In a very interesting move, Canonical quietly updated its long-term supported Ubuntu 20.04 LTS (Focal Fossa) operating system series to the Linux 5.15 LTS kernel from Ubuntu 22.04 LTS (Jammy Jellyfish).
On August 2nd, 2022, Canonical published a new Ubuntu kernel security updates for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS systems that address four security vulnerabilities, including a remote code execution.
The interesting part is that Canonical lists only Linux 5.15 kernels for both Ubuntu 22.04 LTS and Ubuntu 20.04 LTS as being patched, despite the fact that Ubuntu 20.04 LTS runs Linux kernel 5.13 since the release of the Ubuntu 20.04.4 LTS point release back in February 2022.
And, it turns out that the latter was ditched in Ubuntu 20.04 LTS systems in favor of Linux kernel 5.15 LTS, probably in preparation for the upcoming Ubuntu 20.04.5 LTS point release, due out on September 1st, 2022.
That’s actually very good news for Ubuntu 20.04 LTS (Focal Fossa) users as they get Linux kernel 5.15’s most prominent feature, namely out-of-the-box read and write support for NTFS formatted drives, without having to install a third-party driver like NTFS-3G.
Therefore, if you’re running Ubuntu 20.04 LTS, update your installation by running the
sudo apt update && sudo apt full-upgrade command in the Terminal app or by using the Software Updater graphical utility to receive the Linux 5.15 LTS HWE (Hardware Enablement) kernel from Ubuntu 22.04 LTS.
As mentioned before, the latest version of the kernel (linux-image 5.15.0-43.46) patches a remote code execution vulnerability (CVE-2022-28893) discovered by Felix Fu in Linux kernel’s Sun RPC implementation. This flaw could lead to a use-after-free vulnerability and allow a remote attacker to cause a denial of service (system crash) or execute arbitrary code.
Also patched is CVE-2022-34918, a security flaw discovered by Arthur Mongodin in the netfilter subsystem that could allow a local attacker to escalate privileges in certain situations, as well as CVE-2022-1652 and CVE-2022-1679, two use-after-free vulnerabilities discovered in the floppy disk Atheros ath9k wireless device drivers respectively, both allow a local attacker to cause a denial of service (system crash) or execute arbitrary code.
Canonical urges all Ubuntu users to update their installations to the new kernel versions as soon as possible. Please remember to reboot your system after installing the new kernel version, as well as to rebuild and reinstall any third-party kernel modules you might have installed.
Last updated 4 months ago