Apache HTTP Server, Nano Editor and Linux Kernel updates for Ubuntu

Ubuntu 7111 Published by

Ubuntu released a batch of security notices to address critical flaws across several widely used software packages. The Apache HTTP Server update fixes an HTTP cookie handling bug that could allow remote attackers to trigger resource exhaustion and cause service outages. Nano receives a separate patch that resolves unsafe directory permissions and status line bugs capable of causing crashes or leaking sensitive data. The majority of these notices target the Linux kernel across dozens of Ubuntu releases and cloud environments, where engineers corrected dangerous memory handling errors and logic flaws that could let local attackers escalate privileges or break out of containers.

[USN-8384-1] Apache HTTP Server vulnerability
[USN-8386-1] Nano vulnerabilities
[USN-8393-1] Linux kernel (Azure FIPS) vulnerabilities
[USN-8361-2] Linux kernel (FIPS) vulnerability
[USN-8388-1] Linux kernel vulnerabilities
[USN-8392-1] Linux kernel vulnerabilities
[USN-8391-1] Linux kernel (Raspberry Pi) vulnerabilities
[USN-8390-1] Linux kernel vulnerability
[USN-8389-1] Linux kernel vulnerabilities




[USN-8384-1] Apache HTTP Server vulnerability


==========================================================================
Ubuntu Security Notice USN-8384-1
June 04, 2026

apache2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Apache HTTP Server could be made to consume excessive resources if it
received specially crafted network traffic.

Software Description:
- apache2: Apache HTTP server

Details:

It was discovered that Apache HTTP Server incorrectly handled certain
cookie headers in the HTTP/2 implementation. A remote attacker could
possibly use this issue to cause Apache HTTP Server to consume excessive
resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
apache2 2.4.66-2ubuntu2.2

Ubuntu 25.10
apache2 2.4.64-1ubuntu3.5

Ubuntu 24.04 LTS
apache2 2.4.58-1ubuntu8.13

Ubuntu 22.04 LTS
apache2 2.4.52-1ubuntu4.21

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8384-1
CVE-2026-49975

Package Information:
https://launchpad.net/ubuntu/+source/apache2/2.4.66-2ubuntu2.2
https://launchpad.net/ubuntu/+source/apache2/2.4.64-1ubuntu3.5
https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.13
https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.21



[USN-8386-1] Nano vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8386-1
June 04, 2026

nano vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Nano.

Software Description:
- nano: GNU nano editor

Details:

Michał Majchrowicz and Marcin Wyczechowski discovered that Nano created
the ~/.local directory with incorrect permissions. In environments with
permissive umask settings, a local attacker could possibly use this
issue to inject a malicious launcher file, resulting in information
disclosure or other unintended actions. (CVE-2026-6842)

Michał Majchrowicz and Marcin Wyczechowski discovered that Nano
incorrectly handled directory names when updating the status line. A
local attacker could possibly use this issue to cause Nano to crash,
resulting in a denial of service. This issue only affected Ubuntu 22.04
LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS.
(CVE-2026-6843)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
nano 8.7.1-1ubuntu0.1
nano-tiny 8.7.1-1ubuntu0.1

Ubuntu 25.10
nano 8.4-1ubuntu0.1
nano-tiny 8.4-1ubuntu0.1

Ubuntu 24.04 LTS
nano 7.2-2ubuntu0.2
nano-tiny 7.2-2ubuntu0.2

Ubuntu 22.04 LTS
nano 6.2-1ubuntu0.2
nano-tiny 6.2-1ubuntu0.2

Ubuntu 20.04 LTS
nano 4.8-1ubuntu1.1+esm1
Available with Ubuntu Pro
nano-tiny 4.8-1ubuntu1.1+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
nano 2.9.3-2ubuntu0.1~esm2
Available with Ubuntu Pro
nano-tiny 2.9.3-2ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8386-1
CVE-2026-6842, CVE-2026-6843

Package Information:
https://launchpad.net/ubuntu/+source/nano/8.7.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/nano/8.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/nano/7.2-2ubuntu0.2
https://launchpad.net/ubuntu/+source/nano/6.2-1ubuntu0.2



[USN-8393-1] Linux kernel (Azure FIPS) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8393-1
June 04, 2026

linux-azure-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS

Details:

It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)

It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000)

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503,
CVE-2026-46300)

Qualys discovered that a race condition existed in the ptrace subsystem of
the Linux kernel when privileged processes are exiting. An unprivileged
local attacker could use this issue to expose sensitive information.
(CVE-2026-46333)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contain a memory leak when handling AppArmor notifications. A local
attacker could use this to cause resource exhaustion. (CVE-2026-47326)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contain a NULL pointer dereference when handling AppArmor notifications. A
local attacker could use this to cause a kernel oops. (CVE-2026-47327)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained an invalid free when handling AppArmor notifications. A local
attacker could use this to corrupt kernel memory. (CVE-2026-47328)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained insufficient validation of AppArmor notification responses. A
local attacker could use this to allow crafted responses to be processed.
(CVE-2026-47329)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 used
an uninitialized variable when handling AppArmor notifications. A local
attacker could use this to cause incorrect caching of data.
(CVE-2026-47330)

