Ubuntu Security Notices
LSN-0076-1

LSN-0076-1: Kernel Live Patch Security Notice

Publication date

3 May 2021

Overview

Several security issues were fixed in the kernel.

Releases

20.04 LTS 18.04 LTS 16.04 LTS 14.04 LTS

Software description

aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 5.4.0-1009, >= 4.4.0-1098)
azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 4.15.0-1063, >= 4.15.0-1078)
gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
generic-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
generic-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
gke-4.15 – Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
gke-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
gkeop-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
lowlatency-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
lowlatency-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)

aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 5.4.0-1009, >= 4.4.0-1098)
azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 4.15.0-1063, >= 4.15.0-1078)
gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
generic-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
generic-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
gke-4.15 – Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
gke-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
gkeop-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
lowlatency-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-69)
lowlatency-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
lowlatency-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
oem – Linux kernel for OEM systems - (>= 4.15.0-1063)

Details

It was discovered that the overlayfs implementation in the Linux kernel did
not properly validate the application of file system capabilities with
respect to user namespaces. A local attacker could use this to gain
elevated privileges.(CVE-2021-3493)

Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux
kernel did not properly validate computation of branch displacements in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.(CVE-2021-29154)

Checking update status

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status

The problem can be corrected in these Livepatch versions:

Kernel type	20.04	18.04	16.04	14.04
aws	76.3	76.2	76.1	—
azure	76.3	—	76.2	—
gcp	76.3	—	—	—
generic-4.15	—	76.2	76.2	—
generic-4.4	—	—	76.1	76.1
generic-5.4	76.3	76.3	—	—
gke	76.3	—	—	—
gke-4.15	—	76.1	—	—
gke-5.4	—	76.3	—	—
gkeop	76.3	—	—	—
gkeop-5.4	—	76.3	—	—
lowlatency-4.15	—	76.2	76.2	—
lowlatency-4.4	—	—	76.1	76.1
lowlatency-5.4	76.3	76.3	—	—
oem	—	76.2	—	—

References

Have additional questions?

Talk to a member of the team ›