Ubuntu Users Get Small Linux Kernel Security Update with Only Two Flaws Patched

Ubuntu Security Update

Canonical today published a new Linux kernel security update for all supported Ubuntu releases to address two security vulnerabilities affecting all supported kernel versions and flavors.

The new Linux kernel update comes just a few days after the previous Ubuntu major update one and only patches two flaws, namely CVE-2022-1055, a use-after-free vulnerability discovered in the network traffic control implementation, and CVE-2022-27666, a security issue discovered in the IPsec implementation that could lead to a heap-based buffer overflow.

Both of these flaws could allow a local attacker to crash the vulnerable system by causing a denial of service or possibly execute arbitrary code, but the CVE-2022-1055 flaw could also allow a local attacker to gain privilege escalation. As such, CVE-2022-1055 is marked with a “high” priority while CVE-2022-27666 has a priority status of “medium”.

“This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat,” reads the CVE-2022-27666 security advisory. “A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces,” reads the CVE-2022-1055 security advisory.

Canonical issued new Linux kernel versions for Ubuntu 21.10 (Impish Indri) systems running Linux kernel 5.13 (linux-image 5.13.0.39.48), Ubuntu 20.04 LTS (Focal Fossa) systems running Linux kernel 5.4 LTS (linux-image 5.4.0.107.111) or Linux kernel 5.13 HWE (linux-image-5.13.0-39 5.13.0-39.44~20.04.1), as well as Ubuntu 18.04 LTS (Bionic Beaver) systems running Linux kernel 5.4 HWE (linux-image-generic-hwe-18.04 5.4.0.107.121~18.04.92).

Users are urged to update their installations as soon as possible to the new kernel versions available in the stable repositories for their architectures and flavors. To update your Ubuntu installations and install the new security update, simply run the sudo apt update && sudo apt full-upgrade command in a terminal emulator or use the Software Updater utility. Please keep in mind to reboot your installations after installing the new kernel versions!

Last updated 6 months ago