{"id":22104,"date":"2022-03-24T19:30:02","date_gmt":"2022-03-24T15:30:02","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/166444\/LSN-0085-1.txt"},"modified":"2022-03-28T09:41:48","modified_gmt":"2022-03-28T05:11:48","slug":"kernel-live-patch-security-notice-lsn-0085-1","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/kernel-live-patch-security-notice-lsn-0085-1\/","title":{"rendered":"Kernel Live Patch Security Notice LSN-0085-1"},"content":{"rendered":"

Linux kernel vulnerabilities<\/p>\n

A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n

– Ubuntu 20.04 LTS
\n– Ubuntu 18.04 LTS
\n– Ubuntu 16.04 ESM
\n– Ubuntu 14.04 ESM<\/p>\n

Summary<\/p>\n

Several security issues were fixed in the kernel.<\/p>\n

Software Description<\/p>\n

– linux – Linux kernel
\n– linux-aws – Linux kernel for Amazon Web Services (AWS) systems
\n– linux-azure – Linux kernel for Microsoft Azure Cloud systems
\n– linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems
\n– linux-gke – Linux kernel for Google Container Engine (GKE) systems
\n– linux-gkeop – Linux kernel for Google Container Engine (GKE) systems
\n– linux-ibm – Linux kernel for IBM cloud systems
\n– linux-oem – Linux kernel for OEM systems<\/p>\n

Details<\/p>\n

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in
\nthe Linux kernel did not properly restrict access to the cgroups v1
\nrelease_agent feature. A local attacker could use this to gain
\nadministrative privileges. (CVE-2022-0492)<\/p>\n

Nick Gregory discovered that the Linux kernel incorrectly handled
\nnetwork offload functionality. A local attacker could use this to cause
\na denial of service or possibly execute arbitrary code. (CVE-2022-25636)<\/p>\n

Update instructions<\/p>\n

The problem can be corrected by updating your kernel livepatch to the
\nfollowing versions:<\/p>\n

Ubuntu 20.04 LTS
\naws – 85.1
\nazure – 85.1
\ngcp – 85.1
\ngeneric – 85.1
\ngke – 85.1
\ngkeop – 85.1
\nibm – 85.1
\nlowlatency – 85.1<\/p>\n

Ubuntu 18.04 LTS
\naws – 85.1
\nazure – 85.1
\ngeneric – 85.1
\ngeneric – 85.2
\ngke – 85.1
\ngkeop – 85.1
\nibm – 85.1
\nlowlatency – 85.1
\nlowlatency – 85.2
\noem – 85.1<\/p>\n

Ubuntu 16.04 ESM
\naws – 85.1
\nazure – 85.1
\ngeneric – 85.1
\nlowlatency – 85.1<\/p>\n

Ubuntu 14.04 ESM
\ngeneric – 85.1
\nlowlatency – 85.1<\/p>\n

Support Information<\/p>\n

Kernels older than the levels listed below do not receive livepatch
\nupdates. If you are running a kernel version earlier than the one listed
\nbelow, please upgrade your kernel as soon as possible.<\/p>\n

Ubuntu 20.04 LTS
\nlinux-aws – 5.4.0-1009
\nlinux-azure – 5.4.0-1010
\nlinux-gcp – 5.4.0-1009
\nlinux-gke – 5.4.0-1033
\nlinux-gkeop – 5.4.0-1009
\nlinux-ibm – 5.4.0-1009
\nlinux-oem – 5.4.0-26
\nlinux – 5.4.0-26<\/p>\n

Ubuntu 18.04 LTS
\nlinux-aws – 4.15.0-1054
\nlinux-azure-4.15 – 4.15.0-1115
\nlinux-azure-5.4 – 5.4.0-1069
\nlinux-gke-4.15 – 4.15.0-1076
\nlinux-gke-5.4 – 5.4.0-1009
\nlinux-gkeop-5.4 – 5.4.0-1007
\nlinux-hwe-5.4 – 5.4.0-26
\nlinux-ibm-5.4 – 5.4.0-1009
\nlinux-oem – 4.15.0-1063
\nlinux – 4.15.0-69<\/p>\n

Ubuntu 16.04 ESM
\nlinux-aws – 4.4.0-1098
\nlinux-azure – 4.15.0-1063
\nlinux-hwe – 4.15.0-69
\nlinux – 4.4.0-168<\/p>\n

Ubuntu 14.04 ESM
\nlinux-lts-xenial – 4.4.0-168<\/p>\n

References<\/p>\n

– CVE-2022-0492
\n– CVE-2022-25636<\/p>\n","protected":false},"excerpt":{"rendered":"

Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS – Ubuntu 16.04 ESM – Ubuntu 14.04 ESM Summary Several security issues were fixed in the kernel. Software Description – linux – Linux kernel – linux-aws – Linux kernel for Amazon Web Services …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-22104","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/22104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=22104"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/22104\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=22104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=22104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=22104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}