Canonical released today another Linux kernel security update for Ubuntu to address six vulnerabilities affecting the Linux 5.8 and 5.4 kernels of several Ubuntu releases.
The new Linux kernel security update comes just a week after the last kernel update and is available for Ubuntu 20.10 (Groovy Gorilla), Ubuntu 20.04 LTS (Focal Fossa), and Ubuntu 18.04 LTS (Bionic Beaver) operating system series running Linux kernel 5.8 (Ubuntu 20.10) and Linux kernel 5.4 LTS (Ubuntu 20.04 and Ubuntu 18.04).
The update fixes CVE-2021-27363, CVE-2021-27364, and CVE-2021-27365, three flaws discovered by Adam Nichols in Linux kernel’s iSCSI subsystem, which could allow a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code.
Also patched are CVE-2020-27170 and CVE-2020-27171, two flaws discovered by Piotr Krysiuk in Linux kernel’s BPF subsystem that could allow a local attacker could use this to expose sensitive information (kernel memory).
The sixth vulnerability fixed in the new kernel update is CVE-2021-3444, a security issue discovered by De4dCr0w of 360 Alpha Lab in Linux kernel’s BPF verifier, which could allow a local attacker to expose sensitive information (kernel memory) or possibly execute arbitrary code.
The patched kernels are available for all the aforementioned Ubuntu releases on OEM, Raspberry Pi (V8), hardware enablement (HWE), Amazon Web Services (AWS), Google Cloud Platform (GCP), Google Container Engine (GKE), Microsoft Azure Cloud, KVM, and Oracle Cloud flavors.
Canonical urges users to update their installations as soon as possible to the new kernel versions that are already available in the software archives of Ubuntu 20.10, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. After updating the kernel packages, a reboot is required to make all the necessary changes, and, in some case, you may need to rebuild and reinstall any third-party kernel modules you might have installed.
Update 25/03/21: Canonical also released a kernel update for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS systems running Linux 4.15 kernel to address only the CVE-2020-27170 and CVE-2020-27171 flaws.
Last updated 10 months ago