Canonical has released new Linux kernel security patches for all Ubuntu updates to address the various security vulnerabilities encountered in the upstream kernel packages.
The fresh Ubuntu Linux kernel security updates come three weeks after the previous security update and have identified two main weaknesses: Ubuntu 22.04 LTS (Jammy Jellyfish), Ubuntu 20.04 LTS (Bionic Beaver) and Ubuntu 16.04 ESM (Xenial Xerus).
The new kernel updates for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS systems include CVE-2022-1882, a race condition discovered by Selim Enes Karaduman in the general notification queue implementation, as well as CVE-2022-39189, a security flaw discovered by Google Project Zeros in the KVM subsystem. Both of them may either allow a local attacker in a guest virtual machine to cause a denial of service (guest crash).
Both Ubuntu 22.04 LTS and 20.04 LTS systems with Linux kernel 5.4 LTS, and the new security updates fix CVE-2022-3176, a use-after-free vulnerability discovered by Eric Biggers in the io_uring subsystem that might permit a local attacker to cause a denial of service (system crash) or execute arbitrary code, CVE-2022-36879, an issue affecting Intel CPUs with eIBRS (Enhanced Indirect Restricted Spec
Only for Ubuntu 20.04 LTS and 18.04 LTS systems with Linux kernel 5.4 LTS, the new Linux kernel security update improves CVE-2022-20369, an out-of-bounds write vulnerability discovered in the Video for Linux 2 (V4L2) implementation, which may allow a local attacker to cause a denial of service (system crash) or execute arbitrary code, as well as CVE-2021-4159, a security issue discovered in the BPF verification that might allow a local attacker
The new kernel security patches for Ubuntu 20.04 LTS and 18.04 LTS systems running Linux kernel 4.15 include several security vulnerabilities (CVE-2022-33740, CVE-2022-33742, and CVE-2022-33744) found in the Xen paravirtualization platform. They may either expose sensitive information or cause a denial of service for the hosts or guests.
CVE-2022-26365, a security flaw discovered by Roger Pau Monne in the Xen virtual block driver, which might allow a local attacker to disclose sensitive information (guest kernel memory), and CVE-2022-2318, race hazards identified in the timer handling the implementation of the Rose X.25 protocol layer, which might allow a local attacker to cause a denial of service (system crash).
The new security updates for Ubuntu 18.04 LTS and Ubuntu 16.04 ESM systems have addressed CVE-2022-0812, a security flaw discovered in the SUNRPC RDMA protocol implementation, which might enable a local attacker to expose sensitive information (kernel memory), as well as CVE-2022-1012 and CVE-2022-32296, two vulnerabilities discovered by Moshe Kol, Amit Klein, and Yossi Gilad in the IP implementation, which might allow an attacker to disclose sensitive
Canonical has urged all Ubuntu users to upgrade the kernel packages in their systems as quickly as possible to the new versions (linux-image 5.15.0.50.50 for Ubuntu 22.04 LTS, linux-image 5.4.0.128.144 for Ubuntu 18.04 LTS, and linux-image 4.15.0-194.20516.04.1 for Ubuntu 16.04 ESM using Ubuntu Pro).
In the Terminal app or another terminal emulator, you may run the sudo apt update and sudo apt full-upgrade command. Kernel updates may require a system reboot, and you may also need to recompile and reinstall any third-party kernel modules you have already installed, assuming you have manually uninstalled the standard kernel metapackages.