by 
Canonical published today new Linux kernel security updates to address a total of 14 security vulnerabilities in all supported Ubuntu Linux releases.
The new Ubuntu kernel patches fix several security issues discovered by various security researchers. Only for Ubuntu 20.10 (Groovy Gorilla) systems, it addresses CVE-2020-12912, a flaw found in Linux kernel’s AMD Running Average Power Limit (RAPL) driver that could allow a local attacker to expose sensitive information, as well as CVE-2020-29534, a security issue discovered by Jann Horn in the io_uring subsystem, which could allow a local attacker to either expose sensitive information or escalate his/her privileges.
For Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS systems, the new Linux kernel updates fix CVE-2020-25656 and CVE-2020-25668, race conditions discovered in Linux kernel’s console keyboard and tty drivers that could allow a local attacker to expose sensitive information (kernel memory), as well as CVE-2020-28974, a flaw discovered by Minh Yuan in Linux kernel’s framebuffer console driver, which could allow a local attacker to either crash the system by causing a denial of service or possibly expose sensitive information (kernel memory).
Same goes for CVE-2020-27675, a race condition discovered by Jinoh Kang in Linux kernel’s Xen event channel infrastructure, which could allow an attacker in the guest system to cause a denial of service (dom0 crash), and CVE-2020-27777, a flaw discovered by Daniel Axtens in Linux kernel’s PowerPC RTAS implementation, which could allow a privileged local attacker to arbitrarily modify kernel memory and bypass kernel lockdown restrictions. The latter issue does not affect Ubuntu 16.04 LTS systems running Linux kernel 4.4.
Only affecting Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4, the CVE-2020-25704 issue was fixed as well in this update. This is a flaw discovered by Kiyin (尹亮) in Linux kernel’s perf subsystem, which could allow a privileged attacker to cause a denial of service (kernel memory exhaustion).
Ubuntu 18.04 LTS and Ubuntu 16.04 LTS systems running Linux kernel 4.15 were plagued by several other security issues, including CVE-2020-25705, a vulnerability in Linux kernel’s ICMP global rate limiter discovered by Keyu Man, which could allow a remote attacker to facilitate attacks on UDP based services that depend on source port randomization.
Furthermore, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS users were affected by CVE-2020-10135, a flaw discovered by Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen in the Bluetooth protocol that could allow a physically proximate attacker to impersonate a previously paired Bluetooth device, CVE-2020-0423, a race condition leading to a use-after-free vulnerability discovered in Linux kernel’s binder IPC implementation that could allow a local attacker to either cause a denial of service (system crash) or possibly execute arbitrary code, as well as CVE-2019-19770, a use-after-free vulnerability discovered in debugfs, which could allow a privileged local attacker to cause a denial of service (system crash).
Lastly, the new security updates address two other issues affecting only Ubuntu 16.04 LTS systems running Linux kernel 4.4, namely CVE-2019-0148, an issue discovered by Ryan Hall in Linux kernel’s Intel 700 Series Ethernet Controllers driver that could allow a local attacker to cause a denial of service (kernel memory exhaustion), and CVE-2020-4788, a flaw affecting Power 9 processors that could allow a local attacker to expose sensitive information from the L1 cache in certain situations.
Canonical urges all Ubuntu users to update the kernel packages in their systems as soon as possible. The new kernel versions are linux-image 5.8.0-34.37 for Ubuntu 20.04 LTS, linux-image 5.4.0-59.65 for Ubuntu 20.04 LTS, linux-image 5.4.0-59.65~18.04.1 for Ubuntu 18.04.5 LTS, linux-image 4.15.0-129.132 for Ubuntu 18.04 LTS, linux-image 4.15.0-129.132~16.04.1 for Ubuntu 16.04.7 LTS, and linux-image 4.4.0-198.230 for Ubuntu 16.04 LTS.
Please reboot your systems after installing the new kernel versions!
Last updated 3 years ago
