Canonical releases today a new major Linux kernel security update for all supported Ubuntu releases to fix various vulnerabilities discovered by security researchers lately.
Available now for the Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr) operating system series, the new Linux kernel security patches address a total of eleven vulnerabilities that affect the Linux 4.15, 4.4, and 3.13 kernels of the aforementioned Ubuntu releases and their derivatives.
Among the fixes, we can notice a use-after-free vulnerability (CVE-2018-17182) discovered by Jann Horn in Linux kernel's vmacache subsystem, which could allow a local attacker crash the system, as well as a stack-based buffer overflow (CVE-2018-14633) in the iSCSI target implementation, which lets a remote attacker crash the system.
The security patch also addresses a bug (CVE-2018-15594) in Linux kernel's paravirtualization implementation that may reduce the effectiveness of Spectre v2 mitigations for paravirtual guests, as well as the spectre_v2_select_mitigation vulnerability (CVE-2018-15572) that could allow attackers to expose sensitive information.
Other fixes include a vulnerability (CVE-2018-10853) in Linux kernel's KVM implementation that lets unprivileged users in a guest VM to escalate their privileges within the guest, as well as a memory leak (CVE-2018-6554) and a use-after-free vulnerability (CVE-2018-6555) in Linux kernel's IRDA subsystem.
Specific only to Ubuntu 16.04 LTS (Xenial Xerus) systems, the security patch fixes a NULL pointer dereference (CVE-2017-18216) in Linux kernel's OCFS2 file system implementation, a race condition (CVE-2018-10902) in the raw MIDI driver, and a vulnerability (CVE-2018-16276) in the YUREX USB device driver.
Specific only to Ubuntu 1404 LTS (Trusty Tahr) systems, the security patch fixes an integer overflow vulnerability (CVE-2018-14634) discovered in the Linux kernel when loading an executable to run, which could allow a local attacker to gain administrative privileges.
All users are urged to update their system immediately
Canonical urges all Ubuntu users to update their installations immediately to the new kernel versions, which are linux-image 4.15.0-36.39 for Ubuntu 18.04 LTS, linux-image 4.4.0-137.163 for Ubuntu 16.04 LTS, linux-image 3.13.0-160.210 for Ubuntu 14.04 LTS, linux-image 4.15.0-36.39~16.04.1 for Ubuntu 16.04.5 HWE, and linux-image 4.4.0-137.163~14.04.1 for Ubuntu 14.04.5 HWE.
Ubuntu 12.04 ESM users should also update their system to the linux-image 3.13.0-160.210~precise1 HWE kernel from Ubuntu 14.04 LTS. Updated Linux kernels are also available for Raspberry Pi 2, AWS systems, GCP systems, cloud environments, Snapdragon processors, and OEM processors on Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Please update your installations as soon as possible!