Canonical Outs New Linux Kernel Live Patch for Ubuntu 18.04 LTS and...

Canonical Outs New Linux Kernel Live Patch for Ubuntu 18.04 LTS and 16.04 LTS


Coming hot on the heels of the latest Linux kernel security update released by Canonical on Tuesday, the new Linux kernel live patch security update fixes a total of five security vulnerabilities, which are documented as CVE-2018-11506, CVE-2018-11412, CVE-2018-13406, CVE-2018-13405, and CVE-2018-12233.
These include a stack-based buffer overflow (CVE-2018-11506) discovered by Piotr Gabriel Kosinski and Daniel Shapira in Linux kernel’s CDROM driver implementation, which could allow a local attacker to either execute arbitrary code or cause crash the system via a denial of service.
Discovered by Jann Horn, the kernel live patch also addresses a security vulnerability (CVE-2018-11412) in Linux kernel’s EXT4 file system implementation, which could allow an attacker to execute arbitrary code or crash the system via a denial of service by creating and mounting a malicious EXT4 image.
Also fixed are an integer overflow (CVE-2018-13406) discovered by Silvio Cesare in Linux kernel’s generic VESA frame buffer driver, as well as a buffer overflow (CVE-2018-12233) discovered by Shankara Pailoor in the JFS file system implementation, both allowing local attackers to either crash the system or execute arbitrary code.
The last security vulnerability (CVE-2018-13405) fixed in this latest Ubuntu Linux kernel live patch may allow a local attacker to gain elevated privileges due to Linux kernel’s failure to handle setgid file creation when the operation is performed by a non-member of the group.

Submitted by: Arnfried Walbrecht


Comments are closed.