Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-47128

Опубликовано: 15 мар. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 5.5

Описание

In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to restrict which domains are allowed to perform operations that would breach lockdown. This is indirectly also getting audit subsystem involved to report events. The latter is problematic, as reported by Ondrej and Serhei, since it can bring down the whole system via audit: 1) The audit events that are triggered due to calls to security_locked_down() can OOM kill a machine, see below details [0]. 2) It also seems to be causing a deadlock via avc_has_perm()/slow_avc_audit() when trying to wake up kauditd, for example, when using trace_sched_switch() tracepoint, see details in [1]. Triggering this was not via some hypothetical corner case, but with existing tools like runqlat & runqslower from bcc, ...

РелизСтатусПримечание
devel

not-affected

6.8.0-31.31
esm-infra-legacy/trusty

not-affected

3.11.0-12.19
esm-infra/bionic

not-affected

4.13.0-16.19
esm-infra/focal

not-affected

5.4.0-9.12
esm-infra/xenial

not-affected

4.4.0-2.16
focal

not-affected

5.4.0-9.12
jammy

not-affected

5.13.0-19.19
mantic

not-affected

6.2.0-20.20
noble

not-affected

6.5.0-9.9
trusty/esm

not-affected

3.11.0-12.19

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

end of kernel support
mantic

DNE

noble

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

not-affected

6.8.0-1008.8
esm-infra-legacy/trusty

not-affected

4.4.0-1002.2
esm-infra/bionic

not-affected

4.15.0-1001.1
esm-infra/focal

not-affected

5.4.0-1005.5
esm-infra/xenial

not-affected

4.4.0-1001.10
focal

not-affected

5.4.0-1005.5
jammy

not-affected

5.13.0-1005.6
mantic

not-affected

6.2.0-1003.3
noble

not-affected

6.5.0-1008.8
trusty/esm

not-affected

4.4.0-1002.2

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

superseded by linux-aws-5.3
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-aws-5.3

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-aws-5.13
focal

ignored

end of standard support, was ignored [superseded by linux-aws-5.13]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-aws-5.13

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-aws-5.15
focal

ignored

end of standard support, was ignored [superseded by linux-aws-5.15]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-aws-5.15

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.15.0-1014.18~20.04.1
focal

not-affected

5.15.0-1014.18~20.04.1
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-aws-6.2
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-aws-6.2

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

superseded by linux-aws-5.4
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-aws-5.4

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

5.4.0-1018.18~18.04.1
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-aws-5.11
focal

ignored

end of standard support, was ignored [superseded by linux-aws-5.11]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-aws-5.11

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-aws-6.5
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-aws-6.5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

6.5.0-1008.8~22.04.1
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

DNE

esm-infra/focal

DNE

esm-infra/xenial

DNE

fips-updates/bionic

not-affected

4.15.0-2000.4
fips-updates/focal

not-affected

5.4.0-1021.21+fips2
fips/bionic

not-affected

4.15.0-2000.4
fips/focal

not-affected

5.4.0-1021.21+fips2

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

4.15.0-1030.31~16.04.1
focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

not-affected

6.8.0-1007.7
esm-infra-legacy/trusty

not-affected

4.15.0-1023.24~14.04.1
esm-infra/bionic

ignored

superseded by linux-azure-5.3
esm-infra/focal

not-affected

5.4.0-1006.6
esm-infra/xenial

not-affected

4.11.0-1009.9
focal

not-affected

5.4.0-1006.6
jammy

not-affected

5.13.0-1006.7
mantic

not-affected

6.2.0-1003.3
noble

not-affected

6.5.0-1007.7
trusty/esm

not-affected

4.15.0-1023.24~14.04.1

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

4.15.0-1082.92
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-azure-5.13
focal

ignored

end of standard support, was ignored [superseded by linux-azure-5.13]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-azure-5.13

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-azure-5.15
focal

ignored

end of standard support, was ignored [superseded by linux-azure-5.15]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-azure-5.15

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.15.0-1007.8~20.04.1
focal

not-affected

5.15.0-1007.8~20.04.1
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-azure-6.2
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-azure-6.2

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

superseded by linux-azure-5.4
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-azure-5.4

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

5.4.0-1020.20~18.04.1
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-azure-5.11
focal

ignored

end of standard support, was ignored [superseded by linux-azure-5.11]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-azure-5.11

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-azure-6.5
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-azure-6.5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

6.5.0-1007.7~22.04.1
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

superseded by linux-azure-5.3
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-azure-5.3

