Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

LSN-0069-1: Kernel Live Patch Security Notice

27 July 2020

Several security issues were fixed in the kernel.

Releases

Software Description

  • aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 5.4.0-1009, >= 4.4.0-1098)
  • azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010)
  • gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
  • generic-4.15 - Linux kernel - (>= 4.15.0-69)
  • generic-4.4 - Linux kernel - (>= 4.4.0-168)
  • generic-5.4 - Linux kernel - (>= 5.4.0-26)
  • lowlatency-4.15 - Linux kernel - (>= 4.15.0-69)
  • lowlatency-4.4 - Linux kernel - (>= 4.4.0-168)
  • lowlatency-5.4 - Linux kernel - (>= 5.4.0-26)
  • oem - Linux kernel for OEM systems - (>= 4.15.0-1063)

Details

Relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local
users to cause a denial of service (such as relay blockage) by triggering a
NULL alloc_percpu result. (CVE-2019-19462)

Fan Yang discovered that the mremap implementation in the Linux kernel did
not properly handle DAX Huge Pages. A local attacker with access to DAX
storage could use this to gain administrative privileges. (CVE-2020-10757)

It was discovered that the DesignWare SPI controller driver in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash). (CVE-2020-12769)

In the Linux kernel before 5.4.16, a race condition in tty->disc_data
handling in the slip and slcan line discipline could lead to a
use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c
and drivers/net/can/slcan.c. (CVE-2020-14416)

Checking update status

The problem can be corrected in these Livepatch versions:

Kernel type 20.04 18.04 16.04
aws 69.1 69.1 69.1
azure 69.1
gcp 69.1
generic-4.15 69.1
generic-4.4 69.1
generic-5.4 69.1
lowlatency-4.15 69.1
lowlatency-4.4 69.1
lowlatency-5.4 69.1
oem 69.1

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading