Linux Kernel and MySQL updates for Ubuntu

Ubuntu 7109 Published by

Ubuntu released a major security update that addresses numerous vulnerabilities in both the Linux kernel and MySQL database software. The kernel patches resolve serious flaws like Dirty Frag and Fragnesia, which could allow local attackers to escalate privileges or escape container restrictions. Additional fixes target memory leaks, null pointer dereferences, and race conditions within AppArmor notifications alongside several networking subsystems across multiple Ubuntu releases. Rebooting is mandatory after applying these MySQL and kernel upgrades to ensure all protective measures take effect properly.

[USN-8373-1] Linux kernel vulnerabilities
[USN-8370-1] Linux kernel vulnerabilities
[USN-8371-1] Linux kernel vulnerabilities
[USN-8363-1] MySQL vulnerabilities




[USN-8373-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8373-1
June 02, 2026

linux, linux-aws, linux-aws-6.8, linux-aws-fips, linux-azure, linux-fips,
linux-gcp, linux-gcp-6.8, linux-gcp-fips, linux-gke, linux-gkeop,
linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8,
linux-nvidia-lowlatency, linux-nvidia-tegra, linux-oracle,
linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-realtime,
linux-realtime-6.8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-fips: Linux kernel with FIPS
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-nvidia: Linux kernel for NVIDIA systems
- linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems
- linux-nvidia-tegra: Linux kernel for NVIDIA Tegra systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-raspi-realtime: Linux kernel for Raspberry Pi Real-time systems
- linux-realtime: Linux kernel for Real-time systems
- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-6.8: Linux hardware enablement (HWE) kernel
- linux-ibm-6.8: Linux kernel for IBM cloud systems
- linux-nvidia-6.8: Linux kernel for NVIDIA systems
- linux-oracle-6.8: Linux kernel for Oracle Cloud systems
- linux-realtime-6.8: Linux kernel for Real-time systems

Details:

It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000)

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503,
CVE-2026-46300)

Qualys discovered that a race condition existed in the ptrace subsystem of
the Linux kernel when privileged processes are exiting. An unprivileged
local attacker could use this issue to expose sensitive information.
(CVE-2026-46333)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contain a memory leak when handling AppArmor notifications. A local
attacker could use this to cause resource exhaustion. (CVE-2026-47326)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contain a NULL pointer dereference when handling AppArmor notifications. A
local attacker could use this to cause a kernel oops. (CVE-2026-47327)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained an invalid free when handling AppArmor notifications. A local
attacker could use this to corrupt kernel memory. (CVE-2026-47328)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained insufficient validation of AppArmor notification responses. A
local attacker could use this to allow crafted responses to be processed.
(CVE-2026-47329)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 used
an uninitialized variable when handling AppArmor notifications. A local
attacker could use this to cause incorrect caching of data.
(CVE-2026-47330)

Tristan Madani discovered that Ubuntu Linux kernel 6.8 contained a use-
after-free (UAF) bug. A local attacker could use this to cause memory
corruption and, theoretically, arbitrary code execution. (CVE-2026-47331)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained an out-of-bounds (OOB) read when handling AppArmor notifications.
A local attacker could use this to cause information disclosure of kernel
memory. (CVE-2026-47332)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained a out-of-bounds (OOB) read when handling AppArmor notifications.
A local attacker could use this to cause kernel memory corruption and,
theoretically, influence processing of AppArmor policies. (CVE-2026-47333)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained incorrect holding of locks when handling AppArmor notifications.
A local attacker could use this to cause a kernel panic or deadlock.
(CVE-2026-47334)

Tristan Madani discovered that Ubuntu Linux kernel 6.8 contained a NULL
pointer dereference when handling AppArmor notifications. A local attacker
could use this to cause a kernel panic. (CVE-2026-47335)

Tristan Madani discovered that Ubuntu Linux kernel 6.8 used an
uninitialized variable when handling AppArmor AF_INET/AF_INET6 socket
mediation. A local attacker could use this to influence processing of fine-
grained network socket mediation. (CVE-2026-47336)

