Canonical Released New Ubuntu Kernel Security Update

The most important vulnerabilities patched in this new major Linux kernel update for Ubuntu are a flaw (CVE-2020-25704) discovered in the perf subsystem that could allow a privileged attacker to cause a denial of service (kernel memory exhaustion), and a security issue (CVE-2020-27777) in the PowerPC RTAS implementation, which could allow a privileged local attacker to arbitrarily modify kernel memory and bypass kernel lockdown restrictions.

Also patched in this new Ubuntu kernel security update is a race condition (CVE-2020-25656) in the console keyboard driver, race conditions (CVE-2020-25668) and a read-after-free vulnerability (CVE-2020-29660) in the TTY driver/subsystem, an information leak (CVE-2020-28588) found in the syscall implementation on 32-bit systems, and a flaw (CVE-2020-28974) in the framebuffer console driver. All these flaws could allow a local attacker to expose sensitive information (kernel memory).