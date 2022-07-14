Canonical, Ubuntu’s developer released at least 17 patches for vulnerabilities discovered in Linux Kernel .

Canonical, the producer of the popular Linux distribution Ubuntu, published Linux Kernel updates addressing at least 17 vulnerabilities. The updates came one month after the previous updates, which addressed two high-severity vulnerabilities.

Details of vulnerabilities

CVE-2022-1974 : A flaw in a race condition in the NFC subsystem in the Linux kernel was discovered by Duoming Zhou. It leads to a use-after-free vulnerability. It allows a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code.

CVE-2022-1975 : A flaw of the floppy driver in the Linux kernel contained a race condition in some situations discovered by Minh Yuan. It leads to a use-after-free vulnerability. It allows a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code.

CVE-2022-1734: A flaw of the Marvell NFC device driver implementation in the Linux kernel not properly performing memory cleanup operations in some situations. This leads to a use-after-free vulnerability. A privileged local attacker possibly causes a denial of service (system) or executes arbitrary code.

CVE-2022-0500 : A flaw of the eBPF implementation in the Linux kernel not properly preventing writes to kernel objects in BPF_BTF_LOAD commands. It allows a local attacker possibly to cause a denial of service (system crash) or possibly execute arbitrary code.

CVE-2022-1789: A flaw discovered by Yongkang Jia. The KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. A privileged attacker in a guest VM could use this to cause a denial of service in the host OS (system crash).

CVE-2022-1195 : A flaw discovered by Duoming Zhou. The NFC subsystem in the Linux kernel did not properly prevent context switches from occurring during certain atomic context operations. It allows a local attacker to cause a denial of service (system crash).

To update your Ubuntu OS you can use Software Updater utility or run the command below in the Terminal. After updating, don’t forget to reboot your computer.

sudo apt update && sudo apt full-upgrade