New Ubuntu Kernels Released to Fix Secure Boot Bypass and Other Flaws, Update Now

Available for Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), and Ubuntu 16.04 LTS (Xenial Xerus), the new Linux kernel updates are here to address two vulnerabilities (CVE-2019-20908 and CVE-2020-15780) discovered by Jason A. Donenfeld in the ACPI implementation, which could allow a privileged attacker to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. Another vulnerability (CVE-2020-11935) patched in this security update is affecting all supported Ubuntu releases and kernels, and could allow a local attacker to cause a denial of service. The issue was discovered by Mauricio Faria de Oliveira in Linux kernel’s AUFS implementation.