Canonical Releases New Linux Kernel Live Patch for Ubuntu 20.04 LTS and 18.04 LTS

Kernel Live Patch Ubuntu

Canonical released a new Linux kernel live patch for its long-term supported Ubuntu 20.04 LTS and Ubuntu 18.04 LTS operating system series to address a single security vulnerability.

This new Linux kernel live patch security update comes hot on the heels of the latest Linux kernel security updates released by Canonical last week for all supported Ubuntu Linux releases.

It’s available for users of the Ubuntu 20.04 LTS (Focal Fossa) and Ubuntu 18.04 LTS (Bionic Beaver) operating systems who use the Canonical Livepatch Service for rebootless kernel updates and fixes a single security vulnerability.

The security vulnerability (CVE-2021-3492) was discovered by Vincent Dehors in Linux kernel’s Shiftfs out-of-tree stacking file system, which is included in the Ubuntu Linux kernel by default. This could have allowed a local attacker to cause a denial of service (memory exhaustion) or gain root privileges by executing arbitrary code.

“Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly,” reads the security advisory. “These could lead to either a double-free situation or memory not being freed at all.”

All users of the Ubuntu 20.04 LTS (Focal Fossa) and Ubuntu 18.04 LTS (Bionic Beaver) operating system series using the Canonical Livepatch Service can now apply the rebootless kernel live patch on their installations.

The version of the kernel live patch that needs to installed is 77.1 and it’s available for the generic, aws, azure, gcp, gke, gkeop, and lowlatency kernel flavors. Since this is a rebootless kernel update, you don’t have to reboot your computer after applying the update.

If you want to use Canonical’s Livepatch service for rebootless kernel updates, you have to open the Software & Updates utility, go to the Livepatch tab and sign in with an Ubuntu One account. The Livepatch service is free to use on up to three computers.

Last updated 3 years ago

Buy Me a Coffee at