Ubuntu 5319-1: Linux kernel vulnerabilities
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1037-dell300x 4.15.0-1037.42 linux-image-4.15.0-1089-oracle 4.15.0-1089.98 linux-image-4.15.0-1105-raspi2 4.15.0-1105.112 linux-image-4.15.0-1109-kvm 4.15.0-1109.112 linux-image-4.15.0-1118-gcp 4.15.0-1118.132 linux-image-4.15.0-1122-snapdragon 4.15.0-1122.131 linux-image-4.15.0-1123-aws 4.15.0-1123.132 linux-image-4.15.0-1133-azure 4.15.0-1133.146 linux-image-4.15.0-171-generic 4.15.0-171.180 linux-image-4.15.0-171-generic-lpae 4.15.0-171.180 linux-image-4.15.0-171-lowlatency 4.15.0-171.180 linux-image-aws-lts-18.04 4.15.0.1123.126 linux-image-azure-lts-18.04 4.15.0.1133.106 linux-image-dell300x 4.15.0.1037.39 linux-image-gcp-lts-18.04 4.15.0.1118.137 linux-image-generic 4.15.0.171.160 linux-image-generic-lpae 4.15.0.171.160 linux-image-kvm 4.15.0.1109.105 linux-image-lowlatency 4.15.0.171.160 linux-image-oracle-lts-18.04 4.15.0.1089.99 linux-image-raspi2 4.15.0.1105.103 linux-image-snapdragon 4.15.0.1122.125 linux-image-virtual 4.15.0.171.160 Ubuntu 16.04 ESM: linux-image-4.15.0-1089-oracle 4.15.0-1089.98~16.04.1 linux-image-4.15.0-1118-gcp 4.15.0-1118.132~16.04.1 linux-image-4.15.0-1123-aws-hwe 4.15.0-1123.132~16.04.1 linux-image-4.15.0-1133-azure 4.15.0-1133.146~16.04.1 linux-image-4.15.0-171-generic 4.15.0-171.180~16.04.1 linux-image-4.15.0-171-lowlatency 4.15.0-171.180~16.04.1 linux-image-4.4.0-1102-kvm 4.4.0-1102.111 linux-image-4.4.0-1137-aws 4.4.0-1137.151 linux-image-4.4.0-221-generic 4.4.0-221.254 linux-image-4.4.0-221-lowlatency 4.4.0-221.254 linux-image-aws 4.4.0.1137.142 linux-image-aws-hwe 4.15.0.1123.113 linux-image-azure 4.15.0.1133.124 linux-image-gcp 4.15.0.1118.119 linux-image-generic 4.4.0.221.228 linux-image-generic-hwe-16.04 4.15.0.171.163 linux-image-gke 4.15.0.1118.119 linux-image-kvm 4.4.0.1102.100 linux-image-lowlatency 4.4.0.221.228 linux-image-lowlatency-hwe-16.04 4.15.0.171.163 linux-image-oem 4.15.0.171.163 linux-image-oracle 4.15.0.1089.77 linux-image-virtual 4.4.0.221.228 linux-image-virtual-hwe-16.04 4.15.0.171.163 Ubuntu 14.04 ESM: linux-image-4.15.0-1133-azure 4.15.0-1133.146~14.04.1 linux-image-4.4.0-1101-aws 4.4.0-1101.106 linux-image-4.4.0-221-generic 4.4.0-221.254~14.04.1 linux-image-4.4.0-221-lowlatency 4.4.0-221.254~14.04.1 linux-image-aws 4.4.0.1101.99 linux-image-azure 4.15.0.1133.106 linux-image-generic-lts-xenial 4.4.0.221.192 linux-image-lowlatency-lts-xenial 4.4.0.221.192 linux-image-virtual-lts-xenial 4.4.0.221.192 IMPORTANT: As part of this update, unprivileged eBPF is being disabled by default, as it is the primary known means of exploiting the Branch History Injection issues described above. It should be noted that other mechanisms for exploiting the underlying issues may be discovered. Also, this may cause issues for applications that rely on the unprivileged eBPF functionality. Please see the knowledge base article at https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI for more details. After a standard system update you need to reboot your computer to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-5319-1
CVE-2022-0001, CVE-2022-0002,
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI
Package Information
https://launchpad.net/ubuntu/+source/linux/4.15.0-171.180 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1123.132 https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1133.146 https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1037.42 https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1118.132 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1109.112 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1089.98 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1105.112 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1122.131