Canonical Outs New Kernel Live Patch for Ubuntu 16.04 LTS to Fix Security Flaws

Only two security flaws are patched, the first being a user-after-free vulnerability (CVE-2017-7374) discovered in Linux kernel’s filesystem encryption subsystem, which could have allowed a local attacker to crash the affected, unpatched machine by causing a denial of service (DoS attack). The second security flaw (CVE-2016-7097) was discovered by Jan Kara and Andreas Gruenbacher in Linux kernel’s filesystem implementation, which failed to clear the setgid bit during a setxattr call, thus allowing a local attacker to elevate group privileges.