by 
Canonical published today the very first Linux kernel security patch for the latest Ubuntu 20.10 (Groovy Gorilla) operating system to address two security vulnerabilities.
Released about three weeks ago, Ubuntu 20.10 is the latest version of the popular Linux-based operating system. It ships with the Linux 5.8 kernel series by default, which has now been patched against two recently discovered security vulnerabilities.
The first security vulnerability addressed in this update is CVE-2020-27194, discovered by Simon Scannell in Linux kernel’s bpf verifier, which could allow a local attacker to expose sensitive information (kernel memory) or gain administrative privileges.
The second security flaw is CVE-2020-8694 and was discovered by Andreas Kogler, Catherine Easdon, Claudio Canella, Daniel Gruss, David Oswald, Michael Schwarz, and Moritz Lipp in Linux kernel’s Intel Running Average Power Limit (RAPL) driver. This could allow a local attacker to expose sensitive information.
In fact, this second security vulnerability was also patched in all supported Ubuntu releases, including Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 ESM, and Ubuntu 12.04 ESM.
The new Linux kernel security patch for Ubuntu 20.10 (Groovy Gorilla) is available for all supported kernel flavors, including 64-bit (generic and lowlatency), Raspberry Pi (V8), aws (Amazon Web Services), kvm (cloud environments), gcp (Google Cloud Platform), oracle (Oracle Cloud), and azure (Microsoft Azure Cloud).
If you’re using Ubuntu 20.10 with the official Linux 5.8 kernel, it is highly recommend that you update the system as soon as possible to the new kernel version, namely linux-image 5.8.0-28.30 for 64-bit systems or linux-image 5.8.0-1007.10 for Raspberry Pi systems.
On other platforms, you must update the kernel to linux-image-kvm 5.8.0-1009.10, linux-image-aws 5.8.0-1013.14, linux-image-azure 5.8.0-1012.13, linux-image-gcp 5.8.0-1011.11, and linux-image-oracle 5.8.0-1010.10. To update your installations, simply run the following commands in a terminal emulator.
In addition, to fully mitigate the CVE-2020-8694 vulnerability, users will also have to update the intel-microcode package to version 3.20201110.0, which is available now for all supported Ubuntu releases.
sudo apt update && sudo apt full-upgrade
To see the kernel version you’re currently using, run the following command.
uname -r
Please keep in mind that after installing the new kernel version you must reboot your computer, so make sure you have saved your current work and also have a recent backup of your most important files. Also, you’ll probably have to recompile and reinstall any third-party kernel modules currently installed on your system.
Last updated 3 years ago
