LSN-0078-1: Kernel Live Patch Security Notice
19 July 2021
Several security issues were fixed in the kernel.
Releases
Software Description
- gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
- generic-4.15 - Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
- generic-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
- gke - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
- gke-4.15 - Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
- gke-5.4 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
- gkeop - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
- gkeop-5.4 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
- lowlatency-4.15 - Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
- lowlatency-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
- oem - Linux kernel for OEM systems - (>= 4.15.0-1063)
Details
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code.(CVE-2021-3609)
Checking update status
The problem can be corrected in these Livepatch versions:
| Kernel type | 20.04 | 18.04 | 16.04 |
|---|---|---|---|
| gcp | 78.1 | — | — |
| generic-4.15 | — | 78.1 | 78.1 |
| generic-5.4 | 78.1 | 78.1 | — |
| gke | 78.1 | — | — |
| gke-4.15 | — | 78.1 | — |
| gke-5.4 | — | 78.1 | — |
| gkeop | 78.1 | — | — |
| gkeop-5.4 | — | 78.1 | — |
| lowlatency-4.15 | — | 78.1 | 78.1 |
| lowlatency-5.4 | 78.1 | 78.1 | — |
| oem | — | 78.1 | — |
To check your kernel type and Livepatch version, enter this command:
canonical-livepatch status