[LSN-0056-1] Linux kernel vulnerability

benjamin.romer at canonical.com benjamin.romer at canonical.com
Fri Sep 20 14:35:43 UTC 2019 

==========================================================================
Kernel Live Patch Security Notice 0056-1
September 20, 2019

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.15.0       | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Peter Pi discovered a buffer overflow in the virtio network backend
(vhost_net) implementation in the Linux kernel. An attacker in a guest may
be able to use this to cause a denial of service (host OS crash) or
possibly execute arbitrary code in the host OS. (CVE-2019-14835)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-148.174            | 56.1     | lowlatency, generic      |
| 4.4.0-150.176            | 56.1     | generic, lowlatency      |
| 4.4.0-151.178            | 56.1     | lowlatency, generic      |
| 4.4.0-154.181            | 56.1     | lowlatency, generic      |
| 4.4.0-157.185            | 56.1     | lowlatency, generic      |
| 4.4.0-159.187            | 56.1     | lowlatency, generic      |
| 4.4.0-161.189            | 56.1     | lowlatency, generic      |
| 4.15.0-50.54             | 56.1     | generic, lowlatency      |
| 4.15.0-50.54~16.04.1     | 56.1     | generic, lowlatency      |
| 4.15.0-51.55             | 56.1     | generic, lowlatency      |
| 4.15.0-51.55~16.04.1     | 56.1     | generic, lowlatency      |
| 4.15.0-52.56             | 56.1     | lowlatency, generic      |
| 4.15.0-52.56~16.04.1     | 56.1     | generic, lowlatency      |
| 4.15.0-54.58             | 56.1     | generic, lowlatency      |
| 4.15.0-54.58~16.04.1     | 56.1     | generic, lowlatency      |
| 4.15.0-55.60             | 56.1     | generic, lowlatency      |
| 4.15.0-58.64             | 56.1     | generic, lowlatency      |
| 4.15.0-58.64~16.04.1     | 56.1     | lowlatency, generic      |
| 4.15.0-60.67             | 56.1     | lowlatency, generic      |
| 4.15.0-60.67~16.04.1     | 56.1     | generic, lowlatency      |
| 4.15.0-62.69             | 56.1     | generic, lowlatency      |
| 4.15.0-62.69~16.04.1     | 56.1     | lowlatency, generic      |

Support Information:

Kernels older than the levels listed below do not receive livepatch
updates. Please upgrade your kernel as soon as possible.

| Series           | Version          | Flavors                  |
|------------------+------------------+--------------------------|
| Ubuntu 18.04 LTS | 4.15.0-50        | generic lowlatency       |
| Ubuntu 16.04 LTS | 4.15.0-50        | generic lowlatency       |
| Ubuntu 14.04 LTS | 4.4.0-148        | generic lowlatency       |
| Ubuntu 16.04 LTS | 4.4.0-148        | generic lowlatency       |

References:
  CVE-2019-14835

More information about the ubuntu-security-announce mailing list