CVE-2023-3995
Publication date 3 August 2023
Last updated 4 August 2025
Ubuntu priority
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2023-4147.
From the Ubuntu Security Team
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Read the notes from the security team
Why is this CVE high priority?
By using unprivileged user namespaces, this can be exploited to achieve local privilege escalation.
Mitigation
If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux-hwe | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-hwe-5.4 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe-5.8 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-hwe-5.11 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe-5.11 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-hwe-5.13 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe-5.13 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-hwe-5.15 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 5.15.0-82.91~20.04.1
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe-5.19 | ||
| 22.04 LTS jammy | Ignored end of life, was needed | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe-edge | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-hwe-5.4 | |
| 16.04 LTS xenial | Ignored superseded by linux-hwe | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-xenial | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Not affected
|
|
| linux-kvm | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1040.45
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-allwinner | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-allwinner-5.19 | ||
| 22.04 LTS jammy | Ignored end of life, was needed | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.0 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-hwe-5.3 | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.3 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-hwe-5.4 | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.4 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.8 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-aws-5.11 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.11 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-aws-5.13 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.13 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-aws-5.15 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 5.15.0-1043.48~20.04.1
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.19 | ||
| 22.04 LTS jammy | Ignored end of life, was needs-triage | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-hwe | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-azure | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1045.52
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Ignored superseded by linux-azure-5.3 | |
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-azure-4.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-5.3 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-azure-5.4 | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-5.4 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-5.8 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-azure-5.11 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-5.11 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-azure-5.13 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-5.13 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-azure-5.15 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 5.15.0-1045.52~20.04.1
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-5.19 | ||
| 22.04 LTS jammy | Ignored end of life, was needs-triage | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-fde | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1045.52
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-fde-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 5.15.0-1045.52~20.04.1
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-fde-5.19 | ||
| 22.04 LTS jammy | Ignored end of life, was needs-triage | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-bluefield | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-dell300x | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-edge | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-azure-5.3 | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-fips | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Ignored end of standard support | |
| linux-gcp | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1040.48
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Ignored superseded by linux-gcp-5.3 | |
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-gcp-4.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.3 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-gcp-5.4 | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.4 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.8 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-gcp-5.11 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.11 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-gcp-5.13 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.13 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-gcp-5.15 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 5.15.0-1040.48~20.04.1
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.19 | ||
| 22.04 LTS jammy | Ignored end of life, was needs-triage | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1040.45
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-4.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-5.0 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-5.3 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-5.4 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored end of life, was needed | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gkeop | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1026.31
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gkeop-5.4 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gkeop-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 5.15.0-1026.31~20.04.1
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-ibm | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1036.39
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-ibm-5.4 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-intel-5.13 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored end of life, was needs-triage | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-intel-iotg | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1038.43
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-intel-iotg-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 5.15.0-1038.43~20.04.1
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-iot | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lowlatency | ||
| 22.04 LTS jammy |
Fixed 5.15.0-82.91
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lowlatency-hwe-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 5.15.0-82.91~20.04.1
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lowlatency-hwe-5.19 | ||
| 22.04 LTS jammy | Ignored end of life, was needed | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-nvidia | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1031.31
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1041.47
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.0 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-oracle-5.3 | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.3 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-oracle-5.4 | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.4 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.8 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-oracle-5.11 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.11 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-oracle-5.13 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.13 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored end of life, was needs-triage | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 5.15.0-1041.47~20.04.1
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-5.6 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored end of life, was needs-triage | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-5.10 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored end of life, was needs-triage | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-5.13 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-oem-5.14 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-5.14 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored end of life, was needs-triage | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-5.17 | ||
| 22.04 LTS jammy | Ignored end of life, was pending | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-6.0 | ||
| 22.04 LTS jammy |
Fixed 6.0.0-1021.21
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-6.1 | ||
| 22.04 LTS jammy |
Fixed 6.1.0-1020.20
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-osp1 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1036.39
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi2 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored replaced by linux-raspi | |
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi2-5.3 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi-5.4 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-riscv | ||
| 22.04 LTS jammy | Ignored end of life, was needs-triage | |
| 20.04 LTS focal | Ignored superseded by linux-riscv-5.8 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-riscv-5.8 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-riscv-5.11 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-riscv-5.11 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored superseded by linux-riscv-5.13 | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-riscv-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 5.15.0-1039.43~20.04.2
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-riscv-5.19 | ||
| 22.04 LTS jammy | Ignored end of life, was needs-triage | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-snapdragon | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Not in release | |
| linux-starfive | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-starfive-5.19 | ||
| 22.04 LTS jammy | Ignored end of life, was needs-triage | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-xilinx-zynqmp | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux | ||
| 22.04 LTS jammy |
Fixed 5.15.0-82.91
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-aws | ||
| 22.04 LTS jammy |
Fixed 5.15.0-1043.48
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-aws-6.2 | ||
| 22.04 LTS jammy |
Fixed 6.2.0-1010.10~22.04.1
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe-6.2 | ||
| 22.04 LTS jammy |
Fixed 6.2.0-31.31~22.04.1
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lowlatency-hwe-6.2 | ||
| 22.04 LTS jammy |
Fixed 6.2.0-1011.11~22.04.1
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-ibm-5.15 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 5.15.0-1036.39~20.04.1
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-6.2 | ||
| 22.04 LTS jammy |
Fixed 6.2.0-1012.12~22.04.1
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-6.2 | ||
| 22.04 LTS jammy |
Fixed 6.2.0-1011.11~22.04.1
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-fde-6.2 | ||
| 22.04 LTS jammy |
Fixed 6.2.0-1011.11~22.04.1
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-nvidia-6.2 | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-starfive-6.2 | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-laptop | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-6.5 | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Notes
rodrigo-zaiden
Google kCTF submission same fix commit as CVE-2023-4147, one or the other will likely be marked as duplicated.
References
Related Ubuntu Security Notices (USN)
- USN-6315-1
- Linux kernel vulnerabilities
- 29 August 2023
- USN-6316-1
- Linux kernel (OEM) vulnerabilities
- 29 August 2023
- USN-6318-1
- Linux kernel vulnerabilities
- 29 August 2023
- USN-6321-1
- Linux kernel vulnerabilities
- 30 August 2023
- USN-6325-1
- Linux kernel vulnerabilities
- 31 August 2023
- USN-6328-1
- Linux kernel (Oracle) vulnerabilities
- 31 August 2023
- USN-6330-1
- Linux kernel (GCP) vulnerabilities
- 31 August 2023
- USN-6332-1
- Linux kernel (Azure) vulnerabilities
- 31 August 2023
- USN-6348-1
- Linux kernel vulnerabilities
- 6 September 2023
- USN-6385-1
- Linux kernel (OEM) vulnerabilities
- 19 September 2023
- LSN-0098-1
- Kernel Live Patch Security Notice
- 10 October 2023
- LSN-0099-1
- Kernel Live Patch Security Notice
- 28 November 2023
Other references
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211
- https://google.github.io/security-research/kernelctf/rules
- https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230723144148.26231-1-pablo@netfilter.org/
- https://www.cve.org/CVERecord?id=CVE-2023-3995