Tristan Madani discovered that Ubuntu Linux kernel 6.8 contained a use-
after-free (UAF) bug. A local attacker could use this to cause memory
corruption and, theoretically, arbitrary code execution. (CVE-2026-47331)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained an out-of-bounds (OOB) read when handling AppArmor notifications.
A local attacker could use this to cause information disclosure of kernel
memory. (CVE-2026-47332)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained a out-of-bounds (OOB) read when handling AppArmor notifications.
A local attacker could use this to cause kernel memory corruption and,
theoretically, influence processing of AppArmor policies. (CVE-2026-47333)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained incorrect holding of locks when handling AppArmor notifications.
A local attacker could use this to cause a kernel panic or deadlock.
(CVE-2026-47334)

Tristan Madani discovered that Ubuntu Linux kernel 6.8 contained a NULL
pointer dereference when handling AppArmor notifications. A local attacker
could use this to cause a kernel panic. (CVE-2026-47335)

Tristan Madani discovered that Ubuntu Linux kernel 6.8 used an
uninitialized variable when handling AppArmor AF_INET/AF_INET6 socket
mediation. A local attacker could use this to influence processing of fine-
grained network socket mediation. (CVE-2026-47336)

Tristan Madani and Trevor Lawrence have each independently discovered that
Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a NULL pointer dereference
when handling AppArmor network socket mediation. A local attacker could use
this to cause a kernel oops. (CVE-2026-47337)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Cryptographic API;
- Compute Acceleration Framework;
- Drivers core;
- Null block device driver;
- Ublk userspace block driver;
- Bluetooth drivers;
- Counter interface drivers;
- DMA engine subsystem;
- DPLL subsystem;
- GPU drivers;
- HID subsystem;
- Intel Trace Hub HW tracing drivers;
- IIO ADC drivers;
- IIO subsystem;
- On-Chip Interconnect management framework;
- IRQ chip drivers;
- Modular ISDN driver;
- LED subsystem;
- Multiple devices driver;
- UACCE accelerator framework;
- MMC subsystem;
- Ethernet bonding driver;
- Network drivers;
- Mellanox network drivers;
- NVME drivers;
- PHY drivers;
- x86 platform drivers;
- i.MX PM domains;
- SCSI subsystem;
- SLIMbus drivers;
- SPI subsystem;
- TCM subsystem;
- W1 Dallas's 1-wire bus driver;
- Xen hypervisor drivers;
- BTRFS file system;
- EFI Variable file system;
- exFAT file system;
- Ext4 file system;
- HFS+ file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Scheduler infrastructure;
- Netfilter;
- NFC subsystem;
- Tracing infrastructure;
- io_uring subsystem;
- BPF subsystem;
- Perf events;
- Floating proportions library;
- Memory management;
- Bluetooth subsystem;
- CAN network layer;
- Ceph Core library;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- L2TP protocol;
- MAC80211 subsystem;
- NET/ROM layer;
- Packet sockets;
- RDS protocol;
- RxRPC session sockets;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- Unix domain sockets;
- VMware vSockets driver;
- Wireless networking;
- ALSA AC97 driver;
- Generic PCM loopback sound driver;
- Creative Sound Blaster X-Fi driver;
- AMD SoC Alsa drivers;
- Texas InstrumentS Audio (ASoC/HDA) drivers;
- USB sound devices;
- KVM subsystem;
(CVE-2024-50004, CVE-2024-58096, CVE-2024-58097, CVE-2025-37926,
CVE-2025-38201, CVE-2025-38591, CVE-2025-40039, CVE-2025-40082,
CVE-2025-40149, CVE-2025-68351, CVE-2025-68358, CVE-2025-68365,
CVE-2025-68725, CVE-2025-68749, CVE-2025-68803, CVE-2025-68823,
CVE-2025-71160, CVE-2025-71162, CVE-2025-71163, CVE-2025-71180,
CVE-2025-71182, CVE-2025-71183, CVE-2025-71184, CVE-2025-71185,
CVE-2025-71186, CVE-2025-71188, CVE-2025-71189, CVE-2025-71190,
CVE-2025-71191, CVE-2025-71192, CVE-2025-71193, CVE-2025-71194,
CVE-2025-71195, CVE-2025-71196, CVE-2025-71197, CVE-2025-71198,
CVE-2025-71199, CVE-2025-71200, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2025-71225, CVE-2025-71268, CVE-2026-22976,
CVE-2026-22977, CVE-2026-22978, CVE-2026-22979, CVE-2026-22980,
CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991,
CVE-2026-22992, CVE-2026-22994, CVE-2026-22996, CVE-2026-22997,
CVE-2026-22998, CVE-2026-22999, CVE-2026-23000, CVE-2026-23001,
CVE-2026-23003, CVE-2026-23005, CVE-2026-23006, CVE-2026-23010,
CVE-2026-23011, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021,
CVE-2026-23025, CVE-2026-23026, CVE-2026-23030, CVE-2026-23031,
CVE-2026-23032, CVE-2026-23033, CVE-2026-23035, CVE-2026-23037,
CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23050,
CVE-2026-23053, CVE-2026-23054, CVE-2026-23056, CVE-2026-23057,
CVE-2026-23058, CVE-2026-23059, CVE-2026-23061, CVE-2026-23062,
CVE-2026-23063, CVE-2026-23064, CVE-2026-23065, CVE-2026-23068,
CVE-2026-23069, CVE-2026-23071, CVE-2026-23073, CVE-2026-23075,
CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083,
CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23087,
CVE-2026-23088, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091,
CVE-2026-23093, CVE-2026-23094, CVE-2026-23095, CVE-2026-23096,
CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101,
CVE-2026-23102, CVE-2026-23103, CVE-2026-23105, CVE-2026-23107,
CVE-2026-23108, CVE-2026-23110, CVE-2026-23113, CVE-2026-23116,
CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23123,
CVE-2026-23124, CVE-2026-23125, CVE-2026-23126, CVE-2026-23128,
CVE-2026-23129, CVE-2026-23131, CVE-2026-23133, CVE-2026-23135,
CVE-2026-23136, CVE-2026-23139, CVE-2026-23140, CVE-2026-23141,
CVE-2026-23142, CVE-2026-23144, CVE-2026-23145, CVE-2026-23146,
CVE-2026-23148, CVE-2026-23150, CVE-2026-23151, CVE-2026-23156,
CVE-2026-23159, CVE-2026-23160, CVE-2026-23163, CVE-2026-23164,
CVE-2026-23166, CVE-2026-23167, CVE-2026-23168, CVE-2026-23170,
CVE-2026-23172, CVE-2026-23173, CVE-2026-23176, CVE-2026-23178,
CVE-2026-23179, CVE-2026-23180, CVE-2026-23182, CVE-2026-23187,
CVE-2026-23190, CVE-2026-23191, CVE-2026-23193, CVE-2026-23198,
CVE-2026-23200, CVE-2026-23202, CVE-2026-23204, CVE-2026-23205,
CVE-2026-23206, CVE-2026-23212, CVE-2026-23213, CVE-2026-23214,
CVE-2026-23215, CVE-2026-23216, CVE-2026-23254, CVE-2026-23256,
CVE-2026-23257, CVE-2026-23258, CVE-2026-23260, CVE-2026-23261,
CVE-2026-23262, CVE-2026-23264, CVE-2026-23274, CVE-2026-23351,
CVE-2026-23394, CVE-2026-31419, CVE-2026-31504, CVE-2026-31533,
CVE-2026-31676, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078,
CVE-2026-43494, CVE-2026-46028)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1059-azure-fips 6.8.0-1059.65+fips1
Available with Ubuntu Pro
linux-image-azure-fips 6.8.0-1059.65+fips1
Available with Ubuntu Pro
linux-image-azure-fips-6.8 6.8.0-1059.65+fips1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8393-1
CVE-2024-50004, CVE-2024-58096, CVE-2024-58097, CVE-2025-37926,
CVE-2025-38201, CVE-2025-38591, CVE-2025-40039, CVE-2025-40082,
CVE-2025-40149, CVE-2025-68351, CVE-2025-68358, CVE-2025-68365,
CVE-2025-68725, CVE-2025-68749, CVE-2025-68803, CVE-2025-68823,
CVE-2025-71160, CVE-2025-71162, CVE-2025-71163, CVE-2025-71180,
CVE-2025-71182, CVE-2025-71183, CVE-2025-71184, CVE-2025-71185,
CVE-2025-71186, CVE-2025-71188, CVE-2025-71189, CVE-2025-71190,
CVE-2025-71191, CVE-2025-71192, CVE-2025-71193, CVE-2025-71194,
CVE-2025-71195, CVE-2025-71196, CVE-2025-71197, CVE-2025-71198,
CVE-2025-71199, CVE-2025-71200, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2025-71225, CVE-2025-71268, CVE-2026-22976,
CVE-2026-22977, CVE-2026-22978, CVE-2026-22979, CVE-2026-22980,
CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991,
CVE-2026-22992, CVE-2026-22994, CVE-2026-22996, CVE-2026-22997,
CVE-2026-22998, CVE-2026-22999, CVE-2026-23000, CVE-2026-23001,
CVE-2026-23003, CVE-2026-23005, CVE-2026-23006, CVE-2026-23010,
CVE-2026-23011, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021,
CVE-2026-23025, CVE-2026-23026, CVE-2026-23030, CVE-2026-23031,
CVE-2026-23032, CVE-2026-23033, CVE-2026-23035, CVE-2026-23037,
CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23050,
CVE-2026-23053, CVE-2026-23054, CVE-2026-23056, CVE-2026-23057,
CVE-2026-23058, CVE-2026-23059, CVE-2026-23061, CVE-2026-23062,
CVE-2026-23063, CVE-2026-23064, CVE-2026-23065, CVE-2026-23068,
CVE-2026-23069, CVE-2026-23071, CVE-2026-23073, CVE-2026-23075,
CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083,
CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23087,
CVE-2026-23088, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091,
CVE-2026-23093, CVE-2026-23094, CVE-2026-23095, CVE-2026-23096,
CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101,
CVE-2026-23102, CVE-2026-23103, CVE-2026-23105, CVE-2026-23107,
CVE-2026-23108, CVE-2026-23110, CVE-2026-23113, CVE-2026-23116,
CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23123,
CVE-2026-23124, CVE-2026-23125, CVE-2026-23126, CVE-2026-23128,
CVE-2026-23129, CVE-2026-23131, CVE-2026-23133, CVE-2026-23135,
CVE-2026-23136, CVE-2026-23139, CVE-2026-23140, CVE-2026-23141,
CVE-2026-23142, CVE-2026-23144, CVE-2026-23145, CVE-2026-23146,
CVE-2026-23148, CVE-2026-23150, CVE-2026-23151, CVE-2026-23156,
CVE-2026-23159, CVE-2026-23160, CVE-2026-23163, CVE-2026-23164,
CVE-2026-23166, CVE-2026-23167, CVE-2026-23168, CVE-2026-23170,
CVE-2026-23172, CVE-2026-23173, CVE-2026-23176, CVE-2026-23178,
CVE-2026-23179, CVE-2026-23180, CVE-2026-23182, CVE-2026-23187,
CVE-2026-23190, CVE-2026-23191, CVE-2026-23193, CVE-2026-23198,
CVE-2026-23200, CVE-2026-23202, CVE-2026-23204, CVE-2026-23205,
CVE-2026-23206, CVE-2026-23212, CVE-2026-23213, CVE-2026-23214,
CVE-2026-23215, CVE-2026-23216, CVE-2026-23254, CVE-2026-23256,
CVE-2026-23257, CVE-2026-23258, CVE-2026-23260, CVE-2026-23261,
CVE-2026-23262, CVE-2026-23264, CVE-2026-23274, CVE-2026-23351,
CVE-2026-23394, CVE-2026-31419, CVE-2026-31431, CVE-2026-31504,
CVE-2026-31533, CVE-2026-31676, CVE-2026-43033, CVE-2026-43077,
CVE-2026-43078, CVE-2026-43284, CVE-2026-43494, CVE-2026-43500,
CVE-2026-43503, CVE-2026-45998, CVE-2026-46000, CVE-2026-46028,
CVE-2026-46300, CVE-2026-46333, CVE-2026-47326, CVE-2026-47327,
CVE-2026-47328, CVE-2026-47329, CVE-2026-47330, CVE-2026-47331,
CVE-2026-47332, CVE-2026-47333, CVE-2026-47334, CVE-2026-47335,
CVE-2026-47336, CVE-2026-47337

