Recently, Canonical released a major Linux kernel update to fix 14 security vulnerabilities discovered by several security researchers. The latest kernel update brings in fixes for several vulnerabilities that affect Ubuntu 20.10, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS systems.
Canonical advises all the users to update their installations to the following version as soon as possible The latest kernel versions are Linux image 4.4.0-197.229 for Ubuntu 16.04 LTS (64-bit), Linux-image 5.4.0-56.62~18.04.1 for Ubuntu 18.04 LTS (64-bit), Linux-image 5.4.0-56.62 for Ubuntu 20.04 LTS (64-bit), and Linux-image 5.8.0-31.33 for Ubuntu 20.10 (64-bit).
Recently, Linux Kernel 5.8 reached End Of Life
The Vulnerabilities
- CVE-2020-0423: A race condition discovered in Linux kernel’s binder IPC implementation that leads to a use-after-free vulnerability and possibly enables a local attacker to cause a denial of service (system crash) or likely execute arbitrary code.
- CVE-2020-10135: Bluetooth security vulnerability that could allow a physically proximate attacker to mimic an earlier paired Bluetooth device.
- CVE-2020-14351: A race condition discovered in kernel’s perf subsystem that leads to a use-after-free vulnerability and possibly enables a local attacker to cause a denial of service (system crash) or likely execute arbitrary code.
- CVE-2020-14390: The frame buffer implementation flaw that did not handle some edge cases in software scrollback. This possibly enables a local attacker to cause a denial of service (system crash) or likely execute arbitrary code.
- CVE-2020-25211: A flaw discovered in the Netfilter connection tracker for Netlink.
- CVE-2020-25284: A flaw discovered in Linux kernel’s Rados block device (rbd) driver, which could let a local attacker map or unmap rbd block devices.
- CVE-2020-25643: A vulnerability identified in the HDLC PPP implementation. This presumably enables a local attacker to cause a denial of service (system crash) or likely execute arbitrary code.
- CVE-2020-25645: A security vulnerability that could let an attacker expose sensitive information.
- CVE-2020-25705: A flaw discovered in the Linux kernel’s ICMP global rate limiter, which could let a remote attacker facilitate attacks on UDP based services that rely on source port randomization.
Are you interested in the Linux News update? Subscribe to our newsletter now and receive regular updates.