LSN-0080-1: Kernel Live Patch Security Notice

Publication date

16 August 2021

Overview

Several security issues were fixed in the kernel.


Software description

  • gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
  • generic-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
  • generic-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
  • generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
  • gke-4.15 – Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
  • gke-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
  • lowlatency-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
  • lowlatency-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
  • lowlatency-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • oem – Linux kernel for OEM systems - (>= 4.15.0-1063)
  • gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
  • generic-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
  • generic-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
  • generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
  • gke-4.15 – Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
  • gke-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
  • lowlatency-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
  • lowlatency-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
  • lowlatency-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • oem – Linux kernel for OEM systems - (>= 4.15.0-1063)

Details

Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-22555)

Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-22555)

Checking update status

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status

The problem can be corrected in these Livepatch versions:

Kernel type 20.04 18.04 16.04 14.04
gcp 80.1
generic-4.15 80.1 80.1
generic-4.4 80.1 80.1
generic-5.4 80.1 80.1
gke 80.1
gke-4.15 80.1
gke-5.4 80.1
gkeop 80.1
gkeop-5.4 80.1
lowlatency-4.15 80.1 80.1
lowlatency-4.4 80.1 80.1
lowlatency-5.4 80.1 80.1
oem 80.1

References


Have additional questions?

Talk to a member of the team ›