by 
Canonical published today new Linux kernel security updates for Ubuntu 22.10 and Ubuntu 22.04 LTS systems running Linux kernel 5.19, as well as Ubuntu 22.04 LTS and Ubuntu 20.04 LTS systems running Linux kernel 5.15 LTS to address two security vulnerabilities that could lead to local privilege escalation.
The first vulnerability patched in this new Ubuntu kernel update is CVE-2023-1829, a flaw discovered in the Traffic-Control Index (TCINDEX) implementation that could allow a local attacker to elevate its privileges to root. Canonical notes the fact that to actually fix this flaw, they had to remove kernel support for the TCINDEX classifier.
The second local privilege escalation vulnerability affecting the aforementioned Ubuntu releases is CVE-2023-0386, a flaw discovered in the OverlayFS file system implementation that could allow a local attacker to escalate their privileges on the vulnerable system.
Canonical urges all Ubuntu 22.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS users to update their installations as soon as possible to the new kernel versions (linux-image 5.19.0-41.42 for Ubuntu 22.10, linux-image 5.19.0-41.42~22.04.1 for Ubuntu 22.04 LTS using Linux 5.19 HWE, linux-image 5.15.0.71.69 for Ubuntu 22.04 LTS, and linux-image 5.15.0-71.78~20.04.1 for Ubuntu 20.04 LTS using Linux 5.15 HWE).
To update your installations, run the sudo apt update && sudo apt full-upgrade command in the Terminal app or a virtual console. Please keep in mind to reboot your installations after applying the new kernel versions, as well as to rebuild and reinstall any third-party kernel modules you might have installed if you manually uninstalled the standard kernel metapackages (e.g. linux-generic).
Last updated 12 months ago
