Ubuntu Users Get New Linux Kernel Security Updates, 10 Vulnerabilities Patched

Ubuntu Kernel 10 Vulnerabilities

Canonical published today details about new Ubuntu Linux kernel security updates for all of their supported Ubuntu releases to address up to 10 security vulnerabilities discovered by various researchers.

The new Ubuntu Linux kernel security update is here after the previous one, which addressed up to 16 vulnerabilities, and it’s available for Ubuntu 22.10 (Kinetic Kudu), Ubuntu 22.04 LTS (Jammy Jellyfish), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), as well as the Ubuntu 16.04 and 14.04 ESM releases.

The biggest threat patched in this release is CVE-2022-43945, a security flaw discovered in Linux kernel’s NFSD implementation leading to a buffer overflow that could allow a remote attacker to cause a denial of service (system crash) or execute arbitrary code. This vulnerability affects Ubuntu 22.10 systems running Linux kernel 5.19, as well as Ubuntu 22.04 LTS and 20.04 LTS systems running Linux kernel 5.15 LTS.

The new kernel updates also patch several security vulnerabilities that affect all supported Ubuntu releases. These include CVE-2022-3524, a memory leak discovered in the IPv6 implementation that could allow a local attacker to cause a denial of service (memory exhaustion), CVE-2022-3564, a race condition found in the Bluetooth subsystem, and CVE-2022-3565, a use-after-free vulnerability discovered in the ISDN implementation, both allowing a local attacker to cause a denial of service (system crash) or execute arbitrary code.

Also patched are CVE-2022-3566 and CVE-2022-3567, two data race condition flaws discovered in the TCP and IPv6 implementations respectively, which could allow an attacker to cause undesired behaviors, CVE-2022-3594, a security issue discovered in the Realtek RTL8152 USB Ethernet adapter driver that could allow a local attacker with physical access to cause a denial of service (memory exhaustion) by plugging in a specially crafted USB device, as well as CVE-2022-3621, a null pointer dereference found in the NILFS2 file system implementation that could allow a local attacker to crash the system by causing a denial of service (DoS attack).

Affecting only Ubuntu 22.04 LTS and 20.04 LTS systems running Linux kernel 5.15 LTS, Ubuntu 20.04 LTS and 18.04 LTS systems running Linux kernel 5.4 LTS, as well as Ubuntu 18.04 LTS systems running Linux kernel 4.15, the new kernel security update also patches CVE-2022-42703, a security vulnerability discovered by Google Project Zero’s Jann Horn that could allow a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code.

Last but not least, the new Ubuntu kernel security update fixes CVE-2022-3239, a security issue found in the video4linux driver for Empia-based TV cards that could lead to a use-after-free vulnerability and allow a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS systems running Linux kernel 4.15.

Canonical urges all Ubuntu users to update their installations to the new kernel versions (linux-image 5.19.0-26.27 for Ubuntu 22.10, linux-image 5.15.0-56.62 for Ubuntu 22.04 LTS, linux-image 5.15.0-56.62~20.04.1 for Ubuntu 20.04 LTS, linux-image 5.4.0.135.133 for Ubuntu 20.04 LTS, linux-image 5.4.0-135.152~18.04.2 for Ubuntu 18.04 LTS, and linux-image 4.15.0-200.211 for Ubuntu 18.04 LTS) as soon as possible.

To update your Ubuntu installations, run the sudo apt update && sudo apt full-upgrade commands in the Terminal app or a virtual console, or use the Software Updater utility. Don’t forget to reboot your computer after installing the new kernel versions and also rebuild and reinstall any third-party kernel modules that you might have installed in case you’ve manually uninstalled the standard kernel metapackages.

Last updated 2 months ago