Canonical released today a new Linux kernel update for Ubuntu 17.10 (Artful Aardvark) and Ubuntu 16.04 LTS (Xenial Xerus) HWE (Hardware Enablement) systems to address a security issue.
Coming a few days after the last kernel update released earlier this week, which included mitigations for the Spectre security vulnerability that puts billions of devices at risk of attacks, today’s security update addresses a logic error in Linux kernel’s x86-64 syscall entry implementation, discovered by Jay Vosburgh.
According to the security advisory published today by Canonica, it would appear that the security issue has been introduced by the mitigations for the Spectre hardware bug, and it could allow a local attacker to either execute arbitrary code or cause a denial of service (DoS attack).
“Jay Vosburgh discovered a logic error in the x86-64 syscall entry implementation in the Linux kernel, introduced as part of the mitigations for the Spectre vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code,” reads today’s Ubuntu Security Notices USN-3548-1 and USN-3548-2.
Users are urged to update their systems immediately
Canonical urges all Ubuntu 17.10 (Artful Aardvark) users to update their systems at their earliest convenience to the linux-image-4.13.0-32-generic 4.13.0-32.35 or linux-image-4.13.0-32-lowlatency 4.13.0-32.35 kernel images. The kernel update is also available for Ubuntu 16.04.3 LTS (Xenial Xerus) users using the HWE kernel from Ubuntu 17.10.
These must update their systems to the linux-image-4.13.0-32-generic 4.13.0-32.35~16.04.1 or linux-image-4.13.0-32-lowlatency 4.13.0-32.35~16.04.1 on 64-bit systems, as well as linux-image-4.13.0-1008-gcp 4.13.0-1008.11 on Google Cloud Platform (GCP) systems, linux-image-4.13.0-1007-azure 4.13.0-1007.9 on Microsoft Azure Cloud systems, or linux-image-oem 22.214.171.1249.23 for OEM processors.
Canonical provides detailed instructions on how to update your Ubuntu installations at https://wiki.ubuntu.com/Security/Upgrades, but you can simply open a terminal emulator and run the “sudo apt-get update && sudo apt-get dist-upgrade” command. Don’t forget to reboot your machine after installing the new kernel version and also reinstall any third-party kernel modules you might have installed.