Ubuntu Users Get New Kernel Security Updates, 17 Vulnerabilities Patched

Ubuntu 17 Vulnerabilities

Canonical’s Ubuntu Security team published today a series of Linux kernel security updates for all supported Ubuntu Linux releases to address no less than 17 security vulnerabilities.

The new Linux kernel security updates come about a month after the previous kernel updates, which addressed the Intel “MMIO Stale Data” flaws. A total of 17 security vulnerabilities were fixed in the new Ubuntu kernel updates, which affects Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS systems, as well as the Ubuntu 16.04 and Ubuntu 14.04 ESM (Extended Security Maintenance) releases.

For Ubuntu 22.04 LTS (Jammy Jellyfish) users, the new kernel update fixes CVE-2022-1974 and CVE-2022-1975, two vulnerabilities discovered by Duoming Zhou in the Linux kernel’s NFC subsystem, which could allow a privileged local attacker to cause a denial of service (system crash) or possibly execute arbitrary code, as well as CVE-2022-1734, a use-after-free vulnerability found in the Marvell NFC device driver implementation, which could allow a local attacker to cause a denial of service (system) or execute arbitrary code.

Also patched in the Linux kernel packages of Ubuntu 22.04 LTS is CVE-2022-0500, a flaw discovered in the Linux kernel’s eBPF implementation, and CVE-2022-33981, a use-after-free vulnerability discovered by Minh Yuan in the Linux kernel’s floppy driver. Both these issues could allow a privileged local attacker to cause a denial of service (system crash) or possibly execute arbitrary code, and the latter also affects Ubuntu 20.04 LTS and 18.04 LTS systems running Linux kernel 5.4 LTS.

Another security issue affected Ubuntu 22.04 LTS users, namely CVE-2022-1789, a flaw discovered by Yongkang Jia in the Linux kernel’s KVM hypervisor implementation, which could allow an attacker in a guest virtual machine to cause a denial of service in the host operating system and crash it. This issue also affects the kernel packages of Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4 LTS.

For Ubuntu 20.04 LTS and Ubuntu 18.04 LTS users running Linux kernel 5.4 LTS, the new kernel security updates also address CVE-2022-1195, a use-after-free vulnerability discovered in the 6pack and mkiss protocols implementation, as well as CVE-2022-1199, CVE-2022-1204, and CVE-2022-1205, three flaws discovered by Duoming Zhou in the AX.25 amateur radio protocol implementation. These issues could allow a local attacker to cause a denial of service (system crash) or execute arbitrary code, and three of them also affect Ubuntu 18.04 LTS systems running Linux kernel 4.15.

For Ubuntu 18.04 LTS users running Linux kernel 4.15, as well as Ubuntu 16.04 ESM and Ubuntu 14.04 ESM users, the new kernel security updates patch several other issues, including CVE-2021-4197, a flaw discovered by Eric Biederman in the cgroup process migration implementation that could allow a local attacker to gain administrative privileges, and CVE-2022-1011, a use-after-free vulnerability discovered by Google Project Zero’s Jann Horn in the FUSE file system, which could allow a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code.

The same goes for CVE-2022-1198, a use-after-free vulnerability discovered by Duoming Zhou in the 6pack protocol implementation, CVE-2022-1516, a flaw discovered in the X.25 network protocols implementation, CVE-2022-28389, a double-free discovered in the Microchip CAN BUS Analyzer interface implementation, and CVE-2022-2380, a flaw discovered by Zheyu Ma in the Silicon Motion SM712 framebuffer driver. All these security issues could allow a local attacker to cause a denial of service (system crash).

Last but not least, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM systems running Linux kernel 4.15 were affected by CVE-2022-1353, a security issue discovered in the Linux kernel’s PF_KEYv2 implementation, which could allow a local attacker to expose sensitive information (kernel memory).

To patch these 17 new vulnerabilities, Canonical urges all Ubuntu users to update their installations as soon as possible to the new kernel versions available in the repositories (linux-image 5.15.0.41.43 for Ubuntu 22.04 LTS, linux-image 5.4.0.122.123 for Ubuntu 20.04 LTS, linux-image 5.4.0-122.138~18.04.1 for Ubuntu 18.04.6 LTS, and linux-image 4.15.0.189.174 for Ubuntu 18.04 LTS).

To update your Ubuntu PCs, use the Software Updater utility or run the command below in the Terminal app. Don’t forget to reboot your systems after successfully installing the new kernel version!

sudo apt update && sudo apt full-upgrade

Last updated 4 weeks ago