Canonical released today a new Ubuntu kernel security update to address a single vulnerability affecting all supported Ubuntu releases.
This new Linux kernel security update comes only five days after Canonical released the major kernel updates for all supported Ubuntu releases to patch a total of 17 vulnerabilities, and it only addresses a vulnerability.
The security vulnerability is CVE-2020-14386, an AF_PACKET memory corruption discovered by Or Cohen. This could be used by a local attacker to crash the vulnerable system by causing a denial of service or possibly execute arbitrary code.
It would appear that the issue was caused because the AF_PACKET implementation failed to properly perform bounds checking under certain situations.
The flaw can also be mitigated by setting the
kernel.unprivileged_userns_clone sysctl parameter to 0 (e.g.
$ sudo sysctl kernel.unprivileged_userns_clone=0) if unprivileged user namespaces are not required.
Canonical has marked the issue with a high priority, therefore you should update your installations to the new kernel versions as soon as possible.
These are linux-image-generic 5.4.0-47.51 for Ubuntu 20.04 LTS, linux-image-generic 4.15.0-117.118 for Ubuntu 18.04 LTS systems running Linux 4.15 or linux-image-generic 5.4.0-47.51~18.04.1 for Ubuntu 18.04.5 LTS systems running the Linux 5.4 HWE kernel from Ubuntu 20.04 LTS.
On the other hand, Ubuntu 16.04.7 LTS users using the Linux 4.15 HWE kernel from Ubuntu 18.04 LTS must update their installations to linux-image-generic 4.15.0-117.118~16.04.1 and Ubuntu 18.04 LTS users using Linux kernel 5.3 will have to update their installations to linux-image-generic 5.3.0-67.61.
Of course, new kernel versions are also available for Raspberry Pi systems, Qualcomm Snapdragon processors, OEM systems, cloud environments (KVM), Oracle Cloud systems, Google Container Engine (GKE) and Google Cloud Platform (GCP) systems, as well as Amazon Web Services (AWS) and Microsoft Azure Cloud systems.
Please update your installations as soon as possible. To update, simply run the
sudo apt update && sudo apt full-upgrade command in a terminal emulator or virtual console, or use the Software Updater utility.
Last updated 3 weeks ago