Canonical published yet another set of Linux kernel security updates for all supported Ubuntu releases to address several security vulnerabilities marked as important.
The most important security issue fixed in this new Linux kernel update was discovered in the SELinux network label handling implementation by Matthew Sheets. This vulnerability (CVE-2020-10711) affects Ubuntu 20.04 LTS, 19.10, 18.04 LTS, and 16.04 LTS, and could allow a remote attacker to cause a denial of service (system crash).
On Ubuntu 19.10 and Ubuntu 18.04 LTS systems using either Linux 5.3 or 5.0 kernels, the new security update addresses another important vulnerability (CVE-2020-10751) discovered by Dmitry Vyukov in the SELinux netlink security hook, which could allow a privileged attacker to bypass SELinux netlink restrictions.
Also patched in all supported Ubuntu releases is a security issue (CVE-2020-12770) discovered in Linux kernel’s SCSI generic (sg) driver, which incorrectly handled certain error conditions. This could allow a local privileged attacker to cause a denial of service (system crash).
Affecting Ubuntu 20.04 LTS systems running Linux kernel 5.4, as well as Ubuntu 19.10 and 18.04 LTS systems running Linux kernel 5.3, a vulnerability (CVE-2020-12768) discovered in the KVM implementatio, which could allow a local attacker to cause a denial of service, was fixed as well.
Affecting Ubuntu 20.04 LTS systems running Linux kernel 5.4, as well as Ubuntu 18.04 LTS and 16.04 LTS systems running Linux kernel 4.15, a vulnerability (CVE-2020-13143) discovered in the USB Gadget device driver, which could allow a local attacker to crash the system or expose sensitive information, was also patched in the new security update.
Other issues patched in this important Linux kernel security update include a flaw (CVE-2020-10732) in the elf handling code allowing a local attacker to expose sensitive information (kernel memory) on Ubuntu 20.04 LTS systems, as well as several vulnerabilities (CVE-2019-19039, CVE-2019-19377, CVE-2019-19036, CVE-2019-19318, CVE-2019-19813, CVE-2019-19816) affecting the Btrfs file system implementation on Ubuntu 16.04 LTS systems running Linux kernel 4.15.
Also on Ubuntu 16.04 LTS system running Linux kernel 4.15, the new security update mitigates a flaw (CVE-2019-16089) discovered in the network block device (nbd) implementation, an issue (CVE-2019-19462) discovered in the kernel->user space relay implementation, and a vulnerability (CVE-2019-12380) discovered in the efi subsystem. All these could allow a local attacker to cause a denial of service (system
Canonical urges all users to update their installations as soon as possible to the new Linux kernel versions that are now available in the stable repositories of Ubuntu 20.04 LTS (linux-image 5.4.0-28.32), Ubuntu 19.10 and Ubuntu 18.04.4 LTS (linux-image 5.3.0-62.56), as well as Ubuntu 18.04 LTS and 16.04.6 LTS (linux-image 4.15.0-109.110 and linux-image 4.15.0-107.108~16.04.1).
To update your systems, run the
sudo apt-get update && sudo apt-get dist-upgrade command in the Terminal app. After successfully installing the new kernel versions, please reboot your computers.