Canonical published today the very first Linux kernel security update for its latest Ubuntu 21.04 (Hirsute Hippo) operating system release to address three security vulnerabilities and a bug.
Ubuntu 21.04 was released three weeks ago and ships with the Linux 5.11 kernel series by default, which has now been patched by the Ubuntu Kernel Team against three recently discovered security vulnerabilities.
These include CVE-2021-3489 and CVE-2021-3490, two vulnerabilities discovered by Ryota Shiga and Manfred Paul respectively in Linux kernel’s eBPF implementation. Both of these security issues could allow a local attacker to crash the system by causing a denial of service (DoS attack) or execute arbitrary code.
Also patched in this kernel update is CVE-2021-3491, a vulnerability discovered by Billy Jheng Bing-Jhong in Linux kernel’s io_uring implementation, which could allow a local attacker to cause a denial of service (system crash) or execute arbitrary code.
In addition, Ubuntu 21.04’s first kernel security update adds a workaround for a race condition discovered by Norbert Slusarek in Linux kernel’s CAN ISOTP protocol implementation. To fix this issue, the Ubuntu Kernel Team had to temporarily remove SF_BROADCAST support from the CAN ISOTP implementation in Ubuntu 21.04’s kernels. This issue could be exploited by a local attacker to crash the system (denial of service) or possibly execute arbitrary code.
To patch these security issues in their new Ubuntu 21.04 (Hirsute Hippo) installations, users will have to update the kernel packages to the new versions (linux-image 5.11.0-17.18 for 64-bit) that are available right now in the stable software repositories.
To update your system, you can use the Software Updater utility or run the following command in the Terminal app. After installing the new kernel version, you should reboot your computer as soon as possible to make all the necessary changes, as well as to recompile and reinstall any third-party kernel modules you might have installed.
sudo apt update && sudo apt full-upgrade
Last updated 3 years ago