Another Batch of Important Linux Kernel Security Updates Arrives for Ubuntu Users, Patch Now

Ubuntu Security Updates


Canonical published a few minutes ago another set of important Linux kernel security updates for all of its supported Ubuntu releases to address several security vulnerabilities.

The new Linux kernel security update comes one and a half months after the previous update and it’s available for the Ubuntu 21.04 (Hirsute Hippo), Ubuntu 20.04 LTS (Focal Fossa), and Ubuntu 18.04 LTS (Bionic Beaver) operating system series.

Patched in these kernel updates are several security vulnerabilities affecting the KVM hypervisor for AMD processors on all Ubuntu releases. These include CVE-2021-3656 and CVE-2021-3653, both flaws allowing an attacker in a guest virtual machine to read or write to portions of the host’s physical memory, as well as CVE-2021-22543, a use-after-free vulnerability that could allow an attacker who could start and control a virtual machine to expose sensitive information or execute arbitrary code. These issues were discovered and reported by Maxim Levitsky and Paolo Bonzini.

Only for Ubuntu 21.04 and Ubuntu 20.04 LTS systems running Linux kernel 5.11, the new security update fixes a flaw (CVE-2021-38198) discovered in Linux kernel’s KVM hypervisor implementation that could allow a local attacker to cause a denial of service.

Only for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4, the new Ubuntu kernel security update patches CVE-2020-36311, another flaw discovered in the KVM hypervisor implementation for AMD processors that could allow a local attacker to cause a denial of service (soft lockup).

Only for Ubuntu 18.04 LTS systems running Linux kernel 4.15, the new kernel update fixes CVE-2021-38160, a vulnerability discovered in Linux kernel’s Virtio console implementation that could allow a local attacker to cause a denial of service (system crash).

Also patched in this new Linux kernel update for Ubuntu systems is CVE-2021-3612, a security vulnerability discovered by Murray McAllister in Linux kernel’s joystick device interface, which could allow a local attacker to crash the vulnerable system by causing a denial of service attack or execute arbitrary code on systems with a registered joystick device. This flaw affects all supported Ubuntu releases and kernels.

Only for Ubuntu 21.04 and Ubuntu 20.04 LTS systems running Linux kernel 5.11, the new security update patches several more important vulnerabilities, including CVE-2020-26541, a flaw that could allow an attacker to bypass UEFI Secure Boot restrictions, CVE-2021-38206, a null pointer dereference discovered by Ben Greear in Linux kernel’s mac80211 subsystem that could allow a physically proximate attacker to cause a denial of service (system crash), and CVE-2021-38207, a flaw found in the Xilinx LL TEMAC device driver that could allow a remote attacker to cause a denial of service (system crash).

Same goes for CVE-2021-34693, a flaw discovered by Norbert Slusarek in the CAN broadcast manger (bcm) protocol implementation that could allow a local attacker to expose sensitive information (kernel memory), and CVE-2021-38200, a null pointer dereference issue discovered in Linux kernel’s perf subsystem for the PowerPC architecture, which could allow an attacker to cause a denial of service (system crash).

Canonical urges all Ubuntu users to update their installations as soon as possible to the new kernel versions (linux-image-generic 5.11.0.34.36 for Ubuntu 21.04 and Ubuntu 20.04 LTS, linux-image-generic 5.4.0.84.88 for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS, and linux-image-generic 4.15.0.156.145 for Ubuntu 18.04 LTS). Please note that you will have to reboot your systems after installing the new kernel versions to be fully patched against these security vulnerabilities.

Last updated 1 month ago