Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

LSN-0065-1: Kernel Live Patch Security Notice

9 April 2020

Several security issues were fixed in the kernel.


Software Description

  • aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 4.4.0-1098)
  • azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.0.0-1025, >= 4.15.0-1063)
  • gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.0.0-1025)
  • generic-4.15 - Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
  • generic-4.4 - Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
  • lowlatency-4.15 - Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
  • lowlatency-4.4 - Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)


Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual
Machine) emulated the IOAPIC. A privileged guest user could exploit
this flaw to read host memory or cause a denial of service (crash
the host). (CVE-2013-1798)

It was discovered that the KVM implementation in the Linux kernel,
when paravirtual TLB flushes are enabled in guests, the hypervisor in
some situations could miss deferred TLB flushes or otherwise mishandle
them. An attacker in a guest VM could use this to expose sensitive
information (read memory from another guest VM). (CVE-2019-3016)

Al Viro discovered that the vfs layer in the Linux kernel contained
a use- after-free vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information (kernel memory). (CVE-2020-8428)

Checking update status

The problem can be corrected in these Livepatch versions:

Kernel type 18.04 16.04 14.04
aws 65.1
azure 65.1 65.1
gcp 65.1
generic-4.15 65.1 65.1
generic-4.4 65.1 65.1
lowlatency-4.15 65.1 65.1
lowlatency-4.4 65.1 65.1

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status