Canonical launched in the present day new Linux kernel safety updates for all supported Ubuntu LTS releases to deal with as much as 16 vulnerabilities found by numerous safety researchers.
The brand new Linux kernel safety updates are about one month after the previous kernel update, which patched the not too long ago disclosed Wi-Fi driver stack vulnerabilities, and can be found just for all supported Ubuntu LTS (Lengthy-Time period Assist) variations, together with Ubuntu 22.04 LTS (Jammy Jellyfish), Ubuntu 20.04 LTS (Focal Fossa), and Ubuntu 18.04 LTS (Bionic Beaver).
Mounted on this new Linux kernel replace are a complete of 16 vulnerabilities, together with 5 which can be widespread to all supported Ubuntu releases. These are CVE-2022-2978, a use-after-free vulnerability found by Hao Solar and Jiacheng Xu within the NILFS file system implementation that might permit an area attacker to crash the system or execute arbitrary code, CVE-2022-3028, a race situation found by Abhishek Shah within the PF_KEYv2 implementation that might permit an area attacker to reveal delicate data (kernel reminiscence) or crash the system, and CVE-2022-3635, a use-after-free vulnerability found within the IDT 77252 ATM PCI system driver that might permit an area attacker to crash the system or execute arbitrary code.
The identical goes for CVE-2022-20422, a race situation found in Linux kernel’s instruction emulator on AArch64 (ARM64) methods, which may permit an area attacker to trigger a denial of service (system crash), in addition to CVE-2022-40768, a flaw found by Xingyuan Mo and Gengjia Chen within the Promise SuperTrak EX
storage controller driver, which may permit an area attacker to reveal delicate data (kernel reminiscence).
Just for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS methods working Linux kernel 5.15 LTS, in addition to Ubuntu 20.04 LTS and Ubuntu 18.04 LTS methods working Linux kernel 5.4 LTS, the brand new Ubuntu kernel safety replace additionally fixes CVE-2022-3625, a flaw found within the Netlink system interface implementation that might result in a use-after-free vulnerability with some community system drivers by permitting an area attacker with admin entry to the community system to trigger a denial of service (system crash) or probably execute arbitrary code.
Two different flaws had been patched for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS methods working Linux kernel 5.15 LTS, specifically CVE-2022-2905, an out-of-bounds learn vulnerability found by Hsin-Wei Hung within the BPF subsystem and the x86 JIT compiler, which may permit an area attacker to crash the system by inflicting a denial of service or expose delicate data (kernel reminiscence), and CVE-2022-39190, a flaw found by Gwangun Jung within the netfilter subsystem that might permit an area attacker to trigger a denial of service (system crash).
Just for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS methods working Linux kernel 5.4 LTS, in addition to Ubuntu 18.04 LTS and Ubuntu 16.04 ESM methods working Linux kernel 4.15, the brand new kernel replace additionally addresses CVE-2022-2153, a safety concern found within the KVM implementation that might permit an area attacker to crash the system.
Just for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS methods working Linux kernel 5.4 LTS, this replace fixes CVE-2022-29901, a flaw found by Johannes Wikner and Kaveh Razavi that affected some Intel x86_64 CPUs by making Linux kernel’s protections in opposition to speculative department goal injection assaults inadequate, permitting an area attacker to reveal delicate data, in addition to CVE-2022-39188 and CVE-2022-42703, two flaws found by Google Undertaking Zero’s Jann Horn within the Linux kernel when unmapping VMAs, which may permit an area attacker to trigger a denial of service (system crash) or execute arbitrary code.
The identical goes for CVE-2022-41222, a race situation found within the reminiscence handle house accounting implementation that might permit an area attacker to trigger a denial of service (system crash) or execute arbitrary code, in addition to CVE-2022-42719, a use-after-free vulnerability found by Sönke Huster within the Wi-Fi driver stack that might permit a bodily proximate attacker to trigger a denial of service (system crash) or execute arbitrary code.
Final however not least, the brand new Ubuntu kernel safety replace addresses CVE-2022-36879, a flaw found within the Netlink Transformation (XFRM) subsystem that might permit an area attacker to trigger a denial of service (system crash). This flaw solely affected the kernel packages of Ubuntu 18.04 LTS and Ubuntu 16.04 ESM methods working Linux kernel 4.15.
Canonical urges all customers Ubuntu LTS customers to replace their kernel packages to the brand new variations out there within the secure software program repositories, specifically linux-image 5.15.0.53.53 for Ubuntu 22.04 LTS methods, linux-image - 5.15.0-53.59~20.04.1 for Ubuntu 20.04 LTS methods working Linux kernel 5.15 LTS, linux-image 5.4.0.132.132 for Ubuntu 20.04 LTS methods working Linux kernel 5.4 LTS, linux-image-hwe-18.04 5.4.0.132.148~18.04.109 for Ubuntu 18.04 LTS methods working Linux kernel 5.4 LTS, and linux-image 4.15.0.197.182 for Ubuntu 18.04 LTS methods working Linux kernel 4.15.
To replace your Ubuntu installations, run the sudo apt replace && sudo apt dist-upgrade command within the Terminal app or use the Software program Updater utility. After putting in the brand new kernel variations, you’ll have to reboot your computer systems, in addition to to rebuild and reinstall any third-party kernel modules that you’ll have put in.
Final up to date 37 seconds in the past
