===================================================================== CERT-Renater Note d'Information No. 2021/VULN041 _____________________________________________________________________ DATE : 27/01/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Linux kernel. ===================================================================== https://ubuntu.com/security/notices/USN-5240-1 https://lists.ubuntu.com/archives/ubuntu-security-announce/2022-January/006361.html _____________________________________________________________________ USN-5240-1: Linux kernel vulnerability 19 January 2022 The system could be made to crash or run programs as an administrator. Releases o Ubuntu 21.10 o Ubuntu 21.04 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS Packages o linux - Linux kernel o linux-aws - Linux kernel for Amazon Web Services (AWS) systems o linux-aws-5.11 - Linux kernel for Amazon Web Services (AWS) systems o linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems o linux-azure - Linux kernel for Microsoft Azure Cloud systems o linux-azure-5.11 - Linux kernel for Microsoft Azure cloud systems o linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems o linux-bluefield - Linux kernel for NVIDIA BlueField platforms o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems o linux-gcp-5.11 - Linux kernel for Google Cloud Platform (GCP) systems o linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems o linux-gke - Linux kernel for Google Container Engine (GKE) systems o linux-gke-5.4 - Linux kernel for Google Container Engine (GKE) systems o linux-gkeop - Linux kernel for Google Container Engine (GKE) systems o linux-gkeop-5.4 - Linux kernel for Google Container Engine (GKE) systems o linux-hwe-5.4 - Linux hardware enablement (HWE) kernel o linux-ibm - Linux kernel for IBM cloud systems o linux-kvm - Linux kernel for cloud environments o linux-oem-5.10 - Linux kernel for OEM systems o linux-oem-5.13 - Linux kernel for OEM systems o linux-oem-5.14 - Linux kernel for OEM systems o linux-oracle - Linux kernel for Oracle Cloud systems o linux-oracle-5.11 - Linux kernel for Oracle Cloud systems o linux-oracle-5.4 - Linux kernel for Oracle Cloud systems o linux-raspi - Linux kernel for Raspberry Pi systems o linux-raspi-5.4 - Linux kernel for Raspberry Pi systems Details William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10 o linux-image-virtual - 5.13.0.27.37 o linux-image-5.13.0-27-generic-lpae - 5.13.0-27.29 o linux-image-5.13.0-1015-raspi-nolpae - 5.13.0-1015.17 o linux-image-generic-64k - 5.13.0.27.37 o linux-image-generic - 5.13.0.27.37 o linux-image-5.13.0-1012-azure - 5.13.0-1012.14 o linux-image-5.13.0-27-lowlatency - 5.13.0-27.29 o linux-image-aws - 5.13.0.1011.12 o linux-image-5.13.0-1012-gcp - 5.13.0-1012.15 o linux-image-azure - 5.13.0.1012.12 o linux-image-raspi-nolpae - 5.13.0.1015.20 o linux-image-oem-20.04 - 5.13.0.27.37 o linux-image-gke - 5.13.0.1012.11 o linux-image-5.13.0-27-generic - 5.13.0-27.29 o linux-image-5.13.0-1010-kvm - 5.13.0-1010.11 o linux-image-gcp - 5.13.0.1012.11 o linux-image-5.13.0-1015-raspi - 5.13.0-1015.17 o linux-image-oracle - 5.13.0.1015.15 o linux-image-5.13.0-1015-oracle - 5.13.0-1015.19 o linux-image-raspi - 5.13.0.1015.20 o linux-image-kvm - 5.13.0.1010.10 o linux-image-5.13.0-1011-aws - 5.13.0-1011.12 o