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-azure-fde-5.15
focal

ignored

end of standard support, was ignored [superseded by linux-azure-fde-5.15]
jammy

not-affected

5.15.0-1019.24.1
mantic

DNE

noble

not-affected

6.8.0-1041.48
upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.15.0-1019.24~20.04.1.1
focal

not-affected

5.15.0-1019.24~20.04.1.1
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-azure-fde-6.2
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-azure-fde-6.2

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

replaced by linux-azure-6.5
mantic

DNE

noble

DNE

upstream

ignored

replaced by linux-azure-6.5

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

DNE

esm-infra/focal

DNE

esm-infra/xenial

DNE

fips-updates/bionic

not-affected

4.15.0-1002.2
fips-updates/focal

not-affected

5.4.0-1022.22+fips1
fips/bionic

not-affected

4.15.0-1002.2
fips/focal

not-affected

5.4.0-1022.22+fips1

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.4.0-1007.10
focal

not-affected

5.4.0-1007.10
jammy

not-affected

5.15.0-1011.13
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

fips-updates/bionic

not-affected

4.15.0-1027.32
fips-updates/focal

not-affected

5.4.0-1026.30
fips-updates/xenial

not-affected

4.4.0-1003.3
fips/bionic

not-affected

4.15.0-1011.12
fips/focal

not-affected

5.4.0-1007.8
fips/xenial

not-affected

4.4.0-1001.1
focal

DNE

jammy

DNE

Показывать по

РелизСтатусПримечание
devel

not-affected

6.8.0-1007.7
esm-infra/bionic

ignored

superseded by linux-gcp-5.3
esm-infra/focal

not-affected

5.4.0-1005.5
esm-infra/xenial

not-affected

4.10.0-1004.4
focal

not-affected

5.4.0-1005.5
jammy

not-affected

5.13.0-1005.6
mantic

not-affected

6.2.0-1005.5
noble

not-affected

6.5.0-1007.7
upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

4.15.0-1071.81
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-gcp-5.13
focal

ignored

end of standard support, was ignored [superseded by linux-gcp-5.13]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-gcp-5.13

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-gcp-5.15
focal

ignored

end of standard support, was ignored [superseded by linux-gcp-5.15]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-gcp-5.15

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.15.0-1006.9~20.04.1
focal

not-affected

5.15.0-1006.9~20.04.1
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-gcp-6.2
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-gcp-6.2

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

superseded by linux-gcp-5.4
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-gcp-5.4

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

5.4.0-1019.19~18.04.2
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-gcp-5.11
focal

ignored

end of standard support, was ignored [superseded by linux-gcp-5.11]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-gcp-5.11

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-gcp-6.5
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-gcp-6.5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

6.5.0-1010.10~22.04.3
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

DNE

esm-infra/focal

DNE

esm-infra/xenial

DNE

fips-updates/bionic

not-affected

4.15.0-2013.14
fips-updates/focal

not-affected

5.4.0-1021.21+fips1
fips/bionic

not-affected

4.15.0-1001.1
fips/focal

not-affected

5.4.0-1021.21+fips1

Показывать по

РелизСтатусПримечание
devel

not-affected

6.8.0-1003.5
esm-infra/focal

ignored

end of kernel support
focal

ignored

end of kernel support
jammy

not-affected

5.15.0-1002.2
mantic

DNE

noble

not-affected

6.8.0-1003.5
upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

superseded by linux-gke-5.0
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-gke-5.0

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

end of kernel support
focal

ignored

end of kernel support
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

end of kernel support
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

not-affected

esm-infra/focal

not-affected

5.4.0-1008.9
focal

not-affected

5.4.0-1008.9
jammy

not-affected

5.15.0-1001.2
mantic

DNE

noble

not-affected

6.8.0-1001.3
upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.15.0-1003.5~20.04.2
focal

not-affected

5.15.0-1003.5~20.04.2
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

end of kernel support
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

replaced by linux-hwe-5.4
esm-infra/focal

DNE

esm-infra/xenial

not-affected

4.8.0-39.42~16.04.1
focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-hwe-5.13
focal

ignored

end of standard support, was ignored [superseded by linux-hwe-5.13]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-hwe-5.13

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-hwe-5.15
focal

ignored

end of standard support, was ignored [superseded by linux-hwe-5.15]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-hwe-5.15

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.15.0-33.34~20.04.1
focal

not-affected

5.15.0-33.34~20.04.1
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-hwe-6.2
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-hwe-6.2

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

5.4.0-37.41~18.04.1
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-hwe-5.11
focal

ignored

end of standard support, was ignored [superseded by linux-hwe-5.11]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-hwe-5.11

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-hwe-6.5
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-hwe-6.5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

