New Ubuntu Linux Kernel Security Updates Fix 9 Vulnerabilities, Patch Now

Canonical’s Ubuntu Kernel team today released new Linux kernel security updates for all supported releases of the Ubuntu operating system to address up to nine security vulnerabilities.

These new Linux kernel security updates are a little over a month out of the yearafter the previous one, which addressed six vulnerabilities, and they are available for Ubuntu 21.10 (Impish Indri), Ubuntu 21.04 (Hisute Hippo), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), as well as the Ubuntu 16.04 and 14.04 ESM releases.

Patched in this new kernel are security updates: CVE-2021-4002, a security flaw affecting all of the aforementioned Ubuntu releases and discovered by Nadav Amit in the hugetlb implementation of the Linux kernel. This vulnerability could allow a local attacker to modify data from other processes that use huge pages.

Also for all supported Ubuntu releases, the new kernel security update patch CVE-2021-41864, an integer overflow discovered in the eBPF implementation, CVE-2021-43389, a race condition discovered in the ISDN CAPI implementation, and CVE-2021-43267, discovered a bug in the implementation of the TIPC protocol. This allows privileged local attackers to cause a denial of service (system crash) or execute arbitrary code.

The same applies to CVE-2021-20321, a race condition discovered in the Linux kernel’s overlay file system (OverlayFS) implementation that could allow a local attacker to cause a denial of service (system crash), as well as CVE-2021-3760, a use-after-free vulnerability discovered in the NFC subsystem that could allow a local attacker to cause a denial of service (system crash) or execute arbitrary code.

Only for Ubuntu 21.10, Ubuntu 21.04 and Ubuntu 20.04 LTS systems with Linux kernel 5.11, as well as Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems with Linux kernel 5.4, the new address for kernel security updates CVE-2021-43056, a bug discovered in the KVM implementation for POWER8 processors that could allow an attacker in a guest virtual machine to crash the host operating system by causing a denial of service.

Only for Only for Ubuntu 21.10 systems with Linux kernel 5.13, just as good as Ubuntu 21.04 and Ubuntu 20.04 LTS systems with Linux kernel 5.11, the new kernel updates also fix CVE-2021-43267, a vulnerability discovered in the implementation of the TIPC protocol that could allow an attacker to crash the system by causing a denial of service or potentially executing arbitrary code.

Only for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems with Linux kernel 5.4, the new kernel security updates also target CVE-2020-26541, a critical flaw that could allow an attacker to bypass UEFI Secure Boot
limitations because the Linux kernel was unable to properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (also known as dbx) security mechanism.

Last but not least, the new kernel security updates also patch CVE-2021-20317, a race condition discovered in the Linux kernel in the timer implementation that could allow a privileged attacker to cause a denial of service.

Canonical urges all Ubuntu users affected by these vulnerabilities to update their installations to the new kernel versions available in major software repositories as soon as possible. To update, use the Software Updater utility to install all available updates or run the command below in the Terminal app.

sudo apt update && sudo apt full-upgrade

As always, keep in mind that you will need to reboot your systems after installing the new kernel versions, as well as rebuild and reinstall any third-party kernel modules you may have installed.

I should also note that this is probably the last kernel update for Ubuntu 21.04 (Hirsute Hippo), which will reaching end of life on January 20, 2022. If you are still using Ubuntu 21.04, you should consider upgrading to Ubuntu 21.10 (Impish Indri), which will be supported until July 2022.

Last updated 4 minutes ago

Leave a Comment