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-fips/6.8.0-1059.65+fips1



[USN-8361-2] Linux kernel (FIPS) vulnerability


==========================================================================
Ubuntu Security Notice USN-8361-2
June 04, 2026

linux-fips vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

The system could be compromised under certain conditions.

Software Description:
- linux-fips: Linux kernel with FIPS

Details:

A security issue was discovered in the Linux kernel.
An attacker could possibly use this to compromise the system.
This update corrects flaws in the following subsystem:
- Packet sockets;
(CVE-2026-31504)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
linux-image-4.4.0-1125-fips 4.4.0-1125.132
Available with Ubuntu Pro
linux-image-fips 4.4.0.1125.127
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8361-2
https://ubuntu.com/security/notices/USN-8361-1
CVE-2026-31504

Package Information:
https://launchpad.net/ubuntu/+source/linux-fips/4.4.0-1125.132



[USN-8388-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8388-1
June 04, 2026

linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-fips, linux-gcp,
linux-gcp-5.15, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15,
linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg,
linux-kvm, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15,
linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux-realtime
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-intel-iot-realtime: Linux kernel for Intel IoT Real-time platforms
- linux-intel-iotg: Linux kernel for Intel IoT platforms
- linux-kvm: Linux kernel for cloud environments
- linux-nvidia: Linux kernel for NVIDIA systems
- linux-nvidia-tegra: Linux kernel for NVIDIA Tegra systems
- linux-nvidia-tegra-igx: Linux kernel for NVIDIA Tegra IGX systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-realtime: Linux kernel for Real-time systems
- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.15: Linux hardware enablement (HWE) kernel
- linux-ibm-5.15: Linux kernel for IBM cloud systems
- linux-nvidia-tegra-5.15: Linux kernel for NVIDIA Tegra systems

Details:

It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503,
CVE-2026-46300)

