Canonical recently published a major Linux kernel security update for the Ubuntu 18.04 LTS (Bionic Beaver) operating system series. The update addresses eleven security flaws which were discovered by independent security researchers.
In other words, the 4.15.0-44.47 kernel contains 11 security fixes as well as other minor improvements.
A Major Linux kernel Security Update for the Ubuntu 18.04 LTS Available
The flaws also affect all the kernel’s derivatives such as Kubuntu, Xubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Budge, Ubuntu Kylin, and Ubuntu Studio. Seven of the fixes concern Linux kernel’s ext4 filesystem implementation; they were discovered by security researcher Wen Xu:
CVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879, CVE-2018-10880, CVE-2018-10882, CVE-2018-10883
These flaws range from user-after-free and buffer overflow issues, to out-of-bounds writes. The vulnerabilities could also lead to arbitrary code execution or could even crash the system in denial-of-service attacks by exploiting a specially crafted ext4 image. That image could be mounted on a vulnerable system, researchers said.
CVE-2018-10876 and CVE-2018-10879, for example, couple enable an attacker to use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code, as written in the official security advisory.
Two other flaws, CVE-2018-16882 and CVE-2018-19407, affect the Kernel-based Virtual Machine implementation (KVM). The flaws, which could allow a local attacker in a guest VM to gain admin rights in the host machine or even crash the system, were discovered by researchers Cfir Cohen and Wei Wui.
CVE-2018-17972 and CVE-2018-18281, which were reported by Google Project Zero’s researcher Jann horn, should also be mentioned. The flaws resided in Linux kernel’s procfs file system implementation and mremap() system call. If exploited, they could allow a local attacker to expose sensitive information or execute arbitrary code.
Ubuntu 18.04 LTS (Bionic Beaver) users are urged to update immediately to the linux-image 4.15.0-44.47 kernel. Note that the update is available for for generic, lpae, lowlatency 64-bit and 32-bit installations, and Snapdragon processors.
Users need to run the sudo apt update && sudo apt full-upgrade to update, and then reboot their systems. Detailed instructions are available at Ubuntu’s Wiki page.