Canonical published a new Linux kernel security update for all supported Ubuntu releases to address yet another Linux kernel vulnerability that could allow unintended access to data in some environments.
Affecting Ubuntu 20.10 (Groovy Gorilla), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 ESM (Trusty Tahr), the new security vulnerability (CVE-2020-28374) was discovered in Linux kernel’s LIO SCSI target implementation.
Due to this security issue, the LIO SCSI target implementation failed to perform sufficient identifier checking in certain XCOPY requests, allowing an attacker with access to one or more LUNs in a multiple backstore environment to either expose sensitive information or modify data.
“SCSI “EXTENDED COPY” (XCOPY) requests sent to a Linux SCSI target (LIO) allow an attacker to read or write anywhere on any LIO backstore configured on the host, provided the attacker has access to one LUN and knowledge of the victim backstore’s vpd_unit_serial (AKA “wwn”). This is possible regardless of the transport/HBA settings for the victim backstore.”
Canonical urges all Ubuntu users to update their installations as soon as possible to the new Linux kernel versions that are already available in the main archives. This include linux-image 184.108.40.206.42 for Ubuntu 20.10, linux-image 5.8.0-38.43~20.04.1 for Ubuntu 20.04.1 LTS, linux-image 5.4.0-62.70~18.04.1 for Ubuntu 18.04.5 LTS, linux-image 4.4.0-200.232 for Ubuntu 16.04.7 LTS, and linux-image-lts-xenial 220.127.116.11.175 for Ubuntu 14.04 ESM.
To update your installations, simply run the
supo apt-get update && sudo apt-get -y full-upgrade commands in the Terminal app and wait for all packages to be installed. Once all packages were successfully installed, reboot your computers to make all the necessary changes. In some cases, you’ll also have to rebuild and reinstall any third-party kernel modules you might have installed.
Last updated 3 years ago