Ubuntu Security Notices
USN-4579-1

USN-4579-1: Linux kernel vulnerabilities

Publication date

14 October 2020

Overview

Several security issues were fixed in the Linux kernel.

Releases

16.04 LTS 14.04 LTS

Packages

linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-kvm - Linux kernel for cloud environments
linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty
linux-raspi2 - Linux kernel for Raspberry Pi (V8) systems
linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors

Details

Hadar Manor discovered that the DCCP protocol implementation in the Linux
kernel improperly handled socket reuse, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2020-16119)

Wen Xu discovered that the XFS file system in the Linux kernel did not
properly validate inode metadata in some situations. An attacker could use
this to construct a malicious XFS image that, when mounted, could cause a
denial of service (system crash). (CVE-2018-10322)

Jay Shin discovered that the ext4 file system implementation in the Linux
kernel did not properly handle directory access with broken indexing,
leading to an out-of-bounds read vulnerability. A local attacker could use
this to cause a denial of service (system crash). (

It was discovered that a race condition existed in the hugetlb sysctl
implementation in the Linux kernel. A privileged attacker could use this to
cause a denial of service (system crash). (CVE-2020-25285)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release	Package Version
16.04 xenial	linux-image-4.4.0-1082-kvm – 4.4.0-1082.91
	linux-image-4.4.0-1117-aws – 4.4.0-1117.131
	linux-image-4.4.0-1141-raspi2 – 4.4.0-1141.151
	linux-image-4.4.0-1145-snapdragon – 4.4.0-1145.155
	linux-image-4.4.0-193-generic – 4.4.0-193.224
	linux-image-4.4.0-193-generic-lpae – 4.4.0-193.224
	linux-image-4.4.0-193-lowlatency – 4.4.0-193.224
	linux-image-4.4.0-193-powerpc-e500mc – 4.4.0-193.224
	linux-image-4.4.0-193-powerpc-smp – 4.4.0-193.224
	linux-image-4.4.0-193-powerpc64-emb – 4.4.0-193.224
	linux-image-4.4.0-193-powerpc64-smp – 4.4.0-193.224
	linux-image-aws – 4.4.0.1117.122
	linux-image-generic – 4.4.0.193.199
	linux-image-generic-lpae – 4.4.0.193.199
	linux-image-kvm – 4.4.0.1082.80
	linux-image-lowlatency – 4.4.0.193.199
	linux-image-powerpc-e500mc – 4.4.0.193.199
	linux-image-powerpc-smp – 4.4.0.193.199
	linux-image-powerpc64-emb – 4.4.0.193.199
	linux-image-powerpc64-smp – 4.4.0.193.199
	linux-image-raspi2 – 4.4.0.1141.141
	linux-image-snapdragon – 4.4.0.1145.137
	linux-image-virtual – 4.4.0.193.199
14.04 trusty	linux-image-4.4.0-1081-aws – 4.4.0-1081.85
	linux-image-4.4.0-193-generic – 4.4.0-193.224~14.04.1
	linux-image-4.4.0-193-generic-lpae – 4.4.0-193.224~14.04.1
	linux-image-4.4.0-193-lowlatency – 4.4.0-193.224~14.04.1
	linux-image-aws – 4.4.0.1081.78
	linux-image-generic-lpae-lts-xenial – 4.4.0.193.169
	linux-image-generic-lts-xenial – 4.4.0.193.169
	linux-image-lowlatency-lts-xenial – 4.4.0.193.169
	linux-image-virtual-lts-xenial – 4.4.0.193.169

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›