LSN-0067-1: Kernel Live Patch Security Notice

Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the kernel.

Software Description

linux – Linux kernel
linux-aws – Linux kernel for Amazon Web Services (AWS) systems
linux-azure – Linux kernel for Microsoft Azure Cloud systems
linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems
linux-oem – Linux kernel for OEM systems

Details

It was discovered that the Serial CAN interface driver in the Linux kernel
did not properly initialize data. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-11494)

Update instructions

The problem can be corrected by updating your kernel livepatch to the following
versions:

Ubuntu 18.04 LTS: aws – 67.1; azure – 67.1; gcp – 67.1; generic – 67.1; lowlatency – 67.1; oem – 67.1
Ubuntu 16.04 LTS: aws – 67.1; generic – 67.1; lowlatency – 67.1

Support Information

Kernels older than the levels listed below do not receive livepatch
updates. If you are running a kernel version earlier than the one listed
below, please upgrade your kernel as soon as possible.

Ubuntu 18.04 LTS: linux – 4.15.0-69; linux-aws – 4.15.0-1054; linux-azure – 5.0.0-1025; linux-gcp – 5.0.0-1025; linux-oem – 4.15.0-1063
Ubuntu 20.04 LTS: linux – 5.4.0-26; linux-aws – 5.4.0-1009; linux-azure – 5.4.0-1010; linux-gcp – 5.4.0-1009; linux-oem – 5.4.0-26
Ubuntu 16.04 LTS: linux – 4.4.0-168; linux-aws – 4.4.0-1098; linux-azure – 4.15.0-1063; linux-hwe – 4.15.0-69
Ubuntu 14.04 ESM: linux-lts-xenial – 4.4.0-168