Last Tuesday, Canonical He launched new kernel versions for Ubuntu 19.04 and Ubuntu 18.04. Although part of what was released for Bionic Beaver was also ported to Xenial Xerus, the version of Ubuntu released in April 2016 had not received a specific version, until today: the company that runs Mark Shuttleworth has also released a kernel update for Ubuntu 16.04 to correct a total of six errors, one of them from 2018 and none too serious.
Unlike the versions released on the 23rd, what was released yesterday is only available for Ubuntu 16.04 users, more specifically those who are still using the Linux 4.4 kernel. Users who have upgraded to a later version of Ubuntu or its kernel are not affected. Here's what the new version has fixed.
What the kernel fixes linux-image 4.4.0-157.185
- CVE-2018-20836: A race condition was found to exist in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A local attacker could use this to cause denial of service (crash) or execute arbitrary code. Priority: low.
- CVE-2019-10142: Integer overflow discovered in Freescale hypervisor manager (PowerPC) in the Linux kernel. A local attacker with write access to / dev / fsl-hv could use this to cause a denial of service (crash) or possibly execute arbitrary code. Priority: very low, negligible.
- CVE-2019-11833: It was discovered that the implementation of the ext4 filesystem in the Linux kernel did not correctly zero memory in some situations. A local attacker you could use this to expose sensitive information (kernel memory). Medium priority.
- CVE-2019-11884: It was discovered that the implementation of the Bluetooth HIDP (Human Interface Device Protocol) protocol in the Linux kernel did not correctly check for lines where NULL ended in certain situations. A local attacker could use this to expose sensitive information (kernel memory). Medium priority.
- CVE-2019-9503: Hugues Anguelkov discovered that the Broadcom Wifi driver in kernel did not correctly prevent remote firmware events from being processed for USB WiFi devices. A physically close attacker could use this to eSend firmware events to the device. Medium priority.
- CVE-2019-2054: The Linux kernel on ARM processors was found to allow a trace process to modify a syscall after a seccomp decision has been made on that syscall. A local attacker could use this to bypass seccomp restrictions.
The new kernel version for Xenial Xerus is linux-image 4.4.0-157.185. As always, Canonical encourages all Ubuntu 16.04.x users with Linux 4.4 to update as soon as possible.