LSN-0070-1: Kernel Live Patch Security Notice

17 August 2020

Several security issues were fixed in the kernel.

Releases

Software Description

  • aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 5.4.0-1009, >= 4.4.0-1098)
  • azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 4.15.0-1063)
  • gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
  • generic-4.15 - Linux kernel - (>= 4.15.0-69)
  • generic-4.4 - Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
  • generic-5.4 - Linux kernel - (>= 5.4.0-26)
  • lowlatency-4.15 - Linux kernel - (>= 4.15.0-69)
  • lowlatency-4.4 - Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
  • lowlatency-5.4 - Linux kernel - (>= 5.4.0-26)
  • oem - Linux kernel for OEM systems - (>= 4.15.0-1063)

Details

Mauricio Faria de Oliveira discovered that the aufs implementation in the
Linux kernel improperly managed inode reference counts in the
vfsub_dentry_open() method. A local attacker could use this vulnerability
to cause a denial of service. (CVE-2020-11935)

Checking update status

The problem can be corrected in these Livepatch versions:

Kernel type 20.04 18.04 16.04 14.04
aws 70.1 70.1 70.1
azure 70.1 70.1
gcp 70.1
generic-4.15 70.1
generic-4.4 70.1 70.1
generic-5.4 70.1
lowlatency-4.15 70.1
lowlatency-4.4 70.1 70.1
lowlatency-5.4 70.1
oem 70.1

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status

References