Tristan Madani and Trevor Lawrence have each independently discovered that
Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a NULL pointer dereference
when handling AppArmor network socket mediation. A local attacker could use
this to cause a kernel oops. (CVE-2026-47337)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- RDS protocol;
- RxRPC session sockets;
(CVE-2026-31676, CVE-2026-43494)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1026-nvidia-tegra 6.8.0-1026.26
linux-image-6.8.0-1026-nvidia-tegra-rt 6.8.0-1026.26
linux-image-6.8.0-1042-gkeop 6.8.0-1042.45
linux-image-6.8.0-1054-oracle 6.8.0-1054.55
linux-image-6.8.0-1054-oracle-64k 6.8.0-1054.55
linux-image-6.8.0-1055-gke 6.8.0-1055.61
linux-image-6.8.0-1055-gke-64k 6.8.0-1055.61
linux-image-6.8.0-1055-nvidia 6.8.0-1055.58
linux-image-6.8.0-1055-nvidia-64k 6.8.0-1055.58
linux-image-6.8.0-1055-nvidia-lowlatency 6.8.0-1055.58.1
linux-image-6.8.0-1055-nvidia-lowlatency-64k 6.8.0-1055.58.1
linux-image-6.8.0-1057-aws 6.8.0-1057.60
linux-image-6.8.0-1057-aws-64k 6.8.0-1057.60
linux-image-6.8.0-1057-aws-fips 6.8.0-1057.60+fips1
Available with Ubuntu Pro
linux-image-6.8.0-1057-ibm 6.8.0-1057.58
linux-image-6.8.0-1057-raspi 6.8.0-1057.61
linux-image-6.8.0-1058-azure 6.8.0-1058.64
linux-image-6.8.0-1060-gcp 6.8.0-1060.63
linux-image-6.8.0-1060-gcp-64k 6.8.0-1060.63
linux-image-6.8.0-1060-gcp-fips 6.8.0-1060.63+fips1
Available with Ubuntu Pro
linux-image-6.8.0-124-fips 6.8.0-124.124+fips1
Available with Ubuntu Pro
linux-image-6.8.0-124-generic 6.8.0-124.124
linux-image-6.8.0-124-generic-64k 6.8.0-124.124
linux-image-6.8.0-2046-raspi-realtime 6.8.0-2046.47
Available with Ubuntu Pro
linux-image-6.8.1-1052-realtime 6.8.1-1052.53
Available with Ubuntu Pro
linux-image-aws-6.8 6.8.0-1057.60
linux-image-aws-64k-6.8 6.8.0-1057.60
linux-image-aws-64k-lts-24.04 6.8.0-1057.60
linux-image-aws-fips 6.8.0-1057.60+fips1
Available with Ubuntu Pro
linux-image-aws-fips-6.8 6.8.0-1057.60+fips1
Available with Ubuntu Pro
linux-image-aws-lts-24.04 6.8.0-1057.60
linux-image-azure-6.8 6.8.0-1058.64
linux-image-azure-lts-24.04 6.8.0-1058.64
linux-image-fips 6.8.0-124.124+fips1
Available with Ubuntu Pro
linux-image-fips-6.8 6.8.0-124.124+fips1
Available with Ubuntu Pro
linux-image-gcp-6.8 6.8.0-1060.63
linux-image-gcp-64k-6.8 6.8.0-1060.63
linux-image-gcp-64k-lts-24.04 6.8.0-1060.63
linux-image-gcp-fips 6.8.0-1060.63+fips1
Available with Ubuntu Pro
linux-image-gcp-fips-6.8 6.8.0-1060.63+fips1
Available with Ubuntu Pro
linux-image-gcp-lts-24.04 6.8.0-1060.63
linux-image-generic 6.8.0-124.124
linux-image-generic-6.8 6.8.0-124.124
linux-image-generic-64k 6.8.0-124.124
linux-image-generic-64k-6.8 6.8.0-124.124
linux-image-generic-lpae 6.8.0-124.124
linux-image-gke 6.8.0-1055.61
linux-image-gke-6.8 6.8.0-1055.61
linux-image-gke-64k 6.8.0-1055.61
linux-image-gke-64k-6.8 6.8.0-1055.61
linux-image-gkeop 6.8.0-1042.45
linux-image-gkeop-6.8 6.8.0-1042.45
linux-image-ibm 6.8.0-1057.58
linux-image-ibm-6.8 6.8.0-1057.58
linux-image-ibm-classic 6.8.0-1057.58
linux-image-ibm-lts-24.04 6.8.0-1057.58
linux-image-intel-iot-realtime 6.8.1-1052.53
Available with Ubuntu Pro
linux-image-intel-iotg 6.8.0-124.124
linux-image-kvm 6.8.0-124.124
linux-image-nvidia 6.8.0-1055.58
linux-image-nvidia-6.8 6.8.0-1055.58
linux-image-nvidia-64k 6.8.0-1055.58
linux-image-nvidia-64k-6.8 6.8.0-1055.58
linux-image-nvidia-lowlatency 6.8.0-1055.58.1
linux-image-nvidia-lowlatency-6.8 6.8.0-1055.58.1
linux-image-nvidia-lowlatency-64k 6.8.0-1055.58.1
linux-image-nvidia-lowlatency-64k-6.8 6.8.0-1055.58.1
linux-image-nvidia-tegra 6.8.0-1026.26
linux-image-nvidia-tegra-6.8 6.8.0-1026.26
linux-image-nvidia-tegra-rt 6.8.0-1026.26
linux-image-nvidia-tegra-rt-6.8 6.8.0-1026.26
linux-image-oracle-6.8 6.8.0-1054.55
linux-image-oracle-64k-6.8 6.8.0-1054.55
linux-image-oracle-64k-lts-24.04 6.8.0-1054.55
linux-image-oracle-lts-24.04 6.8.0-1054.55
linux-image-raspi 6.8.0-1057.61
linux-image-raspi-6.8 6.8.0-1057.61
linux-image-raspi-realtime 6.8.0-2046.47
Available with Ubuntu Pro
linux-image-raspi-realtime-6.8 6.8.0-2046.47
Available with Ubuntu Pro
linux-image-realtime 6.8.1-1052.53
Available with Ubuntu Pro
linux-image-realtime-6.8.1 6.8.1-1052.53
Available with Ubuntu Pro
linux-image-virtual 6.8.0-124.124
linux-image-virtual-6.8 6.8.0-124.124

