Your submission was sent successfully! Close

LSN-0084-1: Kernel Live Patch Security Notice

20 January 2022

A security issue was fixed in the kernel.

Releases

Software Description

  • aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.4.0-1009, >= 5.4.0-1061)
  • azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010)
  • gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
  • generic-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • gke - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
  • gke-5.4 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop-5.4 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
  • ibm - Linux kernel for IBM cloud systems - (>= 5.4.0-1009)
  • ibm-5.4 - linux-ibm-5.4 not found - (>= 5.4.0-1009)
  • lowlatency-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)

Details

William Liu and Jamie Hill-Daniel discovered that the file system context
functionality in the Linux kernel contained an integer underflow
vulnerability, leading to an out-of-bounds write. A local attacker could
use this to cause a denial of service (system crash) or execute arbitrary
code.(CVE-2022-0185)

Checking update status

The problem can be corrected in these Livepatch versions:

Kernel type 20.04 18.04
aws 84.2
azure 84.1
gcp 84.1
generic-5.4 84.2 84.2
gke 84.1
gke-5.4 84.1
gkeop 84.1
gkeop-5.4 84.1
ibm 84.1
ibm-5.4 84.1
lowlatency-5.4 84.2 84.2

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status

References