Language Selection

English French German Italian Portuguese Spanish

New Linux Kernel Vulnerability Patched in All Supported Ubuntu Systems, Update Now

Filed under
Linux
News
Security
Ubuntu

Discovered by William Liu and Jamie Hill-Daniel, the new security flaw (CVE-2022-0185) is an integer underflow vulnerability found in Linux kernel’s file system context functionality, which could allow an attacker to crash the system or run programs as an administrator.

The security vulnerability affects all supported Ubuntu releases, including Ubuntu 21.10 (Impish Indri) systems running Linux kernel 5.13, Ubuntu 21.04 (Hirsute Hippo) systems running Linux kernel 5.11, as well as Ubuntu 20.04 LTS (Focal Fossa) and Ubuntu 18.04 LTS (Bionic Beaver) systems running Linux kernel 5.4 LTS.

Read more

'Now' would be the right time to patch Ubuntu...

  • 'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug

    The CVE-2022-0185 vulnerability in Ubuntu is severe enough that Red Hat is also advising immediate patching.

    The flaw allows a process inside a Linux user namespace to escape, which means it potentially affects any machine running containers.

    If you're not running any containers, you can just disable the user-namespace functionality – both companies' vulnerability descriptions describe how to do that on their respective distros. It affects RHEL (and derivatives) as well as Ubuntu 20.04, 21.04 and 21.10 – and presumably other distros, too.

    So it's possibly a good thing that "Hirsute Hippo", as Ubuntu 21.04 is nicknamed, just went end of life today (20 January 2022). If you have any 21.04 machines, it's time to upgrade them now. That means 21.10 "Impish Indri" for the moment, until the next LTS release appears in April.

Ubuntu patch with extra fear-mongering

  • Nasty Linux kernel bug found and fixed | ZDNet

    In this one, there's a heap overflow bug in the legacy_parse_param in the Linux kernel's fs/fs_context.c program. This parameter is used in Linux filesystems during superblock creation for mount and superblock reconfiguration for a remount. The superblock records all of a filesystem's characteristics such as file size, block size, empty and filled storage blocks. So, yeah, it's important.

    The legacy_parse_param() "PAGE_SIZE - 2 - size" calculation was mistakenly made an unsigned type. This means a large value of "size" results in a high positive value instead of a negative value as expected. Whoops.

    This, in turn, meant you copy data beyond the memory slab allocated for it. And, as all programmers know, writing beyond the memory your program is supposed to have access to is a terrible thing.

  • Ubuntu has a pretty serious security flaw, so patch now | TechRadar

    Cybersecurity researchers have discovered a major flaw in one of Linux’s most popular distros - Ubuntu, and are urging all users to patch immediately.

    As reported on Ubuntu’s website, two researchers - William Luil and Jamila Hill-Daniel - discovered a vulnerability that allows malicious actors to crash the system, or run software in administrator mode.

    The vulnerability, tracked as CVE-2022-0185, allegedly affects all of the Ubuntu releases that are still being supported. That includes Ubuntu 21.10 Impish Indri with Linux kernel 5.13, Ubuntu 21.04 Hirsute Hippo with Linux kernel 5.11, Ubuntu 20.04 LTS Focal Fossa, and Ubuntu 18.04 LTS Bionic Beaver, both with Linux kernel 5.4 LTS.

Red Hat, Ubuntu issue warnings over Linux kernel vulnerability

  • Red Hat, Ubuntu issue warnings over Linux kernel vulnerability

    Red Hat and Ubuntu have issued warnings about a serious vulnerability in their Linux distributions.

    It’s described as a heap-based buffer overflow flaw (CVE 2022-0185). According to Ubuntu, the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

    As The Register notes, the discovery also comes as Ubuntu 21.04 reached end of life, so rather than apply Ubutu’s mitigation to servers running this version, Linux admins should upgrade them to version 21.10, and apply a patch to it.

Looking At The New "Critical" Security Firmware Update

  • Looking At The New "Critical" Security Firmware Update Hitting Systems - Delivers New Intel Microcode - Phoronix

    Earlier this week the Linux Vendor Firmware Service began surging with activity following many new system firmware files being uploaded for what appears to be a "high severity upcoming security issue" but currently undisclosed. That issue hasn't been made public yet, but after poking around it is updating the Intel CPU microcode.

