by 
Canonical’s Ubuntu Kernel team published today new Linux kernel security updates for all supported Ubuntu operating system releases to address up to nine security vulnerabilities.
These new Linux kernel security updates are here a little over a month after the previous ones, which addressed six vulnerabilities, and they’re available for Ubuntu 21.10 (Impish Indri), Ubuntu 21.04 (Hisute Hippo), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), as well as the Ubuntu 16.04 and 14.04 ESM releases.
Patched in this new kernel security updates are CVE-2021-4002, a security flaw affecting all aforementioned Ubuntu releases and discovered by Nadav Amit in Linux kernel’s hugetlb implementation. This leak could allow a local attacker to alter data from other processes that use huge pages.
Also for all supported Ubuntu releases, the new kernel security updates patch CVE-2021-41864, an integer overflow discovered in the eBPF implementation, CVE-2021-43389, a race condition discovered in the the ISDN CAPI implementation, and CVE-2021-43267, a flaw discovered in the TIPC Protocol implementation. These could allow privileged local attackers to cause a denial of service (system crash) or execute arbitrary code.
Same goes for CVE-2021-20321, a race condition discovered in Linux kernel’s overlay file system (OverlayFS) implementation, which could allow a local attacker to cause a denial of service (system crash), as well as CVE-2021-3760, a use-after-free vulnerability discovered in the NFC subsystem, which could allow a local attacker to cause a denial of service (system crash) or execute arbitrary code.
Only for Ubuntu 21.10, Ubuntu 21.04 and Ubuntu 20.04 LTS systems running Linux kernel 5.11, as well as Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4, the new kernel security updates address CVE-2021-43056, a flaw discovered in the KVM implementation for POWER8 processors that could allow an attacker in a guest virtual machine to crash the host OS by causing a denial of service.
Only for Only for Ubuntu 21.10 systems running Linux kernel 5.13, as wlel as Ubuntu 21.04 and Ubuntu 20.04 LTS systems running Linux kernel 5.11, the new kernel updates also fix CVE-2021-43267, a security issue discovered in the TIPC Protocol implementation, which could allow an attacker to either crash the system by causing a denial of service or possibly execute arbitrary code.
Only for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4, the new kernel security updates also address CVE-2020-26541, a critical flaw that could allow an attacker to bypass UEFI Secure Boot
restrictions because the Linux kernel failed to properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism.
Last but not least, the new kernel security updates also patch CVE-2021-20317, a race condition discovered in Linux kernel’s in the timer implementation, which could allow a privileged attacker to cause a denial of service.
Canonical urges all Ubuntu users affected by these security vulnerabilities to update their installations to the new kernel versions available in the main software repositories as soon as possible. To update, either use the Software Updater utility to install all available updates or run the command below in the Terminal app.
sudo apt update && sudo apt full-upgradeAs always, please keep in mind to reboot your systems after installing the new kernel versions, and also rebuild and reinstall any third-party kernel modules that you might have installed.
I should also note the fact that this is probably the last kernel update for Ubuntu 21.04 (Hirsute Hippo), which will reach end of life on January 20th, 2022. If you’re still using Ubuntu 21.04, you should consider upgrading to Ubuntu 21.10 (Impish Indri), which will be supported until July 2022.
Update 12/01/22: A regression was introduced by this security update on Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux 5.4 that caused boot failures in environments with AMD Secure Encrypted Virtualization (SEV) enabled. Users are urged to update their installations as soon as possible to the new kernel versions available in the main archives.
Last updated 2 years ago
