Your submission was sent successfully! Close

LSN-0085-1: Kernel Live Patch Security Notice

23 March 2022

Several security issues were fixed in the kernel.

Releases

Software Description

  • aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 5.4.0-1009, >= 5.4.0-1061, >= 4.4.0-1098, >= 4.4.0-1129)
  • azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 4.15.0-1063, >= 4.15.0-1078, >= 4.15.0-1114)
  • azure-4.15 - Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1115)
  • gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
  • generic-4.15 - Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-143, >= 4.15.0-69)
  • generic-4.4 - Linux kernel - (>= 4.4.0-168, >= 4.4.0-211, >= 4.4.0-168)
  • generic-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • gke - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
  • gke-4.15 - Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
  • gke-5.4 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop-5.4 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
  • ibm - Linux kernel for IBM cloud systems - (>= 5.4.0-1009)
  • ibm-5.4 - Linux kernel for IBM cloud systems - (>= 5.4.0-1009)
  • lowlatency-4.15 - Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-143, >= 4.15.0-69)
  • lowlatency-4.4 - Linux kernel - (>= 4.4.0-168, >= 4.4.0-211, >= 4.4.0-168)
  • lowlatency-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • oem - Linux kernel for OEM systems - (>= 4.15.0-1063)

Details

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges.(CVE-2022-0492)

Nick Gregory discovered that the Linux kernel incorrectly handled network
offload functionality. A local attacker could use this to cause a denial of
service or possibly execute arbitrary code.(CVE-2022-25636)

Checking update status

The problem can be corrected in these Livepatch versions:

Kernel type 20.04 18.04 16.04 14.04
aws 85.1 85.1 85.1
azure 85.1 85.1
azure-4.15 85.1
gcp 85.1
generic-4.15 85.1 85.1
generic-4.4 85.1 85.1
generic-5.4 85.2 85.2
gke 85.1
gke-4.15 85.1
gke-5.4 85.1
gkeop 85.1
gkeop-5.4 85.1
ibm 85.1
ibm-5.4 85.1
lowlatency-4.15 85.1 85.1
lowlatency-4.4 85.1 85.1
lowlatency-5.4 85.2 85.2
oem 85.1

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status