    After that earlier article, Red Hat's Richard Hughes who is the lead LVFS/fwupd lead developer commented that they shipped more than 156,000 firmware updates to end-users in a single day. The day after they were still at around twice their usual volume. For hardware with LVFS support for firmware updates, it's been a busy week but that only covers a small portion of the hardware out there.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

  • How to Connect Wi-Fi using Nmcli in Linux

    Why use the Network-command-line Manager’s interface? Sometimes Ubuntu Network Manager behaves strangely, and you may be unable to connect to any Wi-Fi Hotspot using the GUI (Graphical user interface). The Network Manager may fail to start, and even after manually restarting the service through the terminal, you may still have difficulties connecting to any Wi-Fi Hotspot, even a previously recognized and stored home network. I encountered same problem on dual boot configurations and standalone Linux installs, and it was quite inconvenient, particularly during the WFH (Work from home) phase that we’re all going through.

  • How to Add Comments to UFW Rules

    In an earlier article we discussed how to add comments to iptables rules for clarity and documentation. In our opinion it is a good practice to comment anything someone else may have to work on in the future. Using comments in scripting is a common practice for good reason. We decided to write a quick tip on how to add a comment to UFW (Uncomplicated Firewall) rules. I am not a huge fan of UFW or Firewalld. In my opinion they make managing netfilter harder, not easier. That is because I started using iptables over 20 years ago. I am very comfortable with it and tend to know the necessary syntax off the top of my head. That being said, adding a comment to UFW rules is much more intuitive than any other iptables front end.

  • How to Install Drupal 9 on Ubuntu 22.04 - LinuxTuto

    Drupal is an open-source and popular content management tool that is the foundation of many websites across the internet. It has great standard features, like easy content authoring, reliable performance, and excellent security. Flexibility and modularity are some of the core principles that set it apart from the rest. In this tutorial, we will show you how to install Drupal 9 on your Ubuntu 22.04 OS.

  • How to migrate from Blogger to WordPress

    Blogger.com, as its name suggest is a blog service. Is very popular and it’s owned by google. You may want to take full control of your blog by setting up a WordPress on your server. But you still need your content: in this entry I’ll show you how to migrate from blogger to wordpress. I’m assuming you already have a brand new WordPress installation. If not, here on unixcop.com we have several articles about wordpress.

  • How to install Inkscape 1.2 on a Chromebook

    Today we are looking at how to install Inkscape 1.2 on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • What is AWS CloudTrail and how to use it

The 10 Best Linux Apps for Musicians

If you're a musician of any kind, from beginner to professional, Linux provides an amazing assortment of free, yet powerful, platforms and applications that will boost your productivity and help you to show off your creativity. Don't let the fact that these apps are free wrongly influence your judgment. They are high-quality, professional-grade applications that rival even the most well-known, high-priced, commercial applications. These are 10 of the best Linux apps for musicians of all levels. Read more

GNOME and KDE: This Week in GNOME, Qt6 and KF6

  • #44 Five Across · This Week in GNOME

    Update on what happened across the GNOME project in the week from May 13 to May 20.

  • Okteta making a small step to Qt6 | Attracted by virtual constructs

    Old, but stable, even more in when it comes to the feature set, and still getting its polishing now and then: your simple editor for the raw data of files, named Okteta. What started in 2003 as a hex editing widget library for KDE3 (and Qt3), of course named KHexEdit (to be confused with the unrelated hex editor program that was part of KDE at that time), it turned into a first dedicated application by the title Okteta during the years 2006 to 2008 for KDE4 (and Qt4). From there on a small set of features was added once in a while, most impressively Alexander Richardson’s Structures tool in 2010,. Until then in 2013 the port to Qt5/KF5 was done (also to a good degree by Alexander). After that things had settled, the program working properly when needed, otherwise just left in the corner of the storage. Now, nearly 2 decades after the first lines were written, the next port is to be done, to Qt6 and KF6. And this time the actual port is just amazingly boring: changing a few “Qt5” to “Qt6” in the buildsystem (and later some “KF5” to “KF6” once KF6 is ready), adding Qt6::Core5Compat as helper library for 1-2 classes that had not yet been substituted, adding a “const” to the argument of an overridden virtual method, adapting some “QStringList” forward declarations… and done.

The 5 best Application Launchers for Ubuntu

Every operating system comes with an application launcher where you have to mouse over the entire menu to launch an application. But, unlike other operating systems, Linux allows us to install other launchers as an alternative. In this post, We came up with the five best application launchers for Ubuntu and their installation process. Ubuntu has a default application launcher, i.e., GNOME Shell application overview. If you are a beginner or a tech professional, browsing the entire menu to launch an application is quite bothersome. Linux community offers a wide variety of application launchers. From a rich UX-based to a bare minimum, Linux has everything to offer. These application launchers offer many themes and come with a lot of customization. Choosing the right application launcher as per your need might be difficult. That’s why we came up with the five best application launchers. Here are the top 5 application launchers for your Ubuntu. Read more