Canonical has released a new Linux kernel live patch for some of its supported Ubuntu releases and official derivatives to address three security vulnerabilities discovered in the virtual terminal.
Available for Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 ESM, the new kernel live patch includes fixes for three security issues discovered in Linux kernel’s virtual terminal (VT) implementation.
The three security vulnerabilities are CVE-2020-8647, CVE-2020-8648 and CVE-2020-8649. These could a local attacker to expose sensitive information or even crash the system by causing a denial of service in the case of CVE-2020-8648, which describes a race condition.
The issues can be fixed if the user updates the kernel livepatch to version 66.1, which is available for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS in generic, lowlatency, oem and was kernel flavors.
The new kernel live patch is also available for Ubuntu 14.04 ESM (Extended Security Maintenance), but only in generic and lowlatency kernel flavors.
However, to receive the new kernel livepatch, you must run the linux-generic 4.15.0-69, linux-oem 4.15.0-1063, linux-aws 4.15.0-1054, linux-azure 5.0.0-1025, or linux-gcp 5.0.0-1025 on Ubuntu 18.04 LTS.
On Ubuntu 16.04 LTS, you must use the linux-generic 4.4.0-168, linux-aws 4.4.0-1098, linux-azure 4.15.0-1063 and linux-hwe 4.15.0-69 kernel flavors. On Ubuntu 14.04 ESM you must use linux-lts-xenial 4.4.0-168.
Canonical says that if you’re using a kernel older than the versions listed above, you will not receive livepatch updates. A reboot is not required when installing a new kernel live patch.
To enable the kernel livepatch service, you must open the Software & Updates utility and enable Livepatch in the tab with the same name, as you can see in the screenshot above.
Last updated 3 years ago