Ubuntu Security Notices
LSN-0085-1

LSN-0085-1: Kernel Live Patch Security Notice

Publication date

23 March 2022

Overview

Several security issues were fixed in the kernel.

Releases

20.04 LTS 18.04 LTS 16.04 LTS 14.04 LTS

Software description

aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 5.4.0-1009, >= 5.4.0-1061, >= 4.4.0-1098, >= 4.4.0-1129)
azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 4.15.0-1063, >= 4.15.0-1078, >= 4.15.0-1114)
azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1115)
gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
generic-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-143, >= 4.15.0-69)
generic-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-211, >= 4.4.0-168)
generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
gke-4.15 – Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
gke-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)

aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 5.4.0-1009, >= 5.4.0-1061, >= 4.4.0-1098, >= 4.4.0-1129)
azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 4.15.0-1063, >= 4.15.0-1078, >= 4.15.0-1114)
azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1115)
gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
generic-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-143, >= 4.15.0-69)
generic-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-211, >= 4.4.0-168)
generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
gke-4.15 – Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
gke-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
gkeop-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
ibm – Linux kernel for IBM cloud systems - (>= 5.4.0-1009)
ibm-5.4 – Linux kernel for IBM cloud systems - (>= 5.4.0-1009)
lowlatency-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-143, >= 4.15.0-69)
lowlatency-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-211, >= 4.4.0-168)
lowlatency-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
oem – Linux kernel for OEM systems - (>= 4.15.0-1063)

Details

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges.(CVE-2022-0492)

Nick Gregory discovered that the Linux kernel incorrectly handled network
offload functionality. A local attacker could use this to cause a denial of
service or possibly execute arbitrary code.(CVE-2022-25636)

Checking update status

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status

The problem can be corrected in these Livepatch versions:

Kernel type	20.04	18.04	16.04	14.04
aws	85.1	85.1	85.1	—
azure	85.1	—	85.1	—
azure-4.15	—	85.1	—	—
gcp	85.1	—	—	—
generic-4.15	—	85.1	85.1	—
generic-4.4	—	—	85.1	85.1
generic-5.4	85.2	85.2	—	—
gke	85.1	—	—	—
gke-4.15	—	85.1	—	—
gke-5.4	—	85.1	—	—
gkeop	85.1	—	—	—
gkeop-5.4	—	85.1	—	—
ibm	85.1	—	—	—
ibm-5.4	—	85.1	—	—
lowlatency-4.15	—	85.1	85.1	—
lowlatency-4.4	—	—	85.1	85.1
lowlatency-5.4	85.2	85.2	—	—
oem	—	85.1	—	—

References

Have additional questions?

Talk to a member of the team ›