Canonical published today new Linux kernel security updates for all supported Ubuntu Linux releases to address a total of 15 security vulnerabilities discovered by various researchers in the upstream kernels.
The new Linux kernel security updates are available for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM releases. They address 15 security vulnerabilities including two that are common to all supported Ubuntu releases, namely CVE-2021-33655, an out-of-bounds write flaw discovered in the framebuffer driver that could allow a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code, as well as CVE-2022-36946, a security issue discovered by Domingo Dirutigliano and Nicola Guerrera in the netfilter subsystem that could allow a remote attacker to crash the vulnerable system.
Only for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS systems running Linux kernel 5.15 LTS, the new security updates also address CVE-2022-26365 and CVE-2022-33740, two security issues discovered by Roger Pau Monné in the Xen virtual block driver and paravirtualization frontend that could allow a local attacker to expose sensitive information (guest kernel memory).
The same goes for the CVE-2022-33741, CVE-2022-33742, CVE-2022-33743, and CVE-2022-33744 vulnerabilities, which were discovered in the Xen paravirtualization frontend and the Xen network device frontend driver and could allow a local attacker to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory), or an attacker in a guest virtual machine to cause a denial of service in the host operating system.
Furthermore, Ubuntu 22.04 LTS and 20.04 LTS systems running the Linux 5.15 LTS kernel were patched against CVE-2022-2318, race conditions that could lead to use-after-free vulnerabilities discovered by Duoming Zhou in the timer handling implementation of the Linux kernel’s Rose X.25 protocol layer, which could allow a local attacker to cause a denial of service (system crash), as well as CVE-2022-34494 and CVE-2022-34495, two flaws discovered in the virtio RPMSG bus driver that could allow a local attacker to crash the system.
Only for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running the Linux 5.4 LTS kernel, the new security updates also address CVE-2022-1012 and CVE-2022-32296, two vulnerabilities discovered by Moshe Kol, Amit Klein and Yossi Gilad in the IP implementation that could allow an attacker to expose sensitive information, as well as CVE-2022-1729, a race condition discovered by Norbert Slusarek in the perf subsystem, and CVE-2022-2503, a security issue discovered in the device-mapper verity (dm-verity) driver, both allowing a privileged local attacker to crash the system or execute arbitrary code.
Canonical urges all Ubuntu users to update their installations to the new kernel versions (linux-image 188.8.131.52.48 for Ubuntu 22.04 LTS, linux-image 184.108.40.206.127 for Ubuntu 20.04 LTS, linux-image-hwe-18.04 220.127.116.11.142~18.04.106 for Ubuntu 18.04.6 LTS, linux-image 4.15.0-193.204 for Ubuntu 18.04 LTS) as soon as possible. To update your installations, run the
sudo apt update && sudo apt full-upgrade command in the Terminal app or use the Software Updater utility.
Don’t forget to reboot your systems after installing the new kernel versions!
Last updated 8 months ago