New Ubuntu Linux Kernel Security Updates Patch 17 Vulnerabilities

New Ubuntu Security Updates

Canonical today published a new set of Linux kernel security updates for all supported Ubuntu Linux releases, except the recently released Ubuntu 22.04 LTS (Jammy Jellyfish) which already received its first kernel update last week.

Following the recent major kernel security update for Debian GNU/Linux 11 systems, now Canonical released kernel updates for Ubuntu 21.10 (Impish Indri), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), as well as Ubuntu 16.04 and 14.04 ESM releases to address a total of 17 vulnerabilities.

The new Ubuntu kernel security updates address CVE-2021-26401, a flaw discovered by Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki in the Spectre Variant 2 mitigations for AMD processors that made them insufficient in some situations. This affects all Ubuntu releases and could allow a local attacker to expose sensitive information.

It also patches CVE-2022-25258, a security issue discovered in the USB gadget subsystem that could allow an attacker to cause a denial of service (system crash), CVE-2022-25375, a flaw discovered in the ST21NFCA NFC driver that could allow a physically proximate attacker to cause a denial of service (system crash) or execute arbitrary code, as well as CVE-2022-25375, a vulnerability discovered in the Remote NDIS (RNDIS) USB gadget implementation that could allow an attacker to expose sensitive information (kernel memory).

The same goes for CVE-2022-27223, a vulnerability discovered in the Xilinx USB2 device gadget driver that could allow a physically proximate attacker to crash the system by causing a denial of service (DoS attack). These flaws affected Ubuntu 21.10, 20.04 LTS, and 18.04 LTS systems.

Only for Ubuntu 21.10 systems, as well as Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4 LTS, the new security updates also address CVE-2022-20008, a flaw discovered in Linux kernel’s MMC/SD subsystem that could allow an attacker to expose sensitive information (kernel memory).

Only for Ubuntu 21.10 systems, as well as Ubuntu 18.04 LTS systems running Linux kernel 4.15, the new kernel security updates also fix CVE-2022-26966, a vulnerability discovered in Linux kernel’s USB SR9700 ethernet device driver that could allow a physically proximate attacker to expose sensitive information (kernel memory).

Two other flaws, CVE-2022-1016 and CVE-2020-27820, were affecting only Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4 LTS. While CVE-2022-1016 was discovered by David Bouman in the netfilter subsystem, allowing a local attacker to expose sensitive information (kernel memory), CVE-2020-27820 is a use-after-free discovered by Jeremy Cline in the nouveau graphics driver, which could allow a privileged or physically proximate attacker to cause a denial of service (system crash).

A double-free flaw (CVE-2022-29156) was also patched in Ubuntu 21.10 systems running Linux kernel 5.13. The vulnerability was discovered by Miaoqian Lin in Linux kernel’s RDMA Transport (RTRS) client implementation and could allow an attacker to cause a denial of service (system crash).

Last but not least, the new Ubuntu kernel security updates address seven other vulnerabilities affecting only Ubuntu 18.04 LTS systems running Linux kernel 4.15. These include CVE-2022-24958, a use-after-free vulnerability discovered in the USB Gadget file system interface that could allow a local attacker to cause a denial of service (system crash) or execute arbitrary code, as well as CVE-2022-23036, CVE-2022-23037, CVE-2022-23038,
CVE-2022-23039, CVE-2022-23040, and CVE-2022-23042, a set of flaws discovered by Demi Marie Obenour and Simon Gaiser in Xen para-virtualization device frontends that could allow an attacker using a malicious Xen backend to gain access to memory pages of a guest virtual machine or cause a denial of service in the guest.

Canonical urges all Ubuntu 21.10, 20.04 LTS, and 18.04 LTS users to update their installations to the new kernel versions (linux-image 5.13.0.41.50 for Ubuntu 21.10, linux-image 5.4.0.110.114 for Ubuntu 20.04 LTS, linux-image 5.4.0-110.124~18.04.1 for Ubuntu 18.04.6 LTS, and linux-image 4.15.0.177.166 for Ubuntu 18.04 LTS) as soon as possible. All supported kernel flavors have new versions.

To update your installations, run the sudo apt update && sudo apt full-upgrade command in the Terminal or use the Software Updater graphical utility to install all the available updates for your Ubuntu system. Since this is a kernel update, please keep in mind to reboot your installations after successfully installing the new kernel versions, as well as to rebuild and reinstall any third-party kernel modules you might have installed.

Last updated 2 years ago

Buy Me a Coffee at ko-fi.com