Tuesday, March 24, 2026

[USN-8121-1] Linux kernel (AWS FIPS) vulnerability

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmnC1KYFAwAAAAAACgkQZ0GeRcM5nt1m
NggAobSfKMtiFTKcUxFcVTI2rEo6SQow0LNldEujQtFibDWNnJdqVUwRMY4MUZKP6hz/vpxAnHHq
dQR2QUZuJl7r+PLvylPsAMTEbC1RccXeXgaOkrlNJZQPYfs4zlBpAWgxWQ2L6FVMAEN+20193ic5
konhL10P08sAO17/mbdy0wnalxXM48iMihZwz3yLdf16PYDBheFsknzXprlZKaEMBAHW3nPl6DV2
+2sjvo8qI3UatuxPBRr+EuoKdT7ZcQF86yD62YoOLjwxJ0Os+IuEvwY1h1ROUmvdSO3FWLwCbjoh
xc2kjm80gHidfP9mbV/GwgsMgmaJwVto5GE9ZYFe8Q==
=Am80
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-8121-1
March 24, 2026

linux-aws-fips vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

The system could be made to run programs as an administrator.

Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS

Details:

Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1156-aws-fips 5.4.0-1156.166+fips1
Available with Ubuntu Pro
linux-image-aws-fips 5.4.0.1156.103
Available with Ubuntu Pro
linux-image-aws-fips-5.4 5.4.0.1156.103
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8121-1
https://launchpad.net/bugs/2143853

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/5.4.0-1156.166+fips1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)