Ubuntu discovered multiple vulnerabilities which now have been patched with the latest kernel update. The fixed versions are available with Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. The latest update fixes all 19 vulnerabilities including CVE-2022-47940 (CVSS3 8.1), CVE-2022-3640 (CVSS3 8.8), and CVE-2022-3623 (CVSS3 7.5). All users are strongly advised to obtain the latest update to make sure they are protected against these vulnerabilities.

19 vulnerabilities fixed

Canonical fixes 19 vulnerabilities including:

CVE-2022-3543 (CVSS3 5.5, Memory leak)

CVE-2022-3619 (CVSS3 4.3 Memory leak)

CVE-2022-3623 (CVSS3 7.5 Remote attack)

Remote attack) CVE-2022-3628 (CVSS3 6.6 Denial of service and privileges)

CVE-2022-3640 (CVSS3 8.8 Denial of service)

Denial of service) CVE-2022-41849 (CVSS3 4.2 Use-after-free)

CVE-2022-41850 (CVSS3 4.7 Use-after-free)

CVE-2022-42895 (CVSS3 6.5 Remote kernel pointers leak)

CVE-2022-47940 (CVSS3 8.1 Denial of service, Arbitrary code execution, Sensitive info exposure)

Denial of service, Arbitrary code execution, Sensitive info exposure) CVE-2023-0590 (Medium, Denial of service, Arbitrary code execution)

How to get the latest fixes

You can find the latest fixes in the “Update Instructions” section here. The kernel upgrades have a new version number due to an unavoidable ABI change, thus you must recompile and reload any third-party kernel modules you may have previously installed. A typical system update will also carry out this task automatically unless you specifically uninstalled the default kernel metapackages (such as linux-generic, linux-generic-lts-RELEASE, linux-virtual, and linux-powerpc).

Since it is a security update, Canonical urged all users to update their operating systems as soon as possible to be able to avoid possible attacks. Users can use the Software Updater utility or run the following command in the Terminal.

sudo apt update sudo apt full-upgrade

Installing new kernel versions requires a system reboot.