by 
Canonical published today a set of new Ubuntu kernel security updates to patch a total of 10 vulnerabilities discovered by various security researchers in the Linux kernel.
The new Ubuntu kernel security updates are available for all supported Ubuntu Linux releases, including Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), and Ubuntu 16.04 LTS (Xenial Xerus), and all supported architectures and flavors, including 32-bit, 64-bit, arm, kvm, gcp, gke, aws, oracle, azure, and oem.
Affecting all supported Ubuntu releases and kernel flavors, a use-after-free vulnerability (CVE-2020-16119) discovered by Hador Manor in Linux kernel’s DCCP protocol implementation could allow local attacker to cause a denial of service (system crash) or possibly execute arbitrary code.
Same goes for the CVE-2020-16120 vulnerability, discovered by Giuseppe Scrivano in Linux kernel’s overlay file system, which failed to perform permission checks under certain situations. This could allow a local attacker to bypass intended restrictions and gain read access to restricted files. However, this security issue doesn’t affect the Linux 4.4 kernel of Ubuntu 16.04 LTS and Ubuntu 14.04 ESM systems.
Also patched in this new Ubuntu kernel security updates are an out-of-bounds read vulnerability (CVE-2020-14314) discovered by Jay Shin in Linux kernel’s EXT4 file system implementation, which could allow a local attacker to crash the vulnerable system by causing a denial of service. This security issue also affects all supported Ubuntu releases, except for Ubuntu 18.04 LTS systems running Linux kernel 5.0 or 5.3.
Only for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4 LTS, the new security update addresses CVE-2020-14385, a vulnerability discovered by David Alan Gilbert in the XFS file system implementation and CVE-2020-25641, a flaw discovered in the block layer subsystem. Both could allow a local attacker to cause a denial of service.
Only for Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 14.04 ESM systems running Linux kernel 4.15, the new security update patches CVE-2018-10322 and CVE-2019-19448, two vulnerabilities discovered in the XFS and Btrfs filesystems that could allow an attacker to cause a denial of service (system crash) by using malicious images.
Same goes for CVE-2020-25212, a vulnerability discovered in Linux kerne’s NFS client implementation that could allow a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code, as well as CVE-2020-26088, a vulnerability discovered in Linux kernel’s NFC implementation, which let local attackers create or listen to NFC traffic.
Lastly, this new Ubuntu kernel security update addresses a race condition (CVE-2020-25285) discovered in Linux kernel’s hugetlb sysctl implementation, which could allow a privileged attacker to crash the vulnerable system by causing a denial of service. This issue affects Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4 LTS, as well as Ubuntu 16.04 LTS and Ubuntu 14.04 ESM systems running Linux kernel 4.4 LTS.
It is highly recommended that you update your Ubuntu installations as soon as possible to the new Linux kernel versions available in the stable repositories as soon as possible. To update, run the sudo apt-get update && sudo apt-get full-upgrade command in the Terminal app or use the Software Updater utility.
For 64-bit systems, you’ll have to update to linux-image 5.4.0-51.56 on Ubuntu 20.04 LTS, linux-image 5.4.0-51.56~18.04.1 on Ubuntu 18.04.5 LTS, linux-image 4.15.0-121.123 on Ubuntu 18.04 LTS, linux-image 4.15.0-120.122~16.04.1 on Ubuntu 16.04.7 LTS, and linux-image 4.4.0-193.224 on Ubuntu 16.04 LTS.
Last updated 4 years ago
