The Linux kernel is developed by Linux Torvalds, but then takes care of keeping it part of their team. That is not the case in distributions like Ubuntu, since it is Canonical who is in charge of maintaining the core of your operating system, releasing security and maintenance updates from time to time, the last time on the 17th of this month. They did it again a few hours ago, launching new kernel versions for the last two versions of Ubuntu.
Probably, if it were not a high priority vulnerability I would not have written this article reporting the failure. But the bug that the report collects USN-4313-1, only one, yes it is labeled this way, so I have finally decided to share it with all of you. Vulnerability is the CVE-2020-8835 and, initially, it affects Ubuntu 19.10 Eoan Ermine and Ubuntu 18.04 LTS Bionic Beaver. We remember here that Ubuntu 19.04 Disco Dingo no longer enjoys support.
Updated kernel to fix bug in Eoan Ermine and Bionic Beaver
The name or description of the vulnerability mentions "eBPF Incorrect Entry Validation [ZDI-CAN-10780]", and in the details explains that:
Manfred Paul found that the bpf checker in the Linux kernel did not calculate log limits for certain operations correctly. Un local attacker could use this to expose sensitive information (kernel memory) or obtain administrative privileges.
The severity assigned depends on both the ease of exploiting the bug and the damage it can cause. The good news is that in order to exploit the vulnerability, you need physical access to the computer, which in other words also means that nobody can do anything remotely. In addition and as usual, Canonical has published the information after publishing the new packages that are already waiting for us as an update. For the changes to take effect and we are fully protected, it will be necessary to restart the computer.