Skip to main content
  1. Blog
  2. Article

Canonical
on 21 June 2017

Kernel Team Summary: June 22, 2017

CVE kernel Security

This newsletter is to provide a status update from the Ubuntu Kernel Team. There will also be highlights provided for any interesting subjects the team may be working on.

If you would like to reach the kernel team, you can find us at the #ubuntu-kernel channel on FreeNode. Alternatively, you can mail the Ubuntu Kernel Team mailing list at: kernel-team@lists.ubuntu.com

Highlights

  • FWTS 17.06.00 released: https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/17.06.00
  • Released stress-ng 0.08.05, new Real Time cyclic stressor and Real Time scheduling softlockup stressor.
  • Prepare 4.4.73 (Xenial)
  • Update artful/4.11 to v4.11.6
  • The embargo for CVE-2017-1000364 [1] has expired and the fix was
    released for the following packages in the updates and security pockets:
    • * Trusty
    • – linux 3.13.0-121.170
    • – linux-lts-xenial 4.4.0-81.104~14.04.1
    • * Xenial
    • – linux 4.4.0-81.104
    • – linux-aws 4.4.0-1020.29
    • – linux-gke 4.4.0-1016.16
    • – linux-raspi2 4.4.0-1059.67
    • – linux-snapdragon 4.4.0-1061.66
    • – linux-hwe 4.8.0-56.61~16.04.1
    • – linux-hwe-edge 4.10.0-24.28~16.04.1
    • – linux-joule 4.4.0-1003.8
    • * Yakkety
    • – linux 4.8.0-56.61
    • – linux-raspi2 4.8.0-1040.44
    • * Zesty
    • – linux 4.10.0-24.28
    • – linux-raspi2 4.10.0-1008.11

    Due to that, the proposed updates for the above packages being prepared
    on the current SRU cycle are being re-spun to include the fix.

    [1] CVE description: It was discovered that the stack guard page for
    processes in the Linux kernel was not sufficiently large enough to
    prevent overlapping with the heap. An attacker could leverage this with
    another vulnerability to execute arbitrary code and gain administrative
    privileges.

Devel Kernel Announcements

We intend to target a 4.13 kernel for the Ubuntu 17.10 release. The Ubuntu 17.10 Kernel Freeze is Thurs Oct 5, 2017.

Stable Kernel Announcements

Current cycle: 02-Jun through 24-Jun

  • 02-Jun Last day for kernel commits for this cycle
  • 05-Jun – 10-Jun Kernel prep week.
  • 11-Jun – 23-Jun Bug verification & Regression testing.
  • 26-Jun Release to -updates.

Next cycle: 23-Jun through 15-Jul

  • 23-Jun Last day for kernel commits for this cycle
  • 26-Jun – 01-Jul Kernel prep week.
  • 02-Jul – 14-Jul Bug verification & Regression testing..
  • 17-Jul Release to -updates.

Status: CVE’s

The current CVE status can be reviewed at the following:
http://people.canonical.com/~kernel/cve/pkg/ALL-linux.html

Related posts

Luci Stanescu
8 May 2026

Dirty Frag Linux kernel local privilege escalation vulnerability mitigations

Ubuntu Article

Two local privilege escalation (LPE) vulnerabilities affecting the Linux kernel have been publicly disclosed on May 7, 2026. One of the vulnerabilities has been assigned the ID: CVE-2026-43284. The other CVE ID is pending. Both are referred to as “Dirty Frag.” The affected components are Linux kernel modules. The first vulnerability impac ...

Luci Stanescu
30 April 2026

Fixes available for CVE-2026-31431 (Copy Fail) Linux Kernel Local Privilege Escalation Vulnerability

Ubuntu Article

A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on April 29, 2026. The vulnerability has been assigned CVE ID CVE-2026-31431 and is referred to as Copy Fail. The affected component is a kernel module that provides hardware-accelerated cryptographic functions: algif_aead. The vulnerab ...

Luci Stanescu
12 March 2026

AppArmor vulnerability fixes available

Ubuntu Article

Qualys discovered several vulnerabilities in the AppArmor code of the Linux kernel. These are being referred to as CrackArmor, while CVE IDs are in the process of being assigned by the Linux Kernel CVE Numbering Authority. There are eleven patches for the nine vulnerabilities and each patch is assigned a CVE IDs: CVE-2026-23268, CVE-2026- ...