Ubuntu Security Notices
USN-5319-1

USN-5319-1: Linux kernel vulnerabilities

Publication date

9 March 2022

Overview

Several security issues were fixed in the Linux kernel.

Releases

18.04 LTS 16.04 LTS 14.04 LTS

Packages

linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems
linux-azure - Linux kernel for Microsoft Azure Cloud systems
linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems
linux-dell300x - Linux kernel for Dell 300x platforms
linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems
linux-hwe - Linux hardware enablement (HWE) kernel
linux-kvm - Linux kernel for cloud environments
linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty
linux-oracle - Linux kernel for Oracle Cloud systems
linux-raspi2 - Linux kernel for Raspberry Pi systems
linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors

Details

Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
Giuffrida discovered that hardware mitigations added by Intel to their
processors to address Spectre-BTI were insufficient. A local attacker could
potentially use this to expose sensitive information.

Update instructions

IMPORTANT: As part of this update, unprivileged eBPF is being disabled by default, as it is the primary known means of exploiting the Branch History Injection issues described above. It should be noted that other mechanisms for exploiting the underlying issues may be discovered. Also, this may cause issues for applications that rely on the unprivileged eBPF functionality. Please see the knowledge base article at https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI for more details. After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release	Package Version
18.04 bionic	linux-image-4.15.0-1133-azure – 4.15.0-1133.146
	linux-image-4.15.0-1122-snapdragon – 4.15.0-1122.131
	linux-image-virtual – 4.15.0.171.160
	linux-image-4.15.0-1037-dell300x – 4.15.0-1037.42
	linux-image-azure-lts-18.04 – 4.15.0.1133.106
	linux-image-4.15.0-171-generic-lpae – 4.15.0-171.180
	linux-image-oracle-lts-18.04 – 4.15.0.1089.99
	linux-image-4.15.0-1089-oracle – 4.15.0-1089.98
	linux-image-4.15.0-171-generic – 4.15.0-171.180
	linux-image-4.15.0-171-lowlatency – 4.15.0-171.180
	linux-image-4.15.0-1109-kvm – 4.15.0-1109.112
	linux-image-snapdragon – 4.15.0.1122.125
	linux-image-dell300x – 4.15.0.1037.39
	linux-image-raspi2 – 4.15.0.1105.103
	linux-image-4.15.0-1105-raspi2 – 4.15.0-1105.112
	linux-image-4.15.0-1118-gcp – 4.15.0-1118.132
	linux-image-4.15.0-1123-aws – 4.15.0-1123.132
	linux-image-gcp-lts-18.04 – 4.15.0.1118.137
	linux-image-aws-lts-18.04 – 4.15.0.1123.126
	linux-image-generic – 4.15.0.171.160
	linux-image-kvm – 4.15.0.1109.105
	linux-image-generic-lpae – 4.15.0.171.160
	linux-image-lowlatency – 4.15.0.171.160
16.04 xenial	linux-image-4.15.0-1133-azure – 4.15.0-1133.146~16.04.1
	linux-image-virtual – 4.4.0.221.228
	linux-image-aws – 4.4.0.1137.142
	linux-image-generic – 4.4.0.221.228
	linux-image-oem – 4.15.0.171.163
	linux-image-lowlatency-hwe-16.04 – 4.15.0.171.163
	linux-image-4.15.0-171-generic – 4.15.0-171.180~16.04.1
	linux-image-4.15.0-1123-aws-hwe – 4.15.0-1123.132~16.04.1
	linux-image-4.4.0-1102-kvm – 4.4.0-1102.111
	linux-image-aws-hwe – 4.15.0.1123.113
	linux-image-4.4.0-1137-aws – 4.4.0-1137.151
	linux-image-azure – 4.15.0.1133.124
	linux-image-4.15.0-171-lowlatency – 4.15.0-171.180~16.04.1
	linux-image-4.4.0-221-lowlatency – 4.4.0-221.254
	linux-image-gke – 4.15.0.1118.119
	linux-image-4.4.0-221-generic – 4.4.0-221.254
	linux-image-gcp – 4.15.0.1118.119
	linux-image-generic-hwe-16.04 – 4.15.0.171.163
	linux-image-4.15.0-1089-oracle – 4.15.0-1089.98~16.04.1
	linux-image-4.15.0-1118-gcp – 4.15.0-1118.132~16.04.1
	linux-image-oracle – 4.15.0.1089.77
	linux-image-virtual-hwe-16.04 – 4.15.0.171.163
	linux-image-kvm – 4.4.0.1102.100
	linux-image-lowlatency – 4.4.0.221.228
14.04 trusty	linux-image-generic-lts-xenial – 4.4.0.221.192
	linux-image-azure – 4.15.0.1133.106
	linux-image-4.4.0-1101-aws – 4.4.0-1101.106
	linux-image-4.15.0-1133-azure – 4.15.0-1133.146~14.04.1
	linux-image-4.4.0-221-lowlatency – 4.4.0-221.254~14.04.1
	linux-image-lowlatency-lts-xenial – 4.4.0.221.192
	linux-image-aws – 4.4.0.1101.99
	linux-image-4.4.0-221-generic – 4.4.0-221.254~14.04.1
	linux-image-virtual-lts-xenial – 4.4.0.221.192

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

USN-5319-1: Linux kernel vulnerabilities

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices