Ubuntu Security Notices
USN-5384-1

USN-5384-1: Linux kernel vulnerabilities

Publication date

20 April 2022

Overview

Several security issues were fixed in the Linux kernel.

Releases

20.04 LTS 18.04 LTS

Packages

linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems
linux-azure - Linux kernel for Microsoft Azure Cloud systems
linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems
linux-azure-fde - Linux kernel for Microsoft Azure cloud systems
linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems
linux-gke - Linux kernel for Google Container Engine (GKE) systems
linux-gke-5.4 - Linux kernel for Google Container Engine (GKE) systems
linux-gkeop - Linux kernel for Google Container Engine (GKE) systems
linux-gkeop-5.4 - Linux kernel for Google Container Engine (GKE) systems
linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
linux-ibm - Linux kernel for IBM cloud systems
linux-ibm-5.4 - Linux kernel for IBM cloud systems
linux-kvm - Linux kernel for cloud environments
linux-oracle - Linux kernel for Oracle Cloud systems
linux-oracle-5.4 - Linux kernel for Oracle Cloud systems
linux-raspi - Linux kernel for Raspberry Pi systems
linux-raspi-5.4 - Linux kernel for Raspberry Pi systems

Details

It was discovered that the UDF file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious UDF image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-0617)

Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)

It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release	Package Version
20.04 focal	linux-image-5.4.0-1062-kvm – 5.4.0-1062.65
	linux-image-5.4.0-109-generic-lpae – 5.4.0-109.123
	linux-image-gkeop – 5.4.0.1039.42
	linux-image-virtual – 5.4.0.109.113
	linux-image-generic – 5.4.0.109.113
	linux-image-oem – 5.4.0.109.113
	linux-image-5.4.0-1059-raspi – 5.4.0-1059.67
	linux-image-oem-osp1 – 5.4.0.109.113
	linux-image-5.4.0-1068-gke – 5.4.0-1068.71
	linux-image-ibm-lts-20.04 – 5.4.0.1020.20
	linux-image-azure-lts-20.04 – 5.4.0.1077.75
	linux-image-gkeop-5.4 – 5.4.0.1039.42
	linux-image-azure-fde – 5.4.0.1076.79+cvm1.21
	linux-image-5.4.0-1077-azure – 5.4.0-1077.80
	linux-image-gke – 5.4.0.1068.78
	linux-image-ibm – 5.4.0.1020.20
	linux-image-5.4.0-1076-azure-fde – 5.4.0-1076.79+cvm1.1
	linux-image-aws-lts-20.04 – 5.4.0.1072.74
	linux-image-5.4.0-1070-oracle – 5.4.0-1070.76
	linux-image-5.4.0-1020-ibm – 5.4.0-1020.22
	linux-image-raspi2 – 5.4.0.1059.93
	linux-image-5.4.0-109-lowlatency – 5.4.0-109.123
	linux-image-gcp-lts-20.04 – 5.4.0.1072.80
	linux-image-5.4.0-1072-gcp – 5.4.0-1072.77
	linux-image-5.4.0-1039-gkeop – 5.4.0-1039.40
	linux-image-5.4.0-109-generic – 5.4.0-109.123
	linux-image-raspi – 5.4.0.1059.93
	linux-image-gke-5.4 – 5.4.0.1068.78
	linux-image-kvm – 5.4.0.1062.61
	linux-image-oracle-lts-20.04 – 5.4.0.1070.70
	linux-image-generic-lpae – 5.4.0.109.113
	linux-image-5.4.0-1072-aws – 5.4.0-1072.77
	linux-image-lowlatency – 5.4.0.109.113
18.04 bionic	linux-image-5.4.0-109-generic-lpae – 5.4.0-109.123~18.04.1
	linux-image-generic-hwe-18.04 – 5.4.0.109.123~18.04.94
	linux-image-snapdragon-hwe-18.04 – 5.4.0.109.123~18.04.94
	linux-image-oem – 5.4.0.109.123~18.04.94
	linux-image-aws – 5.4.0.1072.54
	linux-image-5.4.0-109-generic – 5.4.0-109.123~18.04.1
	linux-image-raspi-hwe-18.04 – 5.4.0.1059.60
	linux-image-5.4.0-1072-gcp – 5.4.0-1072.77~18.04.1
	linux-image-5.4.0-1059-raspi – 5.4.0-1059.66~18.04.1
	linux-image-5.4.0-1072-aws – 5.4.0-1072.77~18.04.1
	linux-image-generic-lpae-hwe-18.04 – 5.4.0.109.123~18.04.94
	linux-image-5.4.0-1068-gke – 5.4.0-1068.71~18.04.1
	linux-image-gkeop-5.4 – 5.4.0.1039.40~18.04.39
	linux-image-azure – 5.4.0.1077.56
	linux-image-5.4.0-1020-ibm – 5.4.0-1020.22~18.04.1
	linux-image-5.4.0-1077-azure – 5.4.0-1077.80~18.04.1
	linux-image-5.4.0-1039-gkeop – 5.4.0-1039.40~18.04.1
	linux-image-ibm – 5.4.0.1020.37
	linux-image-virtual-hwe-18.04 – 5.4.0.109.123~18.04.94
	linux-image-5.4.0-1070-oracle – 5.4.0-1070.76~18.04.1
	linux-image-5.4.0-109-lowlatency – 5.4.0-109.123~18.04.1
	linux-image-gcp – 5.4.0.1072.56
	linux-image-oem-osp1 – 5.4.0.109.123~18.04.94
	linux-image-oracle – 5.4.0.1070.76~18.04.49
	linux-image-lowlatency-hwe-18.04 – 5.4.0.109.123~18.04.94
	linux-image-gke-5.4 – 5.4.0.1068.71~18.04.32

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›