Canonical published today another security patch, this time a standard kernel update for Ubuntu 19.10 and Ubuntu 18.04.4 LTS systems running the Linux 5.3 kernel series.
After releasing kernel updates for Ubuntu 18.04 LTS and 16.04 LTS, as well as Ubuntu 20.04 LTS, Canonical now also published a kernel security update for Ubuntu 19.10 (Eoan Ermine) and Ubuntu 18.04.4 LTS (Bionic Beaver) systems that use Linux kernel 5.3 to fix eight vulnerabilities.
The issues fixed in this security update are a race condition (CVE-2019-19769) discovered by Tristan Madani in Linux kernel’s file locking implementation, which could allow a local attacker to either expose sensitive information or cause a denial of service.
Another flaw (CVE-2019-19377), discovered in Linux kernel’s Btrfs file system implementation that could allow an attacker to cause a denial of service (system crash) by using a specially crafted file system image, was patched as well.
Also patched is a vulnerability (CVE-2020-11494) discovered in Linux kernel’s Serial CAN interface driver that could allow a local attacker to expose sensitive information (kernel memory) and a race condition (CVE-2020-12657) that could lead to a use-after-free vulnerability, which was discovered in Linux kernel’s block layer and could allow a local attacker to crash the system or execute arbitrary code.
Another security issue (CVE-2020-11565) was discovered in Linux kernel’s tmpfs virtual memory file system. This could allow a local attacker with the ability to specify mount options to cause a denial of service (system crash).
Last but not least, the security update fixes several flaws (CVE-2020-11608, CVE-2020-11609 and CVE-2020-11668) found in the drivers for OV51x USB Camera, STV06XX USB Camera and Xirlink C-It USB Camera devices that could allow a physically proximate attacker to cause a denial of service (system crash).
If you’re using Ubuntu 19.10 or Ubuntu 18.04.4 LTS with the Linux 5.3 kernel, it is recommended to update the kernel packages as soon as possible following the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades.
For Ubuntu 19.10 64-bit systems, the new kernel version is linux-image 5.3.0-53.47, while for Ubuntu 18.04.4 LTS 64-bit systems is linux-image 5.3.0-53.47~18.04.1. Updates are also available for was, gap, Ike, oracle, kvm, snapdragon, and raspi2 kernel flavors.