Qualys discovered that a race condition existed in the ptrace subsystem of
the Linux kernel when privileged processes are exiting. An unprivileged
local attacker could use this issue to expose sensitive information.
(CVE-2026-46333)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- RDS protocol;
(CVE-2026-43494)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1050-nvidia-tegra-igx 5.15.0-1050.50
linux-image-5.15.0-1050-nvidia-tegra-igx-rt 5.15.0-1050.50
linux-image-5.15.0-1061-nvidia-tegra 5.15.0-1061.61
linux-image-5.15.0-1061-nvidia-tegra-rt 5.15.0-1061.61
linux-image-5.15.0-1092-gkeop 5.15.0-1092.100
linux-image-5.15.0-1101-intel-iot-realtime 5.15.0-1101.103
Available with Ubuntu Pro
linux-image-5.15.0-1101-kvm 5.15.0-1101.106
linux-image-5.15.0-1103-ibm 5.15.0-1103.106
linux-image-5.15.0-1103-raspi 5.15.0-1103.106
linux-image-5.15.0-1104-intel-iotg 5.15.0-1104.110
linux-image-5.15.0-1104-nvidia 5.15.0-1104.105
linux-image-5.15.0-1104-nvidia-lowlatency 5.15.0-1104.105
linux-image-5.15.0-1105-gke 5.15.0-1105.111
linux-image-5.15.0-1106-oracle 5.15.0-1106.112
linux-image-5.15.0-1108-realtime 5.15.0-1108.117
Available with Ubuntu Pro
linux-image-5.15.0-1109-aws 5.15.0-1109.116
linux-image-5.15.0-1109-aws-64k 5.15.0-1109.116
linux-image-5.15.0-1109-aws-fips 5.15.0-1109.116+fips1
Available with Ubuntu Pro
linux-image-5.15.0-1109-gcp 5.15.0-1109.118
linux-image-5.15.0-1109-gcp-fips 5.15.0-1109.118+fips1
Available with Ubuntu Pro
linux-image-5.15.0-181-fips 5.15.0-181.191+fips1
Available with Ubuntu Pro
linux-image-5.15.0-181-generic 5.15.0-181.191
linux-image-5.15.0-181-generic-64k 5.15.0-181.191
linux-image-5.15.0-181-generic-lpae 5.15.0-181.191
linux-image-aws-5.15 5.15.0.1109.112
linux-image-aws-64k-5.15 5.15.0.1109.112
linux-image-aws-64k-lts-22.04 5.15.0.1109.112
linux-image-aws-fips 5.15.0.1109.105
Available with Ubuntu Pro
linux-image-aws-fips-5.15 5.15.0.1109.105
Available with Ubuntu Pro
linux-image-aws-lts-22.04 5.15.0.1109.112
linux-image-fips 5.15.0.181.106
Available with Ubuntu Pro
linux-image-fips-5.15 5.15.0.181.106
Available with Ubuntu Pro
linux-image-gcp-5.15 5.15.0.1109.105
linux-image-gcp-fips 5.15.0.1109.99
Available with Ubuntu Pro
linux-image-gcp-fips-5.15 5.15.0.1109.99
Available with Ubuntu Pro
linux-image-gcp-lts-22.04 5.15.0.1109.105
linux-image-generic 5.15.0.181.164
linux-image-generic-5.15 5.15.0.181.164
linux-image-generic-64k 5.15.0.181.164
linux-image-generic-64k-5.15 5.15.0.181.164
linux-image-generic-lpae 5.15.0.181.164
linux-image-generic-lpae-5.15 5.15.0.181.164
linux-image-gke 5.15.0.1105.104
linux-image-gke-5.15 5.15.0.1105.104
linux-image-gkeop 5.15.0.1092.91
linux-image-gkeop-5.15 5.15.0.1092.91
linux-image-ibm 5.15.0.1103.99
linux-image-ibm-5.15 5.15.0.1103.99
linux-image-intel-iot-realtime 5.15.0.1101.105
Available with Ubuntu Pro
linux-image-intel-iot-realtime-5.15 5.15.0.1101.105
Available with Ubuntu Pro
linux-image-intel-iotg 5.15.0.1104.103
linux-image-intel-iotg-5.15 5.15.0.1104.103
linux-image-kvm 5.15.0.1101.97
linux-image-kvm-5.15 5.15.0.1101.97
linux-image-nvidia 5.15.0.1104.104
linux-image-nvidia-5.15 5.15.0.1104.104
linux-image-nvidia-lowlatency 5.15.0.1104.104
linux-image-nvidia-lowlatency-5.15 5.15.0.1104.104
linux-image-nvidia-tegra 5.15.0.1061.61
linux-image-nvidia-tegra-5.15 5.15.0.1061.61
linux-image-nvidia-tegra-igx 5.15.0.1050.52
linux-image-nvidia-tegra-igx-5.15 5.15.0.1050.52
linux-image-nvidia-tegra-igx-rt 5.15.0.1050.52
linux-image-nvidia-tegra-igx-rt-5.15 5.15.0.1050.52
linux-image-nvidia-tegra-rt 5.15.0.1061.61
linux-image-nvidia-tegra-rt-5.15 5.15.0.1061.61
linux-image-oem-20.04 5.15.0.181.164
linux-image-oracle-5.15 5.15.0.1106.102
linux-image-oracle-lts-22.04 5.15.0.1106.102
linux-image-raspi 5.15.0.1103.101
linux-image-raspi-5.15 5.15.0.1103.101
linux-image-raspi-nolpae 5.15.0.1103.101
linux-image-realtime 5.15.0.1108.112
Available with Ubuntu Pro
linux-image-realtime-5.15 5.15.0.1108.112
Available with Ubuntu Pro
linux-image-virtual 5.15.0.181.164
linux-image-virtual-5.15 5.15.0.181.164

