Canonical published today a new Linux kernel live patch security update Ubuntu 18.04 LTS and Ubuntu 16.04 LTS systems to address a single security vulnerability.
Just two days after releasing a regular Linux kernel security update for the Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus) operating system series that addressed a total of nine vulnerabilities, there’s now a rebootless kernel update for users who use Canonical’s Livepatch service.
The update only patches a single security vulnerability (CVE-2020-11494), which was discovered in Linux kernel’s Serial CAN interface driver. Apparently, the driver failed to properly initialize data, thus allowing a local attacker to expose sensitive information (kernel memory).
Canonical says that the security issue can be corrected by updating the kernel live patch to version 67.1, which is now available for both Ubuntu 18.04 LTS and Ubuntu 16.04 LTS systems.
For Ubuntu 18.04 LTS, the new kernel live patch is supported on 64-bit and 32-bit systems as generic or lowlatency flavors, as well as on Amazon Web Services (AWS) systems, Google Cloud Platform (GCP) systems, Microsoft Azure Cloud systems, and OEM systems.
On the other hand, the new kernel live patch is only available for 64-bit and 32-bit systems as generic or lowlatency flavors and Amazon Web Services (AWS) systems on Ubuntu 16.04 LTS systems.
If you have Canonical’s Livepatch service enabled on your Ubuntu computer, you should update it right now. The advantage of using the kernel live patch is that you don’t have to reboot your computer after installing a new kernel version.
If you’re not using Canonical’s Livepatch service, you can enable it from the Software & Updates utility by accessing the Livepatch tab. While the service is free to use for up to three computers, please note that you will need to register for an Ubuntu One account. More details are available here.