Canonical released today new security updates for the Linux kernel and NVIDIA graphics drivers to address several vulnerabilities in several of the supported Ubuntu Linux releases.
The new security patches address three vulnerabilities affecting Ubuntu 20.04 LTS, Ubuntu 19.10 and Ubuntu 18.04 LTS. These include a vulnerability (CVE-2020-5963) discovered by Thomas E. Carroll in the NVIDIA Cuda grpahics driver, which could allow an attacker to cause a denial of service or possibly execute arbitrary code.
The other two security issues were an unspecified vulnerability (CVE-2020-5973) discovered in the NVIDIA virtual GPU guest drivers that could potentially lead to privileged operation execution and a race condition (CVE-2020-5967) discovered in the UVM driver in the NVIDIA graphics driver. Both these vulnerabilities could allow a local attacker to cause a denial of service.
Canonical urges all users to update the NVIDIA binary X.Org driver to either the legacy xserver-xorg-video-nvidia 390.138 driver or the latest xserver-xorg-video-nvidia 440.100 release. In addition, you must also install the corresponding updates for the NVIDIA Linux DKMS kernel modules.
The new Linux kernel versions are linux-image 5.4.0-39.43 for Ubuntu 20.04 LTS (Focal Fossa), linux-image 5.3.0-61.55 for Ubuntu 19.10 (Eoan Ermine), as well as linux-image 4.15.0-108.109 for Ubuntu 18.04 LTS (Bionic Beaver). Kernel updates are available for all supported architectures and platforms.
To update your installations, you’ll have to run the
sudo apt update && sudo apt full-upgrade commands in a terminal emulator. Please keep in mind that you’ll need to reboot your computer after installing the new Linux kernel and NVIDIA versions for the vulnerabilities to be correctly mitigated.