Canonical published today new Linux kernel security updates for all of its supported Ubuntu operating system releases to address up to six security vulnerabilities affecting all supported kernels.
The most important flaw patched in this new Ubuntu kernel security update is CVE-2021-3178, which was discovered in Linux kernel’s NFS implementation and affects the Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS releases. This could allow a remote attacker to bypass NFS access restrictions and traverse to other parts of the filesystem via READDIRPLUS when there’s an NFS export of a subdirectory of a file system.
Another vulnerability patched in this new Linux kernel security update is CVE-2020-36158, a flaw discovered in the Marvell WiFi-Ex device driver that could allow a local attacker to either crash the system by causing a denial of service or possibly execute arbitrary code. This affects all supported Ubuntu releases, including Ubuntu 20.10, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS.
Only for Ubuntu 20.10 and Ubuntu 20.04 LTS systems running Linux kernel 5.8, the new Linux kernel security update addresses CVE-2021-20194, a security vulnerability discovered by Loris Reiff in the BPF implementation, which could allow a local attacker to cause a denial of service (system crash).
On Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4, the security update fixes two other flaws, namely CVE-2021-3347, a race condition discovered in the priority inheritance futex implementation, which could lead to a use-after-free vulnerability and allowing a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code, and CVE-2021-20239, a vulnerability discovered by Ryota Shiga in the sockopt BPF hooks that could allow a local attacker to ease exploitation of another kernel flaw.
Lastly, on Ubuntu 16.04 LTS and Ubuntu 14.04 ESM systems running Linux kernel 4.4 LTS, the kernel update addresses CVE-2020-29569, a a race condition discovered by Olivier Benjamin and Pawel Wieczorkiewicz in the Xen paravirt block backend, which could lead to a use-after-free vulnerability and allowed an attacker in a guest virtual machine to cause a denial of service in the host operating system.
All Ubuntu users running the Linux kernel mentioned above are urged to update their systems as soon as possible. The new kernel versions are now available in the software repositories for all supported architectures. To update your systems, run the commands below in the Terminal app or use the Software Updater utility.
sudo apt update && sudo apt full-upgrade
Update 19/03/21: Canonical released a new kernel update for Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 14.04 ESM systems running Linux 4.15 to address three other vulnerabilities discovered in the iSCSI subsystem, namely CVE-2021-27363, CVE-2021-27364, and CVE-2021-27365.
Last updated 4 months ago