After releasing new Linux kernel security updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS systems, Canonical also published a new kernel update for Ubuntu 20.04 LTS systems.
Three security vulnerabilities are patched in this new Linux kernel update for the latest Ubuntu 20.04 LTS (Focal Fossa) release, which was launched by Canonical on April 23rd, 2020. A first kernel security update was released just a week after its official launch.
This new Linux kernel update fixes a flaw (CVE-2019-19377) discovered in the Btrfs file system implementation, which incorrectly detected blocks marked as dirty in certain situations, allowing an attacker to cause a denial of service (system crash) using a specially crafted file system image.
It also addresses a race condition (CVE-2020-12657) that could lead to a use-after-free vulnerability, discovered in Linux kernel’s block layer. This security flaw could allow a local attacker to crash the vulnerable system by causing a denial of service or execute arbitrary code.
The third security issue (CVE-2020-11565) patched was discovered in Linux kernel’s tmpfs virtual memory file system. This could allow a local attacker that had access to specify mount options to cause a denial of service (system crash).
All these flaws are affecting the Linux 5.4 LTS kernel packages of Ubuntu 20.04 LTS (Focal Fossa) systems running on 64-bit (amd64) systems, RISC-V systems, cloud environments (KVM), Oracle Cloud systems, Amazon Web Services (AWS) systems, as well as Google Cloud Platform (GCP) systems.
Canonical urges all users to update their installations as soon as possible to the new kernel versions that are available in the stable software repositories of Ubuntu 20.04 LTS by following the instructions provided at https://wiki.ubuntu.com/Security/Upgrades.
The new kernel version for 64-bit systems is linux-image 5.4.0-31.35, while for the other supported systems is linux-image 5.4.0-1011.11. After installing the new kernel packages, please reboot your machines and reinstall any third-party kernel modules you might have installed.