Canonical Releases Important Ubuntu Kernel Updates to Patch 17 Vulnerabilities

Important Ubuntu Kernel Updates

Canonical has released important Ubuntu kernel updates for all supported releases to address several security vulnerabilities discovered lately by various security researchers.

Available for Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS systems, these major kernel updates fix a total of 17 security issues. As such, I recommend that you patch your installations as soon as possible by running the sudo apt update && sudo apt full-upgrade commands in the Terminal app.

Among the most important security issues fixed in this update, there’s CVE-2020-10766, CVE-2020-10767 and CVE-2020-10768, flaws that made the Linux kernel to not correctly apply the mitigations for the SSBD (Speculative Store Bypass Disable) and IBPB (Indirect Branch Predictor Barrier) vulnerabilities affecting certain Intel processors, as well as to incorrectly enable Indirect Branch Speculation after it’s been disabled for a process via a prctl() call.

These flaws could allow a local attacker to expose sensitive information.

Also important is CVE-2020-10757, a security flaw discovered by Fan Yang in Linux kernel’s mremap implementation, which failed to properly handle DAX Huge Pages, thus allowing a local attacker with access to DAX storage to gain administrative privileges. This issue only affects Ubuntu 20.04 LTS systems.

Same goes for the CVE-2020-14356 flaw, a NULL pointer dereference discovered in the cgroup v2 subsystem that only affects Ubuntu 20.04 LTS systems and could let a local attack to gain administrative privileges or cause a denial of service, and CVE-2020-24394, a nasty issue discovered in the NFS server implementation that could allow an attacker to expose sensitive information or even violate system integrity.

Linux kernel’s USB testing driver and go7007 USB audio device driver have been affected as well. This security update addresses CVE-2019-20810 and CVE-2020-15393, discovered by Chuhong Yuan and Kyungtae Kim respectively, both of which could allow a physically proximate attacker to cause a denial of service (memory exhaustion).

Other flaws patched in these new Ubuntu kernel updates are CVE-2020-10781 discovered by Luca Bruno in the zram module, CVE-2020-12655 discovered in the XFS file system implementation, CVE-2020-12771 discovered in the bcache subsystem, CVE-2020-12656 discovered in the Kerberos SUNRPC GSS implementation, and CVE-2018-20669 discovered in the i915 graphics driver, which doesn’t affect Ubuntu 20.04 LTS systems. All of them could allow a local attacker to cause a denial of service.

Also patched is CVE-2020-13974, an integer overflow discovered in Linux kernel’s Virtual Terminal (VT) keyboard driver, which has an unspecified impact, as well as CVE-2019-19947 and CVE-2020-10732, two flaws discovered in the Kvaser CAN/USB driver and elf handling code affecting only Ubuntu 18.04 LTS and 16.04 LTS systems, which could allow a local attacker to expose sensitive information (kernel memory).

Lastly, Ubuntu 16.04 LTS and Ubuntu 14.04 ESM systems running Linux kernel 4.4 were plagued with CVE-2018-10323, a two-year-old flaw discovered by Wen Xu in the XFS filesystem implementation, which could allow an attacker to crash the system via a denial of service by using a malicious XFS image.

Last updated 3 years ago

Buy Me a Coffee at