Ubuntu 22.04 LTS
linux-image-6.8.0-1054-oracle 6.8.0-1054.55~22.04.1
linux-image-6.8.0-1054-oracle-64k 6.8.0-1054.55~22.04.1
linux-image-6.8.0-1055-nvidia 6.8.0-1055.58~22.04.1
linux-image-6.8.0-1055-nvidia-64k 6.8.0-1055.58~22.04.1
linux-image-6.8.0-1057-aws 6.8.0-1057.60~22.04.1
linux-image-6.8.0-1057-aws-64k 6.8.0-1057.60~22.04.1
linux-image-6.8.0-1057-ibm 6.8.0-1057.58~22.04.1
linux-image-6.8.0-1060-gcp 6.8.0-1060.63~22.04.1
linux-image-6.8.0-1060-gcp-64k 6.8.0-1060.63~22.04.1
linux-image-6.8.0-124-generic 6.8.0-124.124~22.04.1
linux-image-6.8.0-124-generic-64k 6.8.0-124.124~22.04.1
linux-image-6.8.1-1052-realtime 6.8.1-1052.53~22.04.1
Available with Ubuntu Pro
linux-image-aws 6.8.0-1057.60~22.04.1
linux-image-aws-6.8 6.8.0-1057.60~22.04.1
linux-image-aws-64k 6.8.0-1057.60~22.04.1
linux-image-aws-64k-6.8 6.8.0-1057.60~22.04.1
linux-image-gcp 6.8.0-1060.63~22.04.1
linux-image-gcp-6.8 6.8.0-1060.63~22.04.1
linux-image-gcp-64k 6.8.0-1060.63~22.04.1
linux-image-gcp-64k-6.8 6.8.0-1060.63~22.04.1
linux-image-generic-6.8 6.8.0-124.124~22.04.1
linux-image-generic-64k-6.8 6.8.0-124.124~22.04.1
linux-image-generic-64k-hwe-22.04 6.8.0-124.124~22.04.1
linux-image-generic-hwe-22.04 6.8.0-124.124~22.04.1
linux-image-ibm-6.8 6.8.0-1057.58~22.04.1
linux-image-nvidia-6.8 6.8.0-1055.58~22.04.1
linux-image-nvidia-64k-6.8 6.8.0-1055.58~22.04.1
linux-image-nvidia-64k-hwe-22.04 6.8.0-1055.58~22.04.1
linux-image-nvidia-hwe-22.04 6.8.0-1055.58~22.04.1
linux-image-oem-22.04 6.8.0-124.124~22.04.1
linux-image-oem-22.04a 6.8.0-124.124~22.04.1
linux-image-oem-22.04b 6.8.0-124.124~22.04.1
linux-image-oem-22.04c 6.8.0-124.124~22.04.1
linux-image-oem-22.04d 6.8.0-124.124~22.04.1
linux-image-oracle 6.8.0-1054.55~22.04.1
linux-image-oracle-6.8 6.8.0-1054.55~22.04.1
linux-image-oracle-64k 6.8.0-1054.55~22.04.1
linux-image-oracle-64k-6.8 6.8.0-1054.55~22.04.1
linux-image-realtime-6.8.1 6.8.1-1052.53~22.04.1
Available with Ubuntu Pro
linux-image-realtime-hwe-22.04 6.8.1-1052.53~22.04.1
Available with Ubuntu Pro
linux-image-virtual-6.8 6.8.0-124.124~22.04.1
linux-image-virtual-hwe-22.04 6.8.0-124.124~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8373-1
CVE-2026-31676, CVE-2026-43284, CVE-2026-43494, CVE-2026-43500,
CVE-2026-43503, CVE-2026-45998, CVE-2026-46000, CVE-2026-46300,
CVE-2026-46333, CVE-2026-47326, CVE-2026-47327, CVE-2026-47328,
CVE-2026-47329, CVE-2026-47330, CVE-2026-47331, CVE-2026-47332,
CVE-2026-47333, CVE-2026-47334, CVE-2026-47335, CVE-2026-47336,
CVE-2026-47337

