According to Ubuntu security notice, as much as 13 different security flaws received fixes. Out of these 13, seven different flaws existed in the ext4 filesystem implementation. These include two use-after-free vulnerabilities (CVE-2018-10876 and CVE-2018-10879), one buffer overflow vulnerability (CVE-2018-10877), and two out-of-bounds write flaws (CVE-2018-10878 and CVE-2018-10882). All five vulnerabilities could allow an attacker to cause DoS or execute arbitrary codes.
In addition, the two other vulnerabilities affecting the ext4 filesystem implementation include CVE-2018-10880 and CVE-2018-10883. Both of them could trigger system crashes following denial of service.
Allegedly, the same researcher, Wen Xu discovered all these flaws.
Besides, Jann Horn also discovered two security flaws in the Linux Kernel. The first of these is CVE-2018-17972, about which Ubuntu stated,
“the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information.”Whereas, the second one, CVE-2018-18281, is described as,
“the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code.”Apart from these, Canonical has also fixed four other security flaws. Two of these, CVE-2018-16882 and CVE-2018-19407, were discovered by Cfir Cohen and Wei Wu respectively.
Canonical has updated Ubuntu 18.04 to the Linux Kernel 4.15.0-44.47. Users can upgrade their systems accordingly following the details given on their website.