Ubuntu 20.04 LTS
linux-image-5.15.0-1061-nvidia-tegra 5.15.0-1061.61~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1061-nvidia-tegra-rt 5.15.0-1061.61~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1103-ibm 5.15.0-1103.106~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1109-aws 5.15.0-1109.116~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1109-gcp 5.15.0-1109.118~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-181-generic 5.15.0-181.191~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-181-generic-64k 5.15.0-181.191~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-181-generic-lpae 5.15.0-181.191~20.04.1
Available with Ubuntu Pro
linux-image-aws 5.15.0.1109.116~20.04.1
Available with Ubuntu Pro
linux-image-aws-5.15 5.15.0.1109.116~20.04.1
Available with Ubuntu Pro
linux-image-gcp 5.15.0.1109.118~20.04.1
Available with Ubuntu Pro
linux-image-gcp-5.15 5.15.0.1109.118~20.04.1
Available with Ubuntu Pro
linux-image-generic-5.15 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-generic-64k-5.15 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-generic-64k-hwe-20.04 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-20.04 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-generic-lpae-5.15 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-generic-lpae-hwe-20.04 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-ibm 5.15.0.1103.106~20.04.1
Available with Ubuntu Pro
linux-image-ibm-5.15 5.15.0.1103.106~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra 5.15.0.1061.61~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra-5.15 5.15.0.1061.61~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra-rt 5.15.0.1061.61~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra-rt-5.15 5.15.0.1061.61~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04b 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04c 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04d 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-virtual-5.15 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-20.04 5.15.0.181.191~20.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8388-1
CVE-2026-43284, CVE-2026-43494, CVE-2026-43500, CVE-2026-43503,
CVE-2026-46300, CVE-2026-46333

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.15.0-181.191
https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1109.116
https://launchpad.net/ubuntu/+source/linux-aws-fips/5.15.0-1109.116+fips1
https://launchpad.net/ubuntu/+source/linux-fips/5.15.0-181.191+fips1
https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1109.118
https://launchpad.net/ubuntu/+source/linux-gcp-fips/5.15.0-1109.118+fips1
https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1105.111
https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1092.100
https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1103.106

https://launchpad.net/ubuntu/+source/linux-intel-iot-realtime/5.15.0-1101.103
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1104.110
https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1101.106
https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1104.105
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra/5.15.0-1061.61
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra-igx/5.15.0-1050.50
https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1106.112
https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1103.106
https://launchpad.net/ubuntu/+source/linux-realtime/5.15.0-1108.117



[USN-8392-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8392-1
June 04, 2026

linux-aws-5.4, linux-hwe-5.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel

Details:

It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)

It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Packet sockets;
- RDS protocol;
- TLS protocol;
(CVE-2026-31504, CVE-2026-31533, CVE-2026-43033, CVE-2026-43077,
CVE-2026-43078, CVE-2026-43494, CVE-2026-46028)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-5.4.0-1160-aws 5.4.0-1160.170~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-231-generic 5.4.0-231.251~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-231-lowlatency 5.4.0-231.251~18.04.1
Available with Ubuntu Pro
linux-image-aws 5.4.0.1160.170~18.04.1
Available with Ubuntu Pro
linux-image-aws-5.4 5.4.0.1160.170~18.04.1
Available with Ubuntu Pro
linux-image-generic-5.4 5.4.0.231.251~18.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-18.04 5.4.0.231.251~18.04.1
Available with Ubuntu Pro
linux-image-lowlatency-5.4 5.4.0.231.251~18.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-18.04 5.4.0.231.251~18.04.1
Available with Ubuntu Pro
linux-image-oem 5.4.0.231.251~18.04.1
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.231.251~18.04.1
Available with Ubuntu Pro
linux-image-snapdragon-5.4 5.4.0.231.251~18.04.1
Available with Ubuntu Pro
linux-image-snapdragon-hwe-18.04 5.4.0.231.251~18.04.1
Available with Ubuntu Pro
linux-image-virtual-5.4 5.4.0.231.251~18.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-18.04 5.4.0.231.251~18.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8392-1
CVE-2026-31431, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033,
CVE-2026-43077, CVE-2026-43078, CVE-2026-43284, CVE-2026-43494,
CVE-2026-43500, CVE-2026-46028



[USN-8391-1] Linux kernel (Raspberry Pi) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8391-1
June 04, 2026

linux-raspi, linux-raspi-5.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)

