1. Ubuntu Security Notices
  2. LSN-0077-1

LSN-0077-1: Kernel Live Patch Security Notice

Publication date

17 May 2021

Overview

Several security issues were fixed in the kernel.

Releases

Software description

  • gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
  • generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
  • gke-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
  • lowlatency-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
  • generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
  • gke-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
  • lowlatency-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)

Details

Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux
kernel did not properly handle faults in copy_from_user() when passing
through ioctls to an underlying file system. A local attacker could use
this to cause a denial of service (memory exhaustion) or execute arbitrary
code.(CVE-2021-3492)

Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux
kernel did not properly handle faults in copy_from_user() when passing
through ioctls to an underlying file system. A local attacker could use
this to cause a denial of service (memory exhaustion) or execute arbitrary
code.(CVE-2021-3492)

Checking update status

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status

The problem can be corrected in these Livepatch versions:

Kernel type 20.04 18.04
gcp 77.1
generic-5.4 77.1 77.1
gke 77.1
gke-5.4 77.1
gkeop 77.1
gkeop-5.4 77.1
lowlatency-5.4 77.1 77.1

References

Have additional questions?

Talk to a member of the team ›