Package Information:
https://launchpad.net/ubuntu/+source/linux/6.8.0-124.124
https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1057.60
https://launchpad.net/ubuntu/+source/linux-aws-fips/6.8.0-1057.60+fips1
https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1058.64
https://launchpad.net/ubuntu/+source/linux-fips/6.8.0-124.124+fips1
https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1060.63
https://launchpad.net/ubuntu/+source/linux-gcp-fips/6.8.0-1060.63+fips1
https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1055.61
https://launchpad.net/ubuntu/+source/linux-gkeop/6.8.0-1042.45
https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1057.58
https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1055.58
https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1055.58.1
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra/6.8.0-1026.26
https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1054.55
https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1057.61
https://launchpad.net/ubuntu/+source/linux-raspi-realtime/6.8.0-2046.47
https://launchpad.net/ubuntu/+source/linux-realtime/6.8.1-1052.53
https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1057.60~22.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1060.63~22.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-124.124~22.04.1
https://launchpad.net/ubuntu/+source/linux-ibm-6.8/6.8.0-1057.58~22.04.1
https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1055.58~22.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-6.8/6.8.0-1054.55~22.04.1

https://launchpad.net/ubuntu/+source/linux-realtime-6.8/6.8.1-1052.53~22.04.1



[USN-8370-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8370-1
June 02, 2026

linux, linux-aws, linux-gcp, linux-ibm, linux-nvidia, linux-oracle,
linux-raspi, linux-realtime vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-nvidia: Linux kernel for NVIDIA systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-realtime: Linux kernel for Real-time systems

Details:

It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000)

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503,
CVE-2026-46300)

Qualys discovered that a race condition existed in the ptrace subsystem of
the Linux kernel when privileged processes are exiting. An unprivileged
local attacker could use this issue to expose sensitive information.
(CVE-2026-46333)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contain a memory leak when handling AppArmor notifications. A local
attacker could use this to cause resource exhaustion. (CVE-2026-47326)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contain a NULL pointer dereference when handling AppArmor notifications. A
local attacker could use this to cause a kernel oops. (CVE-2026-47327)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained an invalid free when handling AppArmor notifications. A local
attacker could use this to corrupt kernel memory. (CVE-2026-47328)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained insufficient validation of AppArmor notification responses. A
local attacker could use this to allow crafted responses to be processed.
(CVE-2026-47329)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 used
an uninitialized variable when handling AppArmor notifications. A local
attacker could use this to cause incorrect caching of data.
(CVE-2026-47330)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained an out-of-bounds (OOB) read when handling AppArmor notifications.
A local attacker could use this to cause information disclosure of kernel
memory. (CVE-2026-47332)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained a out-of-bounds (OOB) read when handling AppArmor notifications.
A local attacker could use this to cause kernel memory corruption and,
theoretically, influence processing of AppArmor policies. (CVE-2026-47333)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained incorrect holding of locks when handling AppArmor notifications.
A local attacker could use this to cause a kernel panic or deadlock.
(CVE-2026-47334)

Tristan Madani and Trevor Lawrence have each independently discovered that
Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a NULL pointer dereference
when handling AppArmor network socket mediation. A local attacker could use
this to cause a kernel oops. (CVE-2026-47337)

A security issue was discovered in the Linux kernel.
An attacker could possibly use this to compromise the system.
This update corrects flaws in the following subsystem:
- RDS protocol;
(CVE-2026-43494)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
linux-image-7.0.0-1005-gcp 7.0.0-1005.5
linux-image-7.0.0-1005-gcp-64k 7.0.0-1005.5
linux-image-7.0.0-1005-oracle 7.0.0-1005.5
linux-image-7.0.0-1005-oracle-64k 7.0.0-1005.5
linux-image-7.0.0-1006-aws 7.0.0-1006.6
linux-image-7.0.0-1006-aws-64k 7.0.0-1006.6
linux-image-7.0.0-1007-ibm 7.0.0-1007.7
linux-image-7.0.0-1009-nvidia 7.0.0-1009.9
linux-image-7.0.0-1009-nvidia-64k 7.0.0-1009.9
linux-image-7.0.0-1011-raspi 7.0.0-1011.11
linux-image-7.0.0-1011-raspi-realtime 7.0.0-1011.11
linux-image-7.0.0-22-generic 7.0.0-22.22
linux-image-7.0.0-22-generