Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 18.04 LTS: USN-5319-1 Critical: Linux Kernel Security Issues

ubuntu
Calendar Grey March 8, 2022
Dist Ubuntu Esm H88
Multiple vulnerabilities in the Linux kernel addressed for Ubuntu versions 18.04, 16.04, and 14.04. Ensure updates are implemented to uphold system integrity.
Several security issues were fixed in the Linux kernel.

Summary

Several security issues were fixed in the Linux kernel.

Software Description:

- linux: Linux kernel

- linux-aws: Linux kernel for Amazon Web Services (AWS) systems

- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems

- linux-dell300x: Linux kernel for Dell 300x platforms

- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems

- linux-kvm: Linux kernel for cloud environments

- linux-oracle: Linux kernel for Oracle Cloud systems

- linux-raspi2: Linux kernel for Raspberry Pi systems

- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems

- linux-azure: Linux kernel for Microsoft Azure Cloud systems

- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems

- linux-hwe: Linux hardware enablement (HWE) kernel

- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano

Gi...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  linux-image-4.15.0-1037-dell300x  4.15.0-1037.42
  linux-image-4.15.0-1089-oracle  4.15.0-1089.98
  linux-image-4.15.0-1105-raspi2  4.15.0-1105.112
  linux-image-4.15.0-1109-kvm     4.15.0-1109.112
  linux-image-4.15.0-1118-gcp     4.15.0-1118.132
  linux-image-4.15.0-1122-snapdragon  4.15.0-1122.131
  linux-image-4.15.0-1123-aws     4.15.0-1123.132
  linux-image-4.15.0-1133-azure   4.15.0-1133.146
  linux-image-4.15.0-171-generic  4.15.0-171.180
  linux-image-4.15.0-171-generic-lpae  4.15.0-171.180
  linux-image-4.15.0-171-lowlatency  4.15.0-171.180
  linux-image-aws-lts-18.04       4.15.0.1123.126
  linux-image-azure-lts-18.04     4.15.0.1133.106
  linux-image-dell300x            4.15.0.1037.39
  linux-image-gcp-lts-18.04       4.15.0.1118.137
  linux-image-generic             4.15.0.171.160
  linux-image-generic-lpae        4.15.0.171.160
  linux-image-kvm                 4.15.0.1109.105
  linux-image-lowlatency          4.15.0.171.160
  linux-image-oracle-lts-18.04    4.15.0.1089.99
  linux-image-raspi2              4.15.0.1105.103
  linux-image-snapdragon          4.15.0.1122.125
  linux-image-virtual             4.15.0.171.160

Ubuntu 16.04 ESM:
  linux-image-4.15.0-1089-oracle  4.15.0-1089.98~16.04.1
  linux-image-4.15.0-1118-gcp     4.15.0-1118.132~16.04.1
  linux-image-4.15.0-1123-aws-hwe  4.15.0-1123.132~16.04.1
  linux-image-4.15.0-1133-azure   4.15.0-1133.146~16.04.1
  linux-image-4.15.0-171-generic  4.15.0-171.180~16.04.1
  linux-image-4.15.0-171-lowlatency  4.15.0-171.180~16.04.1
  linux-image-4.4.0-1102-kvm      4.4.0-1102.111
  linux-image-4.4.0-1137-aws      4.4.0-1137.151
  linux-image-4.4.0-221-generic   4.4.0-221.254
  linux-image-4.4.0-221-lowlatency  4.4.0-221.254
  linux-image-aws                 4.4.0.1137.142
  linux-image-aws-hwe             4.15.0.1123.113
  linux-image-azure               4.15.0.1133.124
  linux-image-gcp                 4.15.0.1118.119
  linux-image-generic             4.4.0.221.228
  linux-image-generic-hwe-16.04   4.15.0.171.163
  linux-image-gke                 4.15.0.1118.119
  linux-image-kvm                 4.4.0.1102.100
  linux-image-lowlatency          4.4.0.221.228
  linux-image-lowlatency-hwe-16.04  4.15.0.171.163
  linux-image-oem                 4.15.0.171.163
  linux-image-oracle              4.15.0.1089.77
  linux-image-virtual             4.4.0.221.228
  linux-image-virtual-hwe-16.04   4.15.0.171.163

Ubuntu 14.04 ESM:
  linux-image-4.15.0-1133-azure   4.15.0-1133.146~14.04.1
  linux-image-4.4.0-1101-aws      4.4.0-1101.106
  linux-image-4.4.0-221-generic   4.4.0-221.254~14.04.1
  linux-image-4.4.0-221-lowlatency  4.4.0-221.254~14.04.1
  linux-image-aws                 4.4.0.1101.99
  linux-image-azure               4.15.0.1133.106
  linux-image-generic-lts-xenial  4.4.0.221.192
  linux-image-lowlatency-lts-xenial  4.4.0.221.192
  linux-image-virtual-lts-xenial  4.4.0.221.192

IMPORTANT: As part of this update, unprivileged eBPF is being
disabled by default, as it is the primary known means of exploiting
the Branch History Injection issues described above. It should be
noted that other mechanisms for exploiting the underlying issues may
be discovered.  Also, this may cause issues for applications that
rely on the unprivileged eBPF functionality. Please see the knowledge
base article at https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI
for more details.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5319-1

CVE-2022-0001, CVE-2022-0002,

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI

Severity
critical
Lowest
Low
Medium
High
Critical

March 09, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.