Canonical published today new Linux kernel security updates for all supported Ubuntu Linux releases to address a total of 13 security vulnerabilities that may compromise your security and privacy.
Available for Ubuntu 21.10 (Impish Indri), Ubuntu 21.04 (Hirsute Hippo), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), and the Ubuntu 16.04 and 14.04 ESM (Extended Security Maintenance) release, the new security updates address CVE-2021-3759, a vulnerability that could allow a local attacker to cause a denial of service (memory exhaustion). This flaw is affecting all supported Ubuntu releases.
Only for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4 LTS, as well as Ubuntu 18.04 LTS, Ubuntu 16.04 ESM and Ubuntu 14.04 ESM systems running Linux kernel 4.15, the new kernel security updates address CVE-2019-19449, a flaw discovered in the F2FS file system that could allow an attacker to crash the system or execute arbitrary code by using a malicious F2FS image.
It also patches CVE-2020-36385, a race condition leading to a use-after-free vulnerability discovered in Infiniband RDMA userspace connection manager implementation that could allow a local attacker to cause a denial of service (system crash) or execute arbitrary code, and CVE-2021-3743, a flaw discovered in the Qualcomm IPC Router protocol implementation that could allow a local attacker to cause a denial of service (system crash) or expose sensitive information.
Same goes for CVE-2021-3753, a race condition discovered in virtual terminal (vt) device implementation’s ioctl handling that led to an out-of-bounds read vulnerability, which could allow a local attacker to expose sensitive information, as well as CVE-2021-42252, a flaw discovered in the Aspeed Low Pin Count (LPC) Bus Controller
implementation that allow a local attacker to cause a denial of service (system crash) or execute arbitrary code on systems running the armhf kernel flavor.
Only for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4, the new kernel security patches address CVE-2021-3428, an integer overflow discovered by Wolfgang Frisch in the EXT4 file system that could an attacker using a malicious EXT4 file system image to crash the system, CVE-2021-3739, a security flaw discovered in the Btrfs file system that could allow an attacker with CAP_SYS_ADMIN access to cause a denial of service, as well as CVE-2021-35477 and CVE-2021-34556, two security vulnerabilities discovered by Piotr Krysiuk and Benedict Schlueter respectively in the BPF subsystem, which failed to properly protect against Speculative Store Bypass (SSB) side-channel attacks, allowing local attackers to expose sensitive information.
Last but not least, the new Ubuntu kernel security updates fix three other flaws affecting only Ubuntu 18.04 LTS, Ubuntu 16.04 ESM and Ubuntu 14.04 ESM systems running Linux kernel 4.15.These include CVE-2021-3655, a flaw discovered by Ilja Van Sprundel in the SCTP implementation that could allow an attacker to expose sensitive
information (kernel memory), CVE-2020-36322, a flaw discovered in the FUSE user space file system implementation that could allow a local attacker tto cause a denial of service, and CVE-2021-38199, a security issue discovered by Michael Wakabayashi in the NFSv4 client implementation that could allow an attacker controlling a remote NFS server to cause a denial of service on the NFS client.
Canonical urges all Ubuntu users to update their systems to the new Linux kernel versions available in the stable archives of their repsective Ubuntu releases for 64-bit, IBM cloud systems, cloud environments (KVM), Dell 300x platforms, Raspberry Pi, Qualcomm Snapdragon processors, as well as AWS, Azure, GCP, GKE, and Oracle cloud systems.
To update your installations, simply run the
sudo apt update && sudo apt full-upgrade command in the Terminal app or use the Software Updater utility. Make sure that you reboot your systems after successfully installing the new kernel version, and, in certain situations, rebuild and reinstall any third-party kernel modules you might have installed.
Last updated 1 year ago