Ubuntu 18.04 LTS and 16.04 LTS Receive New Kernel Live Patch

Ubuntu kernel live patch

Canonical released a new Ubuntu kernel live patch security update for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS operating system series to address several vulnerabilities.

The new kernel live patch comes two and a half weeks after the last kernel live patch and just a day after the major kernel security updates released for all supported Ubuntu released on February 18th. It addresses a total of five security flaws affecting Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus) systems.

Among the fixes, there’s the well-known vulnerability affecting systems with Intel Graphics Processing Units (CVE-2019-14615), which could allow a local attacker to expose sensitive information, as well as a race condition (CVE-2020-7053) in the i915 driver that could let a local attacker to crash the system or execute arbitrary code.

Also patched in this new Ubuntu kernel live patch, a flaw discovered by Mitchell Frank in Linux kernel’s Wi-Fi implementation (CVE-2019-5108), which could allow a physically proximate attacker to cause a denial of service, and two other issues (CVE-2019-19050 and CVE-2019-20096) affecting the crypto subsystem and Datagram Congestion Control Protocol (DCCP) implementation, both allowing local attackers to cause a denial of service (kernel memory exhaustion).

If you’re using Canonical’s LivePatch service in your Ubuntu 18.04 LTS or Ubuntu 16.04 LTS installation running the Linux 5.0 or Linux 4.15 kernels, you are urged to update as soon as possible to patch version 63.1. The update is available only for 64-bit systems and supports generic, lowlatency, aws, azure, gcp, and oem kernel flavors. It’s also available for Ubuntu 14.04 ESM systems running Linux kernel 4.4.

To update, use the integrated Canonical LivePatch system tray icon, which you can enable from the Software Sources tool in the LivePatch tab, or run the following command in the Terminal app or the virtual console. Kernel live patches do not require a system reboot.

sudo canonical-livepatch refresh

Last updated 4 years ago

Buy Me a Coffee at ko-fi.com