Canonical Releases New Kernel Live Patch for Ubuntu 16.04 LTS and Ubuntu 14.04 LTS

The new kernel live patch addresses a race condition (CVE-2017-0861) found in Linux kernel’s ALSA PCM subsystem and a use-after-free vulnerability (CVE-2017-15129) discovered in the network namespaces implementation, both of which could allow a local attacker to crash the system or execute arbitrary code. Additionally, the new kernel live patch fixes a race condition (CVE-2018-5344) discovered in Linux kernel’s loop block device, which could allow a local attacker to either crash the system by causing a denial of service or possibly execute arbitrary code, and a null pointer dereference (CVE-2018-5333) in the RDS (Reliable Datagram Sockets) protocol implementation that lets local attackers to crash the vulnerable system.