LSN-0068-1: Kernel Live Patch Security Notice

LSN-0068-1: Kernel Live Patch Security Notice

Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 ESM

Summary

Several security issues were fixed in the kernel.

Software Description

  • linux – Linux kernel
  • linux-aws – Linux kernel for Amazon Web Services (AWS) systems
  • linux-oem – Linux kernel for OEM systems

Special Notice for CVE-2020-0543

On June 9, Intel announced CVE-2020-0543, a CPU hardware issue known
as Special Register Buffer Data Sampling (SRBDS), which could result
in data leaks from random number generation instructions. The issue
affects a subset of Intel CPUs and is mitigated by a CPU microcode
update. This is a hardware issue and cannot be mitigated with a
livepatch.

The kernel update associated with the CVE provides the ability
to turn the mitigation on and off and to report the presence of the
mitigation in the microcode, and should be installed with the updated
microcode.

To determine if your Intel CPU is affected, consult
Intel’s list of affected processors.
Note that AMD processors, and architectures other than x86_64, are not
affected by this CVE.

Users affected by this issue should update their kernel and CPU microcode,
and reboot into the new kernel. Users not affected by CVE-2020-0543 may continue
to use livepatch updates without rebooting.

For more information about the CVE and our response, please consult the
Ubuntu SRBDS wiki page.

Details

It was discovered that the virtual terminal implementation in the Linux
kernel did not properly handle resize events. A local attacker could use
this to expose sensitive information. (CVE-2020-8647)

It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)

It was discovered that the virtual terminal implementation in the Linux
kernel did not properly handle resize events. A local attacker could use
this to expose sensitive information. (CVE-2020-8649)

It was discovered that the Serial CAN interface driver in the Linux kernel
did not properly initialize data. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-11494)

Piotr Krysiuk discovered that race conditions existed in the file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2020-12114)

Update instructions

The problem can be corrected by updating your kernel livepatch to the following
versions:

Ubuntu 18.04 LTS
aws – 68.1
generic – 68.1
lowlatency – 68.1
oem – 68.1
Ubuntu 16.04 LTS
aws – 68.1
generic – 67.1
generic – 68.1
lowlatency – 67.1
lowlatency – 68.1
Ubuntu 14.04 ESM
generic – 66.1
lowlatency – 66.1

Support Information

Kernels older than the levels listed below do not receive livepatch
updates. If you are running a kernel version earlier than the one listed
below, please upgrade your kernel as soon as possible.

Ubuntu 18.04 LTS
linux – 4.15.0-69
linux-aws – 4.15.0-1054
linux-azure – 5.0.0-1025
linux-gcp – 5.0.0-1025
linux-oem – 4.15.0-1063
Ubuntu 20.04 LTS
linux – 5.4.0-26
linux-aws – 5.4.0-1009
linux-azure – 5.4.0-1010
linux-gcp – 5.4.0-1009
linux-oem – 5.4.0-26
Ubuntu 16.04 LTS
linux – 4.4.0-168
linux-aws – 4.4.0-1098
linux-azure – 4.15.0-1063
linux-hwe – 4.15.0-69
Ubuntu 14.04 ESM
linux-lts-xenial – 4.4.0-168

References

Source: LSN-0068-1: Kernel Live Patch Security Notice

About KENNETH 19694 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.