatency-hwe-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

lunar Does not exist

mantic Does not exist

jammy Not vulnerable
(6.5.0-14.14.1~22.04.1)
upstream
Released (5.8~rc1)
linux-riscv-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

mantic Does not exist

jammy Not vulnerable
(6.5.0-17.17.1.1~22.04.1)
upstream
Released (5.8~rc1)
linux-starfive-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

mantic Does not exist

jammy Not vulnerable
(6.5.0-1007.8~22.04.1)
upstream
Released (5.8~rc1)
linux-aws-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

mantic Does not exist

jammy Not vulnerable
(6.5.0-1008.8~22.04.1)
upstream
Released (5.8~rc1)
linux-azure-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

mantic Does not exist

jammy Not vulnerable
(6.5.0-1007.7~22.04.1)
upstream
Released (5.8~rc1)
linux-gcp-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

mantic Does not exist

jammy Not vulnerable
(6.5.0-1010.10~22.04.3)
upstream
Released (5.8~rc1)
linux-oracle-6.5
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Not vulnerable

mantic Does not exist

upstream Needs triage

Severity score breakdown

Parameter Value
Base score 4.4
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N