14 DAY TRIAL // Canonical released new Linux kernel security updates for all supported Ubuntu operating systems addressing a total of nine vulnerabilities discovered by various researchers.
The newly patched Linux kernel vulnerabilities affect Ubuntu 17.10 (Artful Aardvark), Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 (Precise Pangolin) ESM (Extended Security Maintenance), as well as all of their official derivatives, including Kubuntu, Lubuntu, etc.
They include a use-after-free vulnerability discovered by Mohamed Ghannam in Linux kernel's Netlink subsystem (XFRM) and inabilit of the Linux kernel to correctly handle copy-on-write (CoW) of transparent huge pages, which affected all the supported Ubuntu releases and their derivatives.
Also fixed is an issue with Linux kernel's associative array implementation, which sometimes didn't properly handle adding a new entry, as well as an out-of-bounds read discovered by Andrey Konovalov in Linux kernel's GTCO digitizer USB driver, which affected both Ubuntu 17.10 and Ubuntu 16.04 LTS releases.
Affecting only Ubuntu 17.04, the update fixes a race condition in Linux kernel's driver subsystem, and affecting only Ubuntu 17.10, the update addresses a null pointer dereference error in Linux kernel's PowerPC KVM implementation and a race condition in the key management subsystem.
Users are urged to update their installations as soon as possible
Another security vulnerability was discovered by Andrey Konovalov in Linux kernel's USB subsystem, which failed to properly validate USB BOS metadata, affecting Ubuntu 17.10 machines and allowing an attacker with physical access to crash the system by causing a denial of service (DoS attack).
Lastly, the update patches a security flaw discovered by Eric Biggers in Linux kernel's key management subsystem, which failed to properly restrict adding a key that already exists but is uninstantiated, which could allow a local attacker to execute arbitrary code or crash the vulnerable system.
Canonical urges all Ubuntu users to update their systems immediately to the new kernel versions, namely linux-image 4.13.0.19.22 for Ubuntu 17.10, linux-image-raspi2 4.13.0.1008.6 for Ubuntu 17.10 for Raspberry Pi 2, linux-image 4.10.0.42.46 for Ubuntu 17.04, and linux-image-raspi2 4.10.0.1023.24 for Ubuntu 17.04 for Raspberry Pi 2.
Additionally, Ubuntu 16.04 LTS users need to update their kernels to linux-image 4.4.0.103.108 on 64-bit and 32-bit machines, Ubuntu 16.04 LTS for Raspberry Pi 2 users to linux-image-raspi2 4.4.0.1079.79, and Ubuntu 14.04 LTS users to linux-image-3.13.0-137-generic 3.13.0-137.186. Updated HWE kernels are available as well for Ubuntu 16.04.3 LTS, Ubuntu 14.04.5 LTS, and Ubuntu 12.04 ESM users.