Ubuntu 22.04 LTS and 20.04 LTS Users Get New Kernel Update, 9 Vulnerabilities Patched

Canonical released today a new Linux kernel security update for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS users to address a total of nine security vulnerabilities discovered by various researchers in the upstream Linux 5.15 LTS kernel.

Just a day after the release of Ubuntu 20.04.5 LTS, which ships with Linux kernel 5.15 LTS from Ubuntu 22.04 LTS by default, a new kernel update is now available to address several security issues, including CVE-2022-1729, a race condition discovered by Norbert Slusarek in the perf subsystem that could allow a privileged local attacker to cause a denial of service (system crash) or possibly execute arbitrary code.

Also patched are CVE-2022-1973, a use-after-free vulnerability discovered by Gerald Lee in the NTFS file system implementation that could allow a local attacker to cause a denial of service (system crash) or possibly expose sensitive information, and CVE-2022-2959, a race condition discovered by Selim Enes Karaduman in the pipe buffers implementation that could allow a local attacker to cause a denial of service (system crash) or possibly escalate privileges.

Furthermore, the new Ubuntu kernel version addresses CVE-2022-1012, a flaw discovered in Linux kernel’s IP implementation that could allow an attacker to expose sensitive information, CVE-2022-2503, a security issue discovered in the device-mapper verity (dm-verity) driver that could allow a privileged attacker to cause a denial of service (system crash) or possibly execute arbitrary code, as well as CVE-2022-1943, an out-of-bounds write vulnerability found in the UDF file system implementation that could allow a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code.

Last but not least, the new kernel update for Ubuntu 22.04 LTS and 20.04 LTS systems patches CVE-2021-33061, a security issue discovered by Asaf Modelevsky in the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver, and CVE-2022-2873, an out-of-bounds write vulnerability discovered by Zheyu Ma in the Intel iSMT SMBus host controller driver, both allowing a local attacker to cause a denial of service (system crash).

The CVE-2022-1852 null pointer dereference vulnerability discovered by Qiuhao Li, Gaoning Pan, and Yongkang Jia in Linux kernel’s KVM hypervisor implementation was patched as well in this new Ubuntu kernel update. This vulnerability could allow an attacker in a guest virtual machine to cause a denial of service (system crash) in the host operating system.

Canonical urges all Ubuntu 22.04 LTS (Jammy Jellyfish) and Ubuntu 20.04 LTS (Focal Fossa) users running the Linux 5.15 LTS kernel to update their systems to the new kernel version (linux-image 5.15.0-47.51) as soon as possible. To update your installations, run the commands below in the Terminal app or use the Software Updater graphical utility. Please keep in mind that you’ll have to reboot your system after installing the new kernel version.