As I always say, Canonical is a company that fixes the security flaws of the operating system that it develops very early, so there is no need to sound the alarms. Yes we would turn on all the alarms if a high number of failures were necessarily synonymous with danger, and that is what has happened: the company that runs Mark Shuttleworth has corrected so many CVE crashes in Ubuntu kernel that it will cost me to count them (so as not to put them in duplicate).
Perhaps it is best to count them by versions: the report USN-4118-1 tells us about a total of 61 vulnerabilities of linux aws on Ubuntu 18.04 and Ubuntu 16.04; The report USN-4117-1 It also tells us about 9 vulnerabilities of linux aws, but in this case Ubuntu 19.04; The report USN-4116-1 tells us about 6 vulnerabilities of linux, linux-aws, linux-kvm, linux-raspi2 y linux-snapdragon on Ubuntu 16.04; The report USN-4115-1 deals with 28 vulnerabilities of linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle y inux-raspi2 on Ubuntu 18.04 and Ubuntu 16.04; and the USN-4114-1 informs us of 5 vulnerabilities of linux, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2 y linux-snapdragon on Ubuntu 19.04 and Ubuntu 18.04. Total, 109 bugs fixed.
No kernel failure is serious
Taking into account that, if we count the possible duplicates separately because they are different versions of Ubuntu, we are talking about no less than 109 bugs, we cannot include all of them in a post like this. We can mention that the vast majority of them can be used to block the system or cause denial of service (DoS), as long as you have physical access to the equipment. But it is also true that there are some failures that could cause problems being physically close, that is, in the same WiFi network. A few, such as CVE-2019-10638 and CVE-2019-10639 from report USN-4118-1, also they could cause us problems remotely, such as following certain versions of the kernel in the case of the first or helping to exploit another vulnerability in the case of the second.
Of the 109 errors that have been corrected, the vast majority are of medium or low urgency, with many of low urgency and some "negligible". There is no serious or very serious faultBut considering how many bugs they've fixed, it's best to open the software center and apply updates as soon as possible. Once updated and for the patches to take effect, you must restart your computer.
I have a doubt, perhaps it is because of my short experience with GNU / Linux, but there it goes: were these vulnerabilities only present in the Ubuntu kernel? What is the difference between this and the generic kernel?
Thanks for the clarification, very kind. All the best!
Thank you very much too. Very enlightening answer for those of us who are not so fluent on the subject.
Hi I use linux, since 8.04. Currently, I stay on KDE, kubuntu. And use all flavors. I never regret it. I congratulate this page, and those who maintain the Linux System. Hug. Hugo..