Ubuntu 18.04 and 16.04 LTS received Linux Kernel patch to fix vulnerabilities

Canonical provides the latest Linux kernel security updates for the Long Term Support (LTS) Ubuntu 18.04 and 16.04 operating systems, and Bionic Beaver and Xenial Xerus users can implement a reboot-free operating system kernel update with the Livepatch Service. This real-time patch mainly fixes five security issues, such as the CVE-2019-11815 race condition vulnerability. It can cause the Linux kernel’s RDS (Reliable Datagram Sockets) protocol to be exploited by an attacker, causing a system crash or arbitrary code execution.

Second is the CVE-2019-2054 flaw affecting the ARM CPU, which can be used by an attacker to bypass the seccomp limit. There is also a flaw in the EXT4 file system of the Linux kernel. CVE-2019-11833 and CVE-2019-11884 expose local sensitive information (kernel memory) to an attacker because the Linux kernel cannot properly clear memory or verify a NULL termination string under certain circumstances.

It should be noted that this kernel real-time patch includes a fix that fixes the eight-year-old CVE-2011-1079 vulnerability discovered by Vasiliy Kulikov in the Bluetooth stack of the Linux kernel. This defect may cause a local attacker to launch a denial of service (DoS) attack on the system, causing a system crash or kernel stack memory leak, which poses a certain threat to the user’s privacy.

Source: Softpedia