Ubuntu has a pretty serious security flaw, so patch now

(Image credit: Canonical)

Cybersecurity researchers have discovered a major flaw in one of Linux’s most popular distros - Ubuntu, and are urging all users to patch immediately.

As reported on Ubuntu’s website, two researchers - William Luil and Jamila Hill-Daniel - discovered a vulnerability that allows malicious actors to crash the system, or run software in administrator mode. 

The vulnerability, tracked as CVE-2022-0185, allegedly affects all of the Ubuntu releases that are still being supported. That includes Ubuntu 21.10 Impish Indri with Linux kernel 5.13, Ubuntu 21.04 Hirsute Hippo with Linux kernel 5.11, Ubuntu 20.04 LTS Focal Fossa, and Ubuntu 18.04 LTS Bionic Beaver, both with Linux kernel 5.4 LTS.

Upgrades and mitigations

Here’s how Red Hat describes it:

“A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.”

Those running a different kernel should also keep an eye on the repositories, since these patch should cover all of them.

As Cloud7 explains, the patch can be found in Software Updater > Utility for Ubuntu Desktop. To update other Ubuntu variants (such as, Ubuntu Studio, or Ubuntu Server, for example), administrators can run this command in the Terminal:

sudo apt update && sudo apt full-upgrade

A reboot is necessary, following the installation of the new kernel version, it was said. Admins should also remember to rebuild any third-party kernel modules they had installed on their systems. 

Those unable to patch their systems right now can opt for temporary mitigation, by disabling unprivileged user namespaces. That can be achieved by running this command in the Terminal:

sysctl -w kernel.unprivileged_userns_clone=0

  • You might also want to check out our list of the best Linux distros for beginners available now

Via The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.