It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Network drivers;
- NVME drivers;
- IPv4 networking;
- Packet sockets;
- RDS protocol;
- TLS protocol;
(CVE-2024-50304, CVE-2026-23112, CVE-2026-23209, CVE-2026-31504,
CVE-2026-31533, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078,
CVE-2026-43494, CVE-2026-46028)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1143-raspi 5.4.0-1143.156
Available with Ubuntu Pro
linux-image-raspi 5.4.0.1143.174
Available with Ubuntu Pro
linux-image-raspi-5.4 5.4.0.1143.174
Available with Ubuntu Pro
linux-image-raspi2 5.4.0.1143.174
Available with Ubuntu Pro

Ubuntu 18.04 LTS
linux-image-5.4.0-1143-raspi 5.4.0-1143.156~18.04.1
Available with Ubuntu Pro
linux-image-raspi-5.4 5.4.0.1143.156~18.04.1
Available with Ubuntu Pro
linux-image-raspi-hwe-18.04 5.4.0.1143.156~18.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8391-1
CVE-2024-50304, CVE-2026-23112, CVE-2026-23209, CVE-2026-31431,
CVE-2026-31504, CVE-2026-31533, CVE-2026-43033, CVE-2026-43077,
CVE-2026-43078, CVE-2026-43284, CVE-2026-43494, CVE-2026-43500,
CVE-2026-46028



[USN-8390-1] Linux kernel vulnerability


==========================================================================
Ubuntu Security Notice USN-8390-1
June 04, 2026

linux, linux-azure, linux-azure-4.15, linux-azure-fips, linux-fips,
linux-gcp-4.15, linux-gcp-fips, linux-kvm, linux-oracle vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 14.04 LTS

Summary:

The system could be made to run programs as an administrator.

Software Description:
- linux: Linux kernel
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1148-fips 4.15.0-1148.160
Available with Ubuntu Pro
linux-image-4.15.0-1155-oracle 4.15.0-1155.166
Available with Ubuntu Pro
linux-image-4.15.0-1175-kvm 4.15.0-1175.180
Available with Ubuntu Pro
linux-image-4.15.0-1186-gcp 4.15.0-1186.203
Available with Ubuntu Pro
linux-image-4.15.0-1202-azure 4.15.0-1202.217
Available with Ubuntu Pro
linux-image-4.15.0-2094-gcp-fips 4.15.0-2094.100
Available with Ubuntu Pro
linux-image-4.15.0-2111-azure-fips 4.15.0-2111.117
Available with Ubuntu Pro
linux-image-4.15.0-251-generic 4.15.0-251.263
Available with Ubuntu Pro
linux-image-4.15.0-251-lowlatency 4.15.0-251.263
Available with Ubuntu Pro
linux-image-azure-4.15 4.15.0.1202.170
Available with Ubuntu Pro
linux-image-azure-fips 4.15.0.2111.107
Available with Ubuntu Pro
linux-image-azure-fips-4.15 4.15.0.2111.107
Available with Ubuntu Pro
linux-image-azure-lts-18.04 4.15.0.1202.170
Available with Ubuntu Pro
linux-image-fips 4.15.0.1148.145
Available with Ubuntu Pro
linux-image-gcp-4.15 4.15.0.1186.199
Available with Ubuntu Pro
linux-image-gcp-fips 4.15.0.2094.92
Available with Ubuntu Pro
linux-image-gcp-fips-4.15 4.15.0.2094.92
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1186.199
Available with Ubuntu Pro
linux-image-generic 4.15.0.251.235
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1175.166
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.251.235
Available with Ubuntu Pro
linux-image-oracle-4.15 4.15.0.1155.160
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1155.160
Available with Ubuntu Pro
linux-image-virtual 4.15.0.251.235
Available with Ubuntu Pro

Ubuntu 14.04 LTS
linux-image-4.15.0-1202-azure 4.15.0-1202.217~14.04.1
Available with Ubuntu Pro
linux-image-azure 4.15.0.1202.217~14.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8390-1
CVE-2026-43284



[USN-8389-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8389-1
June 04, 2026

linux, linux-aws, linux-aws-fips, linux-azure, linux-azure-5.4,
linux-azure-fips, linux-bluefield, linux-fips, linux-gcp, linux-gcp-5.4,
linux-gcp-fips, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4,
linux-xilinx-zynqmp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-fips: Linux kernel with FIPS
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS
- linux-iot: Linux kernel for IoT platforms
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems

Details:

