14 DAY TRIAL // Canonical released a new kernel live patch for the Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 14.04 LTS (Trusty Tahr) operating system series to address a total of nine security vulnerabilities discovered recently by various security researchers.
According to the security advisory, the new kernel live patch addresses a race condition (CVE-2017-0861) found in Linux kernel's ALSA PCM subsystem and a use-after-free vulnerability (CVE-2017-15129) discovered in the network namespaces implementation, both of which could allow a local attacker to crash the system or execute arbitrary code.
Additionally, the new kernel live patch fixes a race condition (CVE-2018-5344) discovered in Linux kernel's loop block device, which could allow a local attacker to either crash the system by causing a denial of service or possibly execute arbitrary code, and a null pointer dereference (CVE-2018-5333) in the RDS (Reliable Datagram Sockets) protocol implementation that lets local attackers to crash the vulnerable system.
Users are urged to update their systems immediately
The kernel live patch update also addresses issues found in Linux kerne's Berkeley Packet Filter (BPF) implementation (CVE-2017-16995), the netfilter component (CVE-2017-17448), the netfilter passive OS fingerprinting (xt_osf) module (CVE-2017-17450), the Broadcom UniMAC MDIO bus controller driver (CVE-2018-8043), and the Linux ptrace code (CVE-2018-1000199).
"The Linux ptrace code virtualizes access to the debug registers, and the virtualization code has incorrect error handling. This means that if you write an illegal value to, say, DR0, the internal state of the kernel's breakpoint tracking can become corrupt despite the fact that the ptrace() call will return -EINVAL," said Canonical's Benjamin Romer in the security advisory.
All these flaws could let local attackers to either crash the system or execute arbitrary code, bypass intended access restrictions to the connection tracking helpers list, as well as to inappropriately modify the system-wide operating system fingerprint list. Canonical urges all Ubuntu 16.04 LTS and Ubuntu 14.04 LTS users using the Canonical Livepatch to update their system immediately. A restart is not required when updating the kernel live patch.