LSN-0065-1: Kernel Live Patch Security Notice

9 April 2020

Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 ESM

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-hwe - Linux hardware enablement (HWE) kernel

Details

Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine) emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service (crash the host). (CVE-2013-1798)

It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). (CVE-2019-3016)

Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428)

Update instructions

The problem can be corrected by updating your kernel livepatch to the following versions:

Ubuntu 18.04 LTS
linux-gcp - 65.1
linux-azure - 65.1
linux-generic - 65.1
linux-lowlatency - 65.1
Ubuntu 16.04 LTS
linux-generic - 65.1
linux-lowlatency - 65.1
linux-aws - 65.1
linux-hwe-generic - 65.1
linux-hwe-lowlatency - 65.1
linux-azure - 65.1
Ubuntu 14.04 LTS
linux-generic - 65.1
linux-lowlatency - 65.1

Support Information

Kernels older than the levels listed below do not receive livepatch updates. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible.

Ubuntu 18.04 LTS
linux-gcp - 5.0.0-1025
linux-azure - 5.0.0-1025
linux-generic - 4.15.0-69
linux-lowlatency - 4.15.0-69
Ubuntu 16.04 LTS
linux-generic - 4.4.0-168
linux-lowlatency - 4.4.0-168
linux-aws - 4.4.0-1098
linux-hwe-generic - 4.15.0-69
linux-hwe-lowlatency - 4.15.0-69
linux-azure - 4.15.0-1063
Ubuntu 14.04 LTS
linux-generic - 4.4.0-168
linux-lowlatency - 4.4.0-168

References