Language Selection

English French German Italian Portuguese Spanish

Ubuntu Is Now Patched Against Latest Intel Processor Graphics Vulnerabilities

Filed under
Security
Ubuntu

Canonical has released today new Linux kernel patches to address the latest security vulnerabilities affecting Intel Graphics Processing Units (GPUs) in all of its supported Ubuntu releases.

Two weeks ago, on January 14th, Intel revealed two new vulnerabilities affecting systems with Intel Graphics Processing Units (GPUs), known as CVE-2020-7053 and CVE-2019-14615. These vulnerabilities were present in the Intel graphics driver (i915) for GNU/Linux systems, and thus having an impact on almost all Linux-based operating systems.

CVE-2019-14615 did not let the Linux kernel to properly clear data structures on context switches for some Intel GPUs, which could allow a local attacker to expose sensitive information. On the other hand, CVE-2020-7053 is a race condition that could lead to a use-after-free, destroying GEM contexts in the i915 graphics driver. This could allow a local attacker to crash the system or execute arbitrary code.

Read more

Canonical Releases Ubuntu 16.04 LTS Kernel Security Update

  • Canonical Releases Ubuntu 16.04 LTS Kernel Security Update to Address 9 Flaws

    Canonical has released today a new Linux kernel security update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system to address several vulnerabilities.

    In addition to mitigating the CVE-2019-14615 vulnerability affecting certain Intel graphics processors, the new Linux kernel security update addresses a race condition (CVE-2019-18683) in the Virtual Video Test Driver (VIVID), which could allow an attacker with access to /dev/video0 to gain administrative privileges.

    Also patched are multiple memory leaks (CVE-2019-19057) in the Marvell WiFi-Ex driver and a NULL pointer dereference (CVE-2019-18885) in the Btrfs file system.

Have an Intel processor? Enjoy two more vulnerabilities

  • Have an Intel processor? Enjoy two more vulnerabilities

    Intel are not having a good time lately are they? More vulnerabilities in their CPUs have been made public.

    How many is that Intel have had recently that affect them? Quite a lot. This time, it appears AMD are not affected at least. Still, this is a lot of major security problems to go through with Spectre and Meltdown, Foreshadow and ZombieLoad. Currently, Intel are saying that they're "not aware of any use of these issues outside of a controlled lab environment" so you don't need to go and panic just yet. Just keep an eye on updates for your distribution and motherboard BIOS updates.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Evince chosen as the Librem 5 Document Viewer

The default Librem 5 applications define the out of the box experience. Our team has been hard at work adding essential apps that people expect from a smartphone. The latest is the popular FOSS document viewer Evince which we adapted using our powerful convergence library libhandy. We have put a lot of design and development into the idea of convergence – the ability to run applications on desktop and mobile without maintaining separate code basess or many additional views. libhandy has already been successfully used to adpat or build all the current Librem 5 apps including GNOME Settings, Epiphany, Calls, Chats and more. What makes libhandy so powerful for designers and developers is its simplicity. Just swap out your widget inheritance to use libhandy and add breakpoint logic. Read more

GNU/Linux in Devices

  • StixRF A 70 MHz 6 GHz SDR USB receiver stick

    – Control: GNU Radio support

  • 3D-printable Raspberry Pi bits and pieces you should totally make

    Recently, we’ve seen an awful lot of new designs online for 3D-printable Raspberry Pi cases and add-ons. Here are a few that definitely need your attention.

  • Best USB Gaming Controllers With Linux Support (Review) in 2020 [Ed: The links appear to be Amazon 'referral spam']

    Are you looking to get a new gaming controller for your Linux PC? Not sure which one to buy so that you don’t run into any issues? We can help, because we’ve done the research for you and our in-depth analysis can reveal which is the best product for the buck. Here’s our list with the top USB gaming controllers for Linux.

  • Best USB WiFi Adapters for Linux (Review) in 2020

    It is hard to find a Linux-compatible USB WiFi adapter these days, as mainstream manufacturers like Netgear, Belkin, and others do not take the platform seriously. As a result, many Linux users do not know what to buy. Since finding a compatible Linux WiFi adapter is so tricky we researched more than 20 models on the market — read more about our in-depth analysis and see which is the best product. Here’s our list of the best Linux compatible USB WiFi adapters.

Audiocasts/Shows: Linux in the Ham Shack and More

  • LHS Episode #326: Ni Hao, Moto

    Hello and welcome to the 326th installment of Linux in the Ham Shack. In this short-topic format show, the hosts discuss a major win for Motorola, the FCC and 5.9GHz, operating practices in Australia, iText, FreshRSS, GridTracker and much more. Thank you for listening and please, if you can, donate to our Hamvention 2020 Fund.

  • Ask Lunduke - Feb 17, 2020 - Slackware and Pre-Internet Podcasts

    Ask Lunduke is a weekly podcast where the community can ask any question they like… and I (attempt to) answer them. This episode is available via Podcast RSS feed, LBRY, Patreon, and YouTube. Links on the left. Topics on Ask Lunduke this week: Why does closed source software exist? How can we fix WHOIS? Would a Star Trek Land be more popular than Disney's Star Wars Land?

  • Another Look at My Homelab (More Detail)

    You asked for more detail on my Homelab, so here it is. In this video, I go over a bit more detail on how my Homelab is organized, so you can get an idea on how everything is connected together.

Red Hat OpenShift, Satellite and Latest Brag

  • OpenShift 4.3: Console Customization: YAML Samples

    Out of the box, OpenShift 4 provides a few examples for users. With this new extension mechanism users can now add their own YAML sample for all users on the Cluster. Let us look at how we can manually add a YAML example to the cluster. First we need to navigate to the Custom Resource Definition navigation item and search for YAML:

  • Red Hat Satellite Ask Me Anything Q&A from January 15, 2020

    This post covers the questions and answers during the January 2020 Satellite Ask Me Anything (AMA) calls. For anyone not familiar, the Satellite AMAs are an "ask me anything" (AMA) style event where we invite Red Hat customers to bring all of their questions about Red Hat Satellite, drop them in the chat, and members of the Satellite product team answers as many of them live as we can during the AMA and we then follow up with a blog post detailing the questions and answers.

  • Red Hat named to Fortune’s 100 Best Companies to Work For list for 2nd year in a row

    If you ask Red Hatters why they love working for Red Hat, you’ll hear a common theme. The culture and the people. I frequently hear from new Red Hatters that it just feels different to work here. It’s clear our associates are passionate about being apart of something bigger than themselves, a movement. As a result, Red Hat has been ranked No. 48 on Fortune Magazine's list of 100 Best Companies to Work For! This is our second consecutive year making the list and it’s most gratifying that in a year full of exciting change, one thing has remained constant. Red Hat is still Red Hat and it is a great place to work! Thinking back on this year and all that we’ve experienced, I’m grateful that we have put a great deal of attention and focus on continuing Red Hat’s culture because of the value it brings to our associates, customers, partners and the industry as a whole. We are all committed to preserving our way of working and this latest recognition is a testament to this effort. As we move forward, we are laser focused on maintaining what we do and how we do it—the open source way.