6.5.0-14.14~22.04.1
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

superseded by linux-hwe-5.4
esm-infra/focal

DNE

esm-infra/xenial

ignored

superseded by linux-hwe
focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

not-affected

6.8.0-1005.5
esm-infra/focal

not-affected

5.4.0-1003.4
focal

not-affected

5.4.0-1003.4
jammy

not-affected

5.15.0-1002.2
mantic

ignored

end of kernel support
noble

not-affected

6.5.0-1009.9
upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.15.0-1033.36~20.04.1
focal

not-affected

5.15.0-1033.36~20.04.1
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

5.4.0-1010.11~18.04.2
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

DNE

esm-infra/focal

DNE

esm-infra/xenial

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

not-affected

6.8.0-1001.6

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

end of kernel support
focal

ignored

end of kernel support
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

5.15.0-1004.6
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.15.0-1003.5~20.04.1
focal

not-affected

5.15.0-1003.5~20.04.1
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.4.0-1001.3
focal

not-affected

5.4.0-1001.3
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

4.15.0-1002.2
esm-infra/focal

not-affected

5.4.0-1004.4
esm-infra/xenial

not-affected

4.4.0-1004.9
focal

not-affected

5.4.0-1004.4
jammy

not-affected

5.13.0-1004.4
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

not-affected

6.5.0-1003.6
noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

not-affected

6.8.0-31.31.1
esm-infra/focal

DNE

focal

DNE

jammy

not-affected

5.15.0-22.22
mantic

not-affected

6.2.0-1003.3
noble

not-affected

6.5.0-9.9.1
upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.15.0-33.34~20.04.1
focal

not-affected

5.15.0-33.34~20.04.1
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-lowlatency-hwe-6.2
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-lowlatency-hwe-6.2

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-lowlatency-hwe-6.5
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-lowlatency-hwe-6.5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

6.5.0-14.14.1~22.04.1
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

not-affected

4.4.0-13.29~14.04.1
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

trusty/esm

not-affected

4.4.0-13.29~14.04.1
upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

not-affected

6.8.0-1005.5
esm-infra/focal

DNE

focal

DNE

jammy

not-affected

5.15.0-1005.5
mantic

DNE

noble

not-affected

6.8.0-1007.7
upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-nvidia-6.5
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-nvidia-6.5

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

DNE

esm-infra/focal

DNE

esm-infra/xenial

DNE

focal

DNE

jammy

not-affected

6.5.0-1004.4
mantic

DNE

noble

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

DNE

esm-infra/focal

DNE

esm-infra/xenial

DNE

focal

DNE

jammy

not-affected

6.8.0-1008.8~22.04.1
noble

DNE

trusty

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

DNE

esm-infra/focal

DNE

esm-infra/xenial

DNE

focal

DNE

jammy

DNE

noble

not-affected

6.8.0-1009.9.1
trusty

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

replaced by linux-hwe-5.4
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-oem-5.13
focal

ignored

end of standard support, was ignored [superseded by linux-oem-5.13]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-oem-5.13

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-oem-5.14
focal

ignored

end of standard support, was ignored [superseded by linux-oem-5.14]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-oem-5.14

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

replaced by linux-hwe-5.15
focal

ignored

end of standard support, was ignored [replaced by linux-hwe-5.15]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

replaced by linux-hwe-5.15

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-oem-6.1
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-oem-6.1

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-oem-5.10
focal

ignored

end of standard support, was ignored [superseded by linux-oem-5.10]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-oem-5.10

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-oem-6.1
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-oem-6.1

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-oem-6.5, was needs-triage
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-oem-6.5, was needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

6.5.0-1003.3
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

DNE

esm-infra/focal

DNE

esm-infra/xenial

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

not-affected

6.8.0-1003.3

Показывать по

РелизСтатусПримечание
devel

not-affected

6.8.0-1005.5
esm-infra/bionic

not-affected

4.15.0-1007.9
esm-infra/focal

not-affected

5.4.0-1005.5
esm-infra/xenial

not-affected

4.15.0-1007.9~16.04.1
focal

not-affected

5.4.0-1005.5
jammy

not-affected

5.13.0-1008.10
mantic

not-affected

6.2.0-1003.3
noble

not-affected

6.5.0-1010.10
upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

superseded by linux-oracle-5.3
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-oracle-5.3

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-oracle-5.13
focal

ignored

end of standard support, was ignored [superseded by linux-oracle-5.13]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-oracle-5.13

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-oracle-5.15
focal

ignored

end of standard support, was ignored [superseded by linux-oracle-5.15]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-oracle-5.15

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.15.0-1007.9~20.04.1
focal

not-affected

5.15.0-1007.9~20.04.1
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

ignored

superseded by linux-oracle-5.4
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-oracle-5.4

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

5.4.0-1019.19~18.04.1
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-oracle-5.11
focal

ignored

end of standard support, was ignored [superseded by linux-oracle-5.11]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-oracle-5.11

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

6.5.0-1013.13~22.04.4
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

not-affected

6.8.0-1004.4
esm-infra/focal

not-affected

5.4.0-1007.7
focal

not-affected

5.4.0-1007.7
jammy

not-affected

5.13.0-1008.9
mantic

not-affected

6.2.0-1004.5
noble

not-affected

6.5.0-1005.7
upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

5.4.0-1013.13~18.04.1
esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

replaced by linux-raspi
focal

ignored

end of standard support, was ignored [replaced by linux-raspi]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

replaced by linux-raspi

Показывать по

РелизСтатусПримечание
devel

not-affected

6.8.0-31.31.1
esm-infra/focal

ignored

superseded by linux-riscv-5.8
focal

ignored

end of standard support, was ignored [superseded by linux-riscv-5.8]
jammy

ignored

end of kernel support
mantic

not-affected

6.2.0-19.19.1
noble

not-affected

6.5.0-9.9.1
upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-riscv-5.13
focal

ignored

end of standard support, was ignored [superseded by linux-riscv-5.13]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-riscv-5.13

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.15.0-1015.17~20.04.1
focal

not-affected

5.15.0-1015.17~20.04.1
jammy

DNE

mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

end of kernel support
mantic

DNE

noble

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

superseded by linux-riscv-5.11
focal

ignored

end of standard support, was ignored [superseded by linux-riscv-5.11]
jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-riscv-5.11

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

6.5.0-17.17.1.1~22.04.1
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

not-affected

6.5.0-1002.3
noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

end of kernel support
mantic

DNE

noble

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

superseded by linux-starfive-6.5
mantic

DNE

noble

DNE

upstream

ignored

superseded by linux-starfive-6.5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

6.5.0-1007.8~22.04.1
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

5.4.0-1020.24
focal

not-affected

5.4.0-1020.24
jammy

not-affected

5.15.0-1022.26
mantic

DNE

noble

DNE

upstream

released

5.13~rc5

Показывать по

Ссылки на источники

EPSS

Процентиль: 2%
0.00014
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-47128

CVSS3: 4.4
redhat
почти 2 года назад

In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to restrict which domains are allowed to perform operations that would breach lockdown. This is indirectly also getting audit subsystem involved to report events. The latter is problematic, as reported by Ondrej and Serhei, since it can bring down the whole system via audit: 1) The audit events that are triggered due to calls to security_locked_down() can OOM kill a machine, see below details [0]. 2) It also seems to be causing a deadlock via avc_has_perm()/slow_avc_audit() when trying to wake up kauditd, for example, when using trace_sched_switch() tracepoint, see details in [1]. Triggering this was not via some hypothetical corner case, but with existing tools like runqlat & runqslower from bcc, ...

nvd логотип

CVE-2021-47128

CVSS3: 5.5
nvd
почти 2 года назад

In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to restrict which domains are allowed to perform operations that would breach lockdown. This is indirectly also getting audit subsystem involved to report events. The latter is problematic, as reported by Ondrej and Serhei, since it can bring down the whole system via audit: 1) The audit events that are triggered due to calls to security_locked_down() can OOM kill a machine, see below details [0]. 2) It also seems to be causing a deadlock via avc_has_perm()/slow_avc_audit() when trying to wake up kauditd, for example, when using trace_sched_switch() tracepoint, see details in [1]. Triggering this was not via some hypothetical corner case, but with existing tools like runqla

debian логотип

CVE-2021-47128

CVSS3: 5.5
debian
почти 2 года назад

In the Linux kernel, the following vulnerability has been resolved: b ...

github логотип

GHSA-cr4c-ww97-fphq

CVSS3: 5.5
github
почти 2 года назад

In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to restrict which domains are allowed to perform operations that would breach lockdown. This is indirectly also getting audit subsystem involved to report events. The latter is problematic, as reported by Ondrej and Serhei, since it can bring down the whole system via audit: 1) The audit events that are triggered due to calls to security_locked_down() can OOM kill a machine, see below details [0]. 2) It also seems to be causing a deadlock via avc_has_perm()/slow_avc_audit() when trying to wake up kauditd, for example, when using trace_sched_switch() tracepoint, see details in [1]. Triggering this was not via some hypothetical corner case, but with existing tools like run...

fstec логотип

BDU:2025-13695

CVSS3: 4.4
fstec
больше 4 лет назад

Уязвимость функции bpf_base_func_proto() модуля kernel/bpf/helpers.c поддержки интерпретатора BPF ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.

EPSS

Процентиль: 2%
0.00014
Низкий

5.5 Medium

CVSS3

Уязвимость CVE-2021-47128