Canonical published today a new security advisory to inform users of the Ubuntu Linux operating system about a kernel vulnerability affecting all supported releases and kernel flavors.
Discovered by William Liu and Jamie Hill-Daniel, the new security flaw (CVE-2022-0185) is an integer underflow vulnerability found in Linux kernel’s file system context functionality, which could allow an attacker to crash the system or run programs as an administrator.
The security vulnerability affects all supported Ubuntu releases, including Ubuntu 21.10 (Impish Indri) systems running Linux kernel 5.13, Ubuntu 21.04 (Hirsute Hippo) systems running Linux kernel 5.11, as well as Ubuntu 20.04 LTS (Focal Fossa) and Ubuntu 18.04 LTS (Bionic Beaver) systems running Linux kernel 5.4 LTS.
Canonical urges all Ubuntu users to update their installations to the new kernel versions available in the stable repositories as soon as possible. For 64-bit generic systems, these are linux-image 18.104.22.168.37 for Ubuntu 21.10, linux-image 22.214.171.124.48 for Ubuntu 21.04, linux-image 126.96.36.199.100 for Ubuntu 20.04 LTS, and linux-image-hwe-18.04 188.8.131.52.109~18.04.84 for Ubuntu 18.04 LTS.
If you’re using a different flavor or kernel, check the repositories for newer versions too because this security patch covers all supported Ubuntu kernel flavors, including the Linux 5.14, 5.13, and 5.10 OEM kernels for Ubuntu 20.04 LTS, as well as the Linux kernels for Raspberry Pi, AWS, NVIDIA BlueField, GCP, GKE, Azure, IBM Cloud, Oracle Cloud, and KVM systems.
To update your installations, either use the Software Updater graphical utility if you’re running the Ubuntu Desktop edition, or just run the command below in a Terminal emulator if you’re using a different Ubuntu flavor, such as Ubuntu Server, Kubuntu, Lubuntu, Xubuntu, Ubuntu Budgie, Ubuntu MATE, Ubuntu Studio, or Ubuntu Kylin.
sudo apt update && sudo apt full-upgrade
After installing the new kernel versions, make sure that you reboot your systems. Also, please keep in mind to rebuild and reinstall any third-party kernel modules you might have installed on your Ubuntu system so you won’t lose any essential functionality (e.g. networking, audio, etc.).
According to Canonical, this security flaw can also be mitigated if you disable unprivileged user namespaces. To do that, you will have to run the command below in a terminal emulator and then reboot your system.
sysctl -w kernel.unprivileged_userns_clone=0
Last updated 2 years ago