Canonical published today a new Linux kernel security update for Ubuntu 16.04 LTS systems running the Linux 4.4 kernel packages to address two security vulnerabilities.
The new kernel update addresses two security issues, namely CVE-2020-12771, a flaw discovered in Linux kernel’s bcache subsystem that could allow a local attacker to cause a denial of service, and CVE-2020-15393, a vulnerability discovered by Kyungtae Kim in the USB testing driver, which could allow a physically proximate attacker to cause a denial of service (memory exhaustion).
All Ubuntu 16.04 LTS (Xenial Xerus) users running the stock Linux 4.4 kernel are urged to update their installations to the new kernel versions, linux-image 4.4.0-187.217 for 32-bit, 64-bit and PowerPC systems, linux-image-raspi2 4.4.0-1137.146 for Raspberry Pi (V7) systems, linux-image-aws 4.4.0-1112.124 for Amazon Web Services (AWS) systems, linux-image-snapdragon 4.4.0-1141.149 for Qualcomm Snapdragon processors, and linux-image-kvm 4.4.0-1078.85 for cloud environments.
A new HWE (Hardware Enablement) kernel from Ubuntu 16.04 LTS (Xenial Xerus) has also been released for Ubuntu 14.04 ESM (Trusty Tahr) users running Linux kernel 4.4.
Also today, the CVE-2020-12771 issue was patched in the Linux 5.0 kernel packages of Ubuntu 18.04 LTS (Bionic Beaver) for Google Container Engine (GKE) and OEM systems. Users must update to linux-image-gke 5.0.0-1046.47 and linux-image-oem-osp1 5.0.0-1067.72.
Updating your systems to correct these security issues involves running the
sudo apt-get update && sudo apt-get dist-upgrade commands in a terminal emulator or running the Software Updater utility. As usual, after a kernel update, you will have to reboot your computer to make all the necessary changes.
Also, keep in mind that due to an unavoidable ABI change you’ll also have to rebuild and reinstall any third-party kernel modules you might have installed, that if you haven’t manually uninstalled the standard kernel metapackages like linux-generic, linux-powerpc, etc.
Update 19/08/20: This kernel security update was also released for Ubuntu 18.04 LTS systems running Linux kernel 5.3. In addition to addressing the CVE-2020-12771 and CVE-2020-15393 Vulnerabilities, it also fixes the CVE-2020-12655 issue found in the XFS file system implementation, which could allow an attacker to cause a denial of service by using a mounted malicious XFS image.
The kernel update is available for Google Container Engine (GKE) systems, Microsoft Azure cloud systems and generic 64-bit/32-bit systems.
Last updated 8 months ago