Ubuntu 22.04 and 20.04 LTS Users Receive New Kernel Updates, 8 Security Issues Fixed

Ubuntu 22.04 Kernel

Canonical published today new Linux kernel security updates for its Ubuntu 22.04 LTS (Jammy Jellyfish) and Ubuntu 20.04 LTS (Focal Fossa) long-term supported operating system series to address several security vulnerabilities discovered in the Linux 5.15 LTS kernel.

This is the second Linux kernel security update that Canonical released for both Ubuntu 22.04 LTS and 20.04 LTS systems since the company pushed the Linux 5.15 LTS kernel from the Jammy Jellyfish series to Focal Fossa users running the HWE (Hardware Enablement) kernel.

The new kernel version (linux-image 5.15.0.46.46) is available now for both Ubuntu 22.04 LTS and Ubuntu 20.04 LTS users, fixing CVE-2022-2585, a flaw found in Linux kernel’s POSIX timers implementation, CVE-2022-2586, a use-after-free vulnerability discovered in the netfilter subsystem, and CVE-2022-2588, a security issue found by Zhenpeng Lin in the network packet scheduler implementation. All these flaws could allow a local attacker to cause a denial of service (system crash) or execute arbitrary code.

In addition, the new kernel security update also fixes CVE-2022-29900 and CVE-2022-29901, two important security issues discovered by Johannes Wikner and Kaveh Razavi in some AMD 64-bit (x86_64) and Intel 64-bit (x86_64) processors that could allow a local attacker to expose sensitive information.

The new kernel update is also available for Amazon Web Services (AWS) systems, Google Cloud Platform (GCP) systems, Google Container Engine (GKE) systems, IBM cloud systems, Oracle Cloud systems, Microsoft Azure Cloud systems, cloud environments, and Raspberry Pi systems.

These kernel flavors include the security fixes mentioned above, as well as fixes for three more security issues including CVE-2022-28893, a use-after-free vulnerability discovered by Felix Fu in Linux kernel’s Sun RPC implementation, which could allow a remote attacker to cause a denial of service (system crash) or execute arbitrary code.

The same goes for CVE-2022-34918, a flaw discovered by Arthur Mongodin in the netfilter subsystem that could allow a local attacker to escalate privileges in certain situations, as well as CVE-2022-1679, a use-after-free vulnerability found in the Atheros ath9k wireless device driver that could allow a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code.

Canonical urges all users to update the kernel packages in their Ubuntu 22.04 LTS (Jammy Jellyfish) and Ubuntu 20.04 LTS (Focal Fossa) systems running Linux kernel 5.15 LTS to the new versions available in the main archives. To update your Ubuntu installations, run the sudo apt update && sudo apt full-upgrade command in the Terminal app or use the Software Updater graphical utility.

Last updated 2 months ago