linux-image-generic-lpae - 5.13.0.27.37 o linux-image-5.13.0-27-generic-64k - 5.13.0-27.29 o linux-image-lowlatency - 5.13.0.27.37 Ubuntu 21.04 o linux-image-5.11.0-1027-azure - 5.11.0-1027.30 o linux-image-generic-64k - 5.11.0.49.48 o linux-image-generic - 5.11.0.49.48 o linux-image-5.11.0-1027-oracle - 5.11.0-1027.30 o linux-image-aws - 5.11.0.1027.26 o linux-image-5.11.0-49-generic-64k - 5.11.0-49.55 o linux-image-raspi - 5.11.0.1027.24 o linux-image-gke - 5.11.0.1028.26 o linux-image-5.11.0-49-lowlatency - 5.11.0-49.55 o linux-image-5.11.0-1024-kvm - 5.11.0-1024.27 o linux-image-5.11.0-1027-raspi - 5.11.0-1027.30 o linux-image-5.11.0-49-generic-lpae - 5.11.0-49.55 o linux-image-azure - 5.11.0.1027.26 o linux-image-raspi-nolpae - 5.11.0.1027.24 o linux-image-oem-20.04 - 5.11.0.49.48 o linux-image-virtual - 5.11.0.49.48 o linux-image-5.11.0-1027-raspi-nolpae - 5.11.0-1027.30 o linux-image-gcp - 5.11.0.1028.26 o linux-image-5.11.0-1027-aws - 5.11.0-1027.30 o linux-image-oracle - 5.11.0.1027.26 o linux-image-5.11.0-49-generic - 5.11.0-49.55 o linux-image-kvm - 5.11.0.1024.24 o linux-image-generic-lpae - 5.11.0.49.48 o linux-image-5.11.0-1028-gcp - 5.11.0-1028.32 o linux-image-lowlatency - 5.11.0.49.48 Ubuntu 20.04 o linux-image-gkeop - 5.4.0.1031.34 o linux-image-virtual - 5.4.0.96.100 o linux-image-5.4.0-1053-kvm - 5.4.0-1053.55 o linux-image-5.11.0-1027-oracle - 5.11.0-1027.30~20.04.1 o linux-image-aws - 5.11.0.1027.30~20.04.25 o linux-image-5.14.0-1020-oem - 5.14.0-1020.22 o linux-image-ibm-lts-20.04 - 5.4.0.1012.13 o linux-image-gkeop-5.4 - 5.4.0.1031.34 o linux-image-azure - 5.11.0.1027.30~20.04.25 o linux-image-5.10.0-1057-oem - 5.10.0-1057.61 o linux-image-5.4.0-1050-raspi - 5.4.0-1050.56 o linux-image-5.4.0-96-generic-lpae - 5.4.0-96.109 o linux-image-5.4.0-1031-gkeop - 5.4.0-1031.32 o linux-image-oracle-lts-20.04 - 5.4.0.1061.61 o linux-image-kvm - 5.4.0.1053.52 o linux-image-5.11.0-1028-gcp - 5.11.0-1028.32~20.04.1 o linux-image-lowlatency - 5.4.0.96.100 o linux-image-5.4.0-1061-oracle - 5.4.0-1061.65 o linux-image-5.4.0-1062-gcp - 5.4.0-1062.66 o linux-image-oem-osp1 - 5.4.0.96.100 o linux-image-gke-5.4 - 5.4.0.1059.69 o linux-image-5.4.0-1059-gke - 5.4.0-1059.62 o linux-image-oem-20.04c - 5.13.0.1028.30 o linux-image-oem-20.04b - 5.10.0.1057.57 o linux-image-oem-20.04d - 5.14.0.1020.17 o linux-image-ibm - 5.4.0.1012.13 o linux-image-gcp - 5.11.0.1028.32~20.04.26 o linux-image-generic-lpae - 5.4.0.96.100 o linux-image-5.4.0-96-lowlatency - 5.4.0-96.109 o linux-image-oem - 5.4.0.96.100 o linux-image-5.11.0-1027-aws - 5.11.0-1027.30~20.04.1 o linux-image-bluefield - 5.4.0.1025.26 o linux-image-5.4.0-1025-bluefield - 5.4.0-1025.28 o linux-image-gke - 5.4.0.1059.69 o linux-image-aws-lts-20.04 - 5.4.0.1063.65 o linux-image-azure-lts-20.04 - 5.4.0.1067.65 o linux-image-5.4.0-1067-azure - 5.4.0-1067.70 o linux-image-oracle - 5.11.0.1027.30~20.04.19 o linux-image-raspi - 5.4.0.1050.84 o linux-image-generic - 5.4.0.96.100 o linux-image-5.4.0-96-generic - 5.4.0-96.109 o linux-image-5.11.0-1027-azure - 5.11.0-1027.30~20.04.1 o linux-image-5.4.0-1012-ibm - 5.4.0-1012.13 o linux-image-oem-20.04 - 5.10.0.1057.57 o linux-image-raspi2 - 5.4.0.1050.84 o linux-image-gcp-lts-20.04 - 5.4.0.1062.72 o linux-image-5.13.0-1028-oem - 5.13.0-1028.35 Ubuntu 18.04 o linux-image-generic-lpae-hwe-18.04 - 5.4.0.96.109~18.04.84 o linux-image-generic-hwe-18.04 - 5.4.0.96.109~18.04.84 o linux-image-snapdragon-hwe-18.04 - 5.4.0.96.109~18.04.84 o linux-image-5.4.0-96-lowlatency - 5.4.0-96.109~18.04.1 o linux-image-oem - 5.4.0.96.109~18.04.84 o linux-image-aws - 5.4.0.1063.45 o linux-image-lowlatency-hwe-18.04 - 5.4.0.96.109~18.04.84 o linux-image-5.4.0-96-generic - 5.4.0-96.109~18.04.1 o linux-image-raspi-hwe-18.04 - 5.4.0.1050.52 o linux-image-5.4.0-1061-oracle - 5.4.0-1061.65~18.04.1 o linux-image-oem-osp1 - 5.4.0.96.109~18.04.84 o linux-image-gkeop-5.4 - 5.4.0.1031.32~18.04.31 o linux-image-azure - 5.4.0.1067.46 o linux-image-virtual-hwe-18.04 - 5.4.0.96.109~18.04.84 o linux-image-5.4.0-1062-gcp - 5.4.0-1062.66~18.04.1 o linux-image-gcp - 5.4.0.1062.47 o linux-image-5.4.0-1050-raspi - 5.4.0-1050.56~18.04.1 o linux-image-5.4.0-1067-azure - 5.4.0-1067.70~18.04.1 o linux-image-5.4.0-96-generic-lpae - 5.4.0-96.109~18.04.1 o linux-image-oracle - 5.4.0.1061.65~18.04.40 o linux-image-5.4.0-1031-gkeop - 5.4.0-1031.32~18.04.1 o linux-image-5.4.0-1059-gke - 5.4.0-1059.62~18.04.1 o linux-image-gke-5.4 - 5.4.0.1059.62~18.04.23 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References o CVE-2022-0185 Related notices o LSN-0084-1 : ibm-5.4, gkeop-5.4, lowlatency-5.4, gkeop, gcp, gke-5.4, ibm, aws, gke, azure, generic-5.4 _____________________________________________________________________ Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary A security issue was fixed in the kernel. Software Description - linux - Linux kernel - linux-aws - Linux kernel for Amazon Web Services (AWS) systems - linux-azure - Linux kernel for Microsoft Azure Cloud systems - linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems - linux-gke - Linux kernel for Google Container Engine (GKE) systems - linux-gkeop - Linux kernel for Google Container Engine (GKE) systems - linux-ibm - Linux kernel for IBM cloud systems Details William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-0185) Update instructions The problem can be corrected by updating your kernel livepatch to the following versions: Ubuntu 20.04 LTS aws - 84.1 aws - 84.2 azure - 84.1 gcp - 84.1 generic - 84.1 gke - 84.1 gkeop - 84.1 ibm - 84.1 lowlatency - 84.1 Ubuntu 18.04 LTS generic - 84.1 generic - 84.2 gke - 84.1 gkeop - 84.1 ibm - 84.1 lowlatency - 84.1 lowlatency - 84.2 Support Information Kernels older than the levels listed below do not receive livepatch updates. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible. Ubuntu 20.04 LTS linux-aws - 5.4.0-1009 linux-aws - 5.4.0-1061 linux-azure - 5.4.0-1010 linux-gcp - 5.4.0-1009 linux-gke - 5.4.0-1033 linux-gkeop - 5.4.0-1009 linux-ibm - 5.4.0-1009 linux-oem - 5.4.0-26 linux - 5.4.0-26 Ubuntu 18.04 LTS linux-aws - 4.15.0-1054 linux-azure-4.15 - 4.15.0-1115 linux-gke-4.15 - 4.15.0-1076 linux-gke-5.4 - 5.4.0-1009 linux-gkeop-5.4 - 5.4.0-1007 linux-hwe-5.4 - 5.4.0-26 linux-ibm-5.4 - 5.4.0-1009 linux-oem - 4.15.0-1063 linux - 4.15.0-69 Ubuntu 16.04 ESM linux-aws - 4.4.0-1098 linux-aws - 4.4.0-1129 linux-azure - 4.15.0-1063 linux-azure - 4.15.0-1078 linux-azure - 4.15.0-1114 linux-hwe - 4.15.0-143 linux-hwe - 4.15.0-69 linux - 4.4.0-168 linux - 4.4.0-211 Ubuntu 14.04 ESM linux-lts-xenial - 4.4.0-168 References - CVE-2022-0185 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================