Canonical released today a new important kernel security update for all supported Ubuntu releases to address up to eight security vulnerabilities.
Coming less than a month after the previous Ubuntu kernel security update, the new kernel update is here to address CVE-2021-43976, a security vulnerability discovered by Brendan Dolan-Gavitt in the Marvell WiFi-Ex USB device driver, which could allow a physically proximate attacker to cause a denial of service (system crash).
The update also fixes CVE-2021-44879, a flaw discovered by Wenqing Liu in the F2FS file system implementation, as well as CVE-2022-0617, a security issue discovered in the UDF file system implementation. Both of these vulnerabilities could allow an attacker to cause a denial of service (system crash) by using a malicious F2FS or UDF image respectively.
Two other security issues (CVE-2022-1015 and CVE-2022-1016) were discovered by David Bouman in the netfilter subsystem, both allowing a local attacker to cause a denial of service or possibly execute arbitrary code.
Also patched are CVE-2022-26878, a security flaw discovered in the VirtIO Bluetooth driver, and CVE-2022-24959, a security issue discovered in the YAM AX.25 device driver. Both of these vulnerabilities could allow a local privileged attacker to cause a denial of service (kernel memory exhaustion).
Last but not least, the new important Ubuntu kernel security update fixes CVE-2022-24448, a vulnerability discovered by Lyu Tao in the NFS implementation, which allow a local attacker to expose sensitive information (kernel memory).
These security vulnerabilities are now patched in Ubuntu 21.10 (Impish Indri), Ubuntu 20.04 LTS (Focal Fossa), and Ubuntu 18.04 LTS (Bionic Beaver). Canonical urges all users to update their installations as soon as possible to the new kernel versions, namely linux-image 126.96.36.199.49 for Ubuntu 21.10 and 20.04 LTS systems running Linux kernel 5.13, linux-image 188.8.131.52.113 for Ubuntu 20.04 LTS for systems running Linux kernel 5.4, and linux-image 5.4.0-109.123~18.04.1 for Ubuntu 18.04 LTS systems running Linux kernel 5.4.
Update: the security update is now also available for Ubuntu 18.04 LTS systems, as well as Ubuntu 16.04 ESM and Ubuntu 14.04 ESM systems running Linux kernel 4.15.
Last updated 6 months ago