Ubuntu Kernel updates

Ubuntu Kernel updates

2024, Sep 19    

Some OS related issues could be fixed by installing a different Linux Kernel. Recently there has been a new linux kernel vulnerability USN-7003-1: Linux kernel vulnerabilities. The the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. What does that mean for you? Probably nothing, but its still good to update package on your ubuntu systems. However, running an ‘apt update’ may only install the linux-generic or linux-headers packages but not set them. Automatically setting the kernel does happen so in this blog I will review how to install a new kernel and make it bootable by default.

Installing a new kernel

Display version of currently running Kernel: uname -r List available for installation kernels: sudo apt list linux-image- | grep generic   Update current packages sudo apt update List available for installation kernels: sudo apt list linux-image- | grep generic    

From the output we can see different types of kernels but our fix is contained in linux-image-5.4.0-195-generic kernel.

Install selected kernel with sudo apt install linux-image-5.4.0-195-generic Check installed kernels with dpkg –list | grep linux-image     

Example output:  

root@mercury:~# dpkg –list | grep linux-image

rc  linux-image-5.4.0-174-generic         5.4.0-174.193                     amd64        Signed kernel image generic
rc  linux-image-5.4.0-176-generic         5.4.0-176.196                     amd64        Signed kernel image generic
rc  linux-image-5.4.0-177-generic         5.4.0-177.197                     amd64        Signed kernel image generic
rc  linux-image-5.4.0-181-generic         5.4.0-181.201                     amd64        Signed kernel image generic
rc  linux-image-5.4.0-182-generic         5.4.0-182.202                     amd64        Signed kernel image generic
rc  linux-image-5.4.0-187-generic         5.4.0-187.207                     amd64        Signed kernel image generic
rc  linux-image-5.4.0-189-generic         5.4.0-189.209                     amd64        Signed kernel image generic
ii  linux-image-5.4.0-190-generic         5.4.0-190.210                     amd64        Signed kernel image generic
rc  linux-image-5.4.0-192-generic         5.4.0-192.212                     amd64        Signed kernel image generic
ii  linux-image-5.4.0-193-generic         5.4.0-193.213                     amd64        Signed kernel image generic
ii  linux-image-5.4.0-195-generic         5.4.0-195.215                     amd64        Signed kernel image generic
ii  linux-image-5.4.0-196-generic         5.4.0-196.216                     amd64        Signed kernel image generic
ii  linux-image-generic  

We can see our new kernel in the list now. 

Updating the default kernel

To install the new kernel we can easily reboot the machine and select a newly installed kernel, however, we want to make sure it boots by default. 

Because this is a virtual box and we dont have physicall acess to the machine you should  manually “hardcode” the new kernel in GRUB.

Check the entries from /boot/grub/grub.cfg Get the $menuentry_id_option with grep submenu /boot/grub/grub.cfg 

Example output: 

root@mercury:~# grep 'menuentry \|submenu ' /boot/grub/grub.cfg | cut -f2 -d "'"
Ubuntu
Advanced options for Ubuntu
Ubuntu, with Linux 5.4.0-196-generic
Ubuntu, with Linux 5.4.0-196-generic (recovery mode)
Ubuntu, with Linux 5.4.0-195-generic
Ubuntu, with Linux 5.4.0-195-generic (recovery mode)
Ubuntu, with Linux 5.4.0-193-generic
Ubuntu, with Linux 5.4.0-193-generic (recovery mode)
Ubuntu, with Linux 5.4.0-190-generic
Ubuntu, with Linux 5.4.0-190-generic (recovery mode)

Get the specific kernel option with grep gnulinux-5.4.0 /boot/grub/grub.cfg

Example output: 

root@mercury:~# grep gnulinux-5.4.0 /boot/grub/grub.cfg 
   set default="gnulinux-5.4.0-195-generic-advanced-b4c7cdf7-69c1-47be-8c08-19dbeeac3ae9"
        menuentry 'Ubuntu, with Linux 5.4.0-196-generic' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-196-generic-advanced-b4c7cdf7-69c1-47be-8c08-19dbeeac3ae9' {
        menuentry 'Ubuntu, with Linux 5.4.0-196-generic (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-196-generic-recovery-b4c7cdf7-69c1-47be-8c08-19dbeeac3ae9' {
        menuentry 'Ubuntu, with Linux 5.4.0-195-generic' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-195-generic-advanced-b4c7cdf7-69c1-47be-8c08-19dbeeac3ae9' {
        menuentry 'Ubuntu, with Linux 5.4.0-195-generic (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-195-generic-recovery-b4c7cdf7-69c1-47be-8c08-19dbeeac3ae9' {
        menuentry 'Ubuntu, with Linux 5.4.0-193-generic' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-193-generic-advanced-b4c7cdf7-69c1-47be-8c08-19dbeeac3ae9' {
        menuentry 'Ubuntu, with Linux 5.4.0-193-generic (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-193-generic-recovery-b4c7cdf7-69c1-47be-8c08-19dbeeac3ae9' {
        menuentry 'Ubuntu, with Linux 5.4.0-190-generic' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-190-generic-advanced-b4c7cdf7-69c1-47be-8c08-19dbeeac3ae9' {
        menuentry 'Ubuntu, with Linux 5.4.0-190-generic (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-190-generic-recovery-b4c7cdf7-69c1-47be-8c08-19dbeeac3ae9' {

Here we want to find ‘gnulinux-5.4.0-195-generic-advanced-b4c7cdf7-69c1-47be-8c08-19dbeeac3ae9’ and choose that as our default grub option. 

Set GRUB_DEFAULT in /etc/default/grub if you cat the output of the /etc/default/grub file you can you vi or your favorite text editor to change the GRUB_DEFAULT line in the file. 

Example output: 

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
#   info -f grub -n 'Simple configuration'

#GRUB_DEFAULT=0
GRUB_DEFAULT=gnulinux-5.4.0-195-generic-advanced-b4c7cdf7-69c1-47be-8c08-19dbeeac3ae9
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="maybe-ubiquity"
GRUB_CMDLINE_LINUX=" audit=1"

# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"

# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"

# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"
  • Update GRUB with ‘sudo update-grub’
  • Reboot the machine with ‘sudo reboot’

The system should boot up with a new kernel. Check default kernel version after rebooting. Log back into the system and run ‘uname -r’  to confirm the used kernel version

Example output:

root@mercury:~# uname -r
5.4.0-195-generic
Twitter Facebook Linkedin