It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- RDS protocol;
(CVE-2026-43494)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1064-iot 5.4.0-1064.67
Available with Ubuntu Pro
linux-image-5.4.0-1078-xilinx-zynqmp 5.4.0-1078.82
Available with Ubuntu Pro
linux-image-5.4.0-1119-bluefield 5.4.0-1119.126
Available with Ubuntu Pro
linux-image-5.4.0-1134-fips 5.4.0-1134.144
Available with Ubuntu Pro
linux-image-5.4.0-1147-kvm 5.4.0-1147.156
Available with Ubuntu Pro
linux-image-5.4.0-1158-oracle 5.4.0-1158.168
Available with Ubuntu Pro
linux-image-5.4.0-1160-aws 5.4.0-1160.170
Available with Ubuntu Pro
linux-image-5.4.0-1160-aws-fips 5.4.0-1160.170+fips1
Available with Ubuntu Pro
linux-image-5.4.0-1163-gcp 5.4.0-1163.172
Available with Ubuntu Pro
linux-image-5.4.0-1163-gcp-fips 5.4.0-1163.172+fips1
Available with Ubuntu Pro
linux-image-5.4.0-1164-azure 5.4.0-1164.170
Available with Ubuntu Pro
linux-image-5.4.0-1164-azure-fips 5.4.0-1164.170+fips1
Available with Ubuntu Pro
linux-image-5.4.0-231-generic 5.4.0-231.251
Available with Ubuntu Pro
linux-image-5.4.0-231-generic-lpae 5.4.0-231.251
Available with Ubuntu Pro
linux-image-5.4.0-231-lowlatency 5.4.0-231.251
Available with Ubuntu Pro
linux-image-aws-5.4 5.4.0.1160.157
Available with Ubuntu Pro
linux-image-aws-fips 5.4.0.1160.107
Available with Ubuntu Pro
linux-image-aws-fips-5.4 5.4.0.1160.107
Available with Ubuntu Pro
linux-image-aws-lts-20.04 5.4.0.1160.157
Available with Ubuntu Pro
linux-image-azure-5.4 5.4.0.1164.156
Available with Ubuntu Pro
linux-image-azure-fips 5.4.0.1164.100
Available with Ubuntu Pro
linux-image-azure-fips-5.4 5.4.0.1164.100
Available with Ubuntu Pro
linux-image-azure-lts-20.04 5.4.0.1164.156
Available with Ubuntu Pro
linux-image-bluefield 5.4.0.1119.115
Available with Ubuntu Pro
linux-image-bluefield-5.4 5.4.0.1119.115
Available with Ubuntu Pro
linux-image-fips 5.4.0.1134.131
Available with Ubuntu Pro
linux-image-fips-5.4 5.4.0.1134.131
Available with Ubuntu Pro
linux-image-gcp-5.4 5.4.0.1163.165
Available with Ubuntu Pro
linux-image-gcp-fips 5.4.0.1163.105
Available with Ubuntu Pro
linux-image-gcp-fips-5.4 5.4.0.1163.105
Available with Ubuntu Pro
linux-image-gcp-lts-20.04 5.4.0.1163.165
Available with Ubuntu Pro
linux-image-generic 5.4.0.231.223
Available with Ubuntu Pro
linux-image-generic-5.4 5.4.0.231.223
Available with Ubuntu Pro
linux-image-generic-lpae 5.4.0.231.223
Available with Ubuntu Pro
linux-image-generic-lpae-5.4 5.4.0.231.223
Available with Ubuntu Pro
linux-image-kvm 5.4.0.1147.143
Available with Ubuntu Pro
linux-image-kvm-5.4 5.4.0.1147.143
Available with Ubuntu Pro
linux-image-lowlatency 5.4.0.231.223
Available with Ubuntu Pro
linux-image-lowlatency-5.4 5.4.0.231.223
Available with Ubuntu Pro
linux-image-oem 5.4.0.231.223
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.231.223
Available with Ubuntu Pro
linux-image-oracle-5.4 5.4.0.1158.152
Available with Ubuntu Pro
linux-image-oracle-lts-20.04 5.4.0.1158.152
Available with Ubuntu Pro
linux-image-virtual 5.4.0.231.223
Available with Ubuntu Pro
linux-image-virtual-5.4 5.4.0.231.223
Available with Ubuntu Pro
linux-image-xilinx-zynqmp 5.4.0.1078.78
Available with Ubuntu Pro
linux-image-xilinx-zynqmp-5.4 5.4.0.1078.78
Available with Ubuntu Pro

Ubuntu 18.04 LTS
linux-image-5.4.0-1158-oracle 5.4.0-1158.168~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1163-gcp 5.4.0-1163.172~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1164-azure 5.4.0-1164.170~18.04.1
Available with Ubuntu Pro
linux-image-azure 5.4.0.1164.170~18.04.1
Available with Ubuntu Pro
linux-image-azure-5.4 5.4.0.1164.170~18.04.1
Available with Ubuntu Pro
linux-image-gcp 5.4.0.1163.172~18.04.1
Available with Ubuntu Pro
linux-image-gcp-5.4 5.4.0.1163.172~18.04.1
Available with Ubuntu Pro
linux-image-oracle 5.4.0.1158.168~18.04.1
Available with Ubuntu Pro
linux-image-oracle-5.4 5.4.0.1158.168~18.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8389-1
CVE-2026-43284, CVE-2026-43494, CVE-2026-43500


Glibc, Vim, Evince, Python Pillow and Multi Linux Manager updates for SUSE

Transmission, Nextcloud, Samba, and Core Libraries updates for Fedora

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...