USN-4313-1

Advisory lineage Upstream: 2 Downstream: 0
Published: 30 Mar 2020, 18:10
Last modified:04 Feb 2026, 03:33

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

30 Mar 2020, 18:10
Published
Vulnerability first disclosed
04 Feb 2026, 03:33
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3 vulnerability Manfred Paul discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information (kernel memory) or gain administrative privileges.

Affected Systems

  • ubuntulinux-azure-5.3

    < 5.3.0-1018.19~18.04.1

  • ubuntulinux-gcp-5.3

    < 5.3.0-1016.17~18.04.1

  • ubuntulinux-gke-5.3

    < 5.3.0-1016.17~18.04.1

  • ubuntulinux-hwe

    < 5.3.0-45.37~18.04.1

  • ubuntulinux-oracle-5.3

    < 5.3.0-1013.14~18.04.1

  • ubuntulinux-raspi2-5.3

    < 5.3.0-1021.23~18.04.1

References (2)