William Luil and Jamila Hill-Daniel have found a new security flaw on one of the most important Linux distributions, Ubuntu. The new vulnerability is tracked as CVE-2022-0185 and it lets attackers crash the system as well as run software in administrator mode.
All supported Ubuntu versions are affected
The vulnerability affects all of the Ubuntu releases that are still being supported like Ubuntu 21.10 Impish Indri with Linux kernel 5.13, Ubuntu 21.04 Hirsute Hippo with Linux kernel 5.11, Ubuntu 20.04 LTS Focal Fossa, and Ubuntu 18.04 LTS Bionic Beaver, both comes with Linux kernel 5.4 LTS. Users with different a flavor or a kernel also should be checking the repositories since the patch covers them all.
The patch is landed to « Software Updater » utility for Ubuntu Desktop edition. To update other Ubuntu flavors like Ubuntu Server or Ubuntu Studio, you can simply run the command in Terminal:
sudo apt update && sudo apt full-upgradeFor those who can’t apply the updates immediately, there is also a mitigation option to temporarily fix the issue. Disabling unprivileged user namespaces seems to do the trick, as Canonical shared in its official CVE-2022-0185 page. So users can simply use the command below to mitigate the security flaw:
sysctl -w kernel.unprivileged_userns_clone=0