Canonical has released today new Linux kernel patches to address the latest security vulnerabilities affecting Intel Graphics Processing Units (GPUs) in all of its supported Ubuntu releases.
Two weeks ago, on January 14th, Intel revealed two new vulnerabilities affecting systems with Intel Graphics Processing Units (GPUs), known as CVE-2020-7053 and CVE-2019-14615. These vulnerabilities were present in the Intel graphics driver (i915) for GNU/Linux systems, and thus having an impact on almost all Linux-based operating systems.
CVE-2019-14615 did not let the Linux kernel to properly clear data structures on context switches for some Intel GPUs, which could allow a local attacker to expose sensitive information. On the other hand, CVE-2020-7053 is a race condition that could lead to a use-after-free, destroying GEM contexts in the i915 graphics driver. This could allow a local attacker to crash the system or execute arbitrary code.
Ubuntu is affected and users are urged to update their systems
Ubuntu was affected as well, but Canonical has pushed today patches to mitigate these vulnerabilities in Ubuntu 19.10 (Eoan Ermine), Ubuntu 18.04 LTS (Bionic Beaver), as well as Ubuntu 16.04 LTS (Xenial Xerus), though only Ubuntu 18.04 LTS systems running Linux kernel 4.15 appear to have been affected by both vulnerabilities.
Nevertheless, users are urged to update the Linux kernel packages to linux-image 5.3.0-29.31 in Ubuntu 19.10, linux-image 4.15.0-76.86 in Ubuntu 18.04 LTS, and linux-image 4.4.0-173.203 in Ubuntu 16.04 LTS. HWE (Hardware Enablement) kernels aren’t available at the time of writing.
Canonical says that the new kernel patches are available for generic 64-bit and Amazon Web Services (AWS) systems on both Ubuntu 19.10 and Ubuntu 18.04 LTS, as well as for OEM processors on Ubuntu 18.04 LTS, and for Raspberry Pi 2, Snapdragon processors, and cloud environments on Ubuntu 16.04 LTS.
Please note that at this time, these fixes are only available for Gen8 and Gen9 Intel GPUs, as patches for Gen6 and Gen7 Intel GPUs may be available in the future.
To update your systems, open the Software Updater utility and install all available updates or follow the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades.
Update: Canonical also released HWE (Hardware Enablement) kernels for Ubuntu 18.04.3 LTS systems running Linux kernel 5.3 from Ubuntu 19.10, as well as for Ubuntu 16.04.6 LTS systems running Linux kernel 4.15 from Ubuntu 18.04 LTS. Therefore, users can now update their systems to linux-image 5.3.0-28.30~18.04.1 on Ubuntu 18.04.3 LTS and linux-image 4.15.0-76.86~16.04.1 on Ubuntu 16.04.6 LTS.