- Canonical, the developer of Ubuntu projects has fixed several vulnerabilities for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS in its latest security update.
- The software company has updated Ubuntu 20.04 LTS (Focal Fossa) by updating its kernel version to 5.15 LTS.
- The updates also affect the 22.04 LTS users since Canonical decided to deliver the same kernels for both of the Ubuntu versions.
Canonical, the developer of Ubuntu projects, has updated Ubuntu 20.04 LTS (Focal Fossa) by updating its kernel version to 5.15 LTS. Ubuntu 20.04 LTS was launched in April 2022 with continued support for the next 5 years. The new update also included four vulnerability fixes.
22.04 LTS kernel on 20.04 LTS
With the recent update, Ubuntu 20.04 LTS (Focal Fossa) users will get to use Linux kernel 5.15’s most notable feature, NTFS support, Intel’s Alchemist discrete graphics support, and optimizations and improvements for ARM-based systems. Ubuntu 20.04 LTS was performing Linux kernel 5.13 until recently. This sudden change was not expected by the community and it was delivered quietly. With this move, Canonical has updated Ubuntu 22.04 LTS’s kernel and integrated it into Ubuntu 20.04 LTS as well. The list of fixed vulnerabilities with the patch is below;
Tracked with CVE-2022-28893, a remote code execution flaw discovered by Felix Vu. It is described as not handling Sun RPC implementation in the Linux kernel properly which would lead to a use after free vulnerability. A remote attacker might benefit from this to cause a denial of service (system crash) or execute arbitrary code.
Tracked with CVE-2022-34918, the flaw discovered by Arthur Mongodin with a description of the Netfilter subsystem in the Linux kernel not properly performing data validation. A local attacker might benefit from this flaw to escalate privileges in certain situations.
Tracked with CVE-2022-1652, the vulnerability was discovered by Minh Yuan. It is referred to as the floppy disk driver in the Linux kernel and included a race condition, leading to a use-after-free vulnerability. A local attacker might benefit from this flaw to extend privileges in certain situations.
The last vulnerability fixed is tracked with CVE-2022-1679 which was discovered by the Atheros ath9k, a wireless device driver in the Linux kernel not properly handling some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to generate a denial of service (system crash) or carry out arbitrary code.
The users of both Ubuntu 20.04 LTS and 22.04 LTS are advised to update related installations. You can use the following commands in the terminal to update your system to the latest kernel version:
sudo apt update
sudo apt full-upgrade