Ubuntu Users Get New Linux Kernel Updates, 17 Security Vulnerabilities Patched

The new kernel updates are available for Ubuntu 22.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS users.
Ubuntu 17 Security Vulnerabilities

Canonical released today new Linux kernel security updates for all supported Ubuntu releases to address a total of 17 security vulnerabilities discovered in the upstream kernels by various security researchers.

The new Ubuntu kernel security updates are available for Ubuntu 22.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS users. Patched in these security updates are a total of 17 flaws, but three vulnerabilities affect all these Ubuntu releases.

These include CVE-2023-1281, a use-after-free vulnerability discovered in the Traffic-Control Index (TCINDEX) implementation, CVE-2022-47929, a null pointer dereference discovered in the network queuing discipline implementation, and CVE-2023-26545, a double-free vulnerability discovered by Lianhui Tang in the MPLS implementation.

These flaws affect the Linux 5.19 kernel of Ubuntu 22.10, as well as the Linux 5.15 LTS kernel of Ubuntu 22.04 LTS and Ubuntu 20.04 LTS systems using the Linux 5.15 HWE (Hardware Enablement) kernel, and could allow a local attacker to either cause a denial of service (system crash) or possibly execute arbitrary code.

Only for Ubuntu 22.10 users, the new kernel updates also address CVE-2023-0468 and CVE-2023-1032, a race condition and a double-free vulnerability discovered by Lin Ma and Thadeu Cascardo respectively in the io_uring subsystem, CVE-2022-3424, a use-after-free vulnerability discovered in the SGI GRU driver, as well as CVE-2022-41218, a use-after-free vulnerability discovered by Hyunwoo Kim in the DVB Core driver. These flaws could allow a local attacker to cause a denial of service (system crash) or execute arbitrary code.

The same goes for CVE-2023-26606, an out-of-bounds read vulnerability discovered in the NTFS file system implementation, which could allow a local attacker to cause a denial of service (system crash) or possibly expose sensitive information, CVE-2023-28328, a null pointer dereference discovered by Wei Chen in the DVB USB AZ6027 driver, and CVE-2023-22997, a flaw found in the module decompression implementation, both allowing a local attacker to crash the system by causing a denial of service attack.

On the other hand, Ubuntu 22.04 LTS and Ubuntu 20.04 LTS users using Linux kernel 5.15 LTS get fixes for CVE-2023-0386, a flaw discovered in the OverlayFS implementation that could allow a local attacker to gain elevated privileges, CVE-2022-4129, a race condition discovered by Haowei Yan in the Layer 2 Tunneling Protocol (L2TP) implementation, and CVE-2022-4842, a null pointer dereference discovered in the NTFS file system implementation, both allowing a local attacker to cause a denial of service (system crash).

The same goes for CVE-2023-0394, a NULL pointer dereference vulnerability discovered by Kyle Zeng in the IPv6 implementation, and CVE-2023-1073, a type confusion vulnerability discovered in the Human Interface Device (HID) support driver, both allowing a local attacker to cause a denial of service (system crash).

Also patched are the CVE-2023-1074, a memory leak found in the SCTP protocol implementation, which could allow a local attacker to cause a denial of service (memory exhaustion), and CVE-2023-1652, a security issue discovered in the NFS implementation that could allow a local attacker to cause a denial of service (system crash) or expose sensitive information (kernel memory).

Canonical urges all Ubuntu users to update their installations as soon as possible to the new kernel versions (linux-image 5.19.0-40.41 for Ubuntu 22.10, linux-image 5.15.0.70.68 for Ubuntu 22.04 LTS, as well as linux-image-lowlatency-hwe 5.15.0.70.77~20.04.28 for Ubuntu 20.04 LTS).

Please keep in mind to reboot your installations after applying the new kernel updates, as well as to rebuild and reinstall any third-party kernel modules you might have installed in the case your Ubuntu system is missing the standard kernel metapackages (e.g. linux-generic).

Update: Canonical also released today new kernel security updates for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4 LTS, as well as Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM systems running Linux kernel 4.15.

Apart from the vulnerabilities mentioned above, these updates also address the CVE-2022-3903 and CVE-2022-3108 flaws.

Last updated 7 months ago

Buy Me a Coffee at ko-fi.com