Canonical’s Ubuntu Security Team has published new Linux kernel security updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS systems to address several vulnerabilities.
Two kernel updates are available for the Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04.6 LTS (Xenial Xerus) operating system series running the Linux 4.15 LTS kernel series, as well as Ubuntu 16.04 LTS systems running the Linux 4.4 LTS kernel series.
Two issues are common for both the Linux 4.15 and 4.4 kernel series, namely a flaw (CVE-2020-11494) discovered in the Serial CAN interface driver that could allow a local attacker to expose sensitive information (kernel memory) and a vulnerability (CVE-2020-11565) that could let a local attacker with access to specify mount options to the tmpfs virtual memory file system to crash the system by causing a denial of service.
Two other flaws were patched in the Linux 4.15 kernel series for Ubuntu 18.04 LTS and Ubuntu 16.04.6 LTS systems. These are CVE-2020-11669, discovered by David Gibson and affecting only Power9 CPUs, allowing a local attacker in a guest virtual machine to cause a denial of service and crash the host system, and CVE-2020-12657, a flaw discovered in Linux kernel’s block layer, which could allow a local attacker to either crash the system or execute arbitrary code.
On the other hand, the Linux 4.4 kernel series for Ubuntu 16.04 LTS systems were affected by several issues (CVE-2020-11608, CVE-2020-11609 and CVE-2020-11668) found in the OV51x USB Camera device driver, STV06XX USB Camera device driver, and Xirlink C-It USB Camera device driver, which could allow a physically proximate attacker to cause a denial of service (system crash).
Also patched are a flaw (CVE-2019-19060) discovered in the ADIS16400 IIO IMU driver that could allow a local attacker to cause a denial of service (memory exhaustion) and a stack buffer overflow (CVE-2020-10942) discovered in Linux kernel’s vhost net driver, which could allow a local attacker with access to ioctl() calls on /dev/vhost-net to cause a denial of service (system crash).
Canonical urges all Ubuntu 18.04 LTS and Ubuntu 16.04.6 LTS users running the stock/HWE Linux 4.15 kernel to update their systems to linux-image 4.15.0-101.102 on 64-bit or 32-bit machines, and Ubuntu 16.04 LTS users running the stock Linux 4.4 kernel to update their installations to linux-image 4.4.0-179.209 on 64-bit or 32-bit systems.
The new Linux kernel security updates are also available for Amazon Web Services (AWS), Amazon Web Services (AWS-HWE) , Google Container Engine (GKE), Google Cloud Platform (GCP), and Oracle Cloud systems, as well as OEM systems, Qualcomm Snapdragon processors, and Raspberry Pi (V7) systems.
To update your installations to the new kernel versions, run the
sudo apt-get update && sudo apt-get dist-upgrade commands in a terminal emulator. Make sure you reboot your system once the new kernel version was installed and also reinstall any third-party kernel modules you had installed.
Update: A security update was also released for Ubuntu 18.04 LTS systems running the Linux 5.0 kernel series on Google Container Engine (GKE) and OEM systems. Users must update to linux-image-gke 5.0.0-1037.38 and linux-image-oem-osp1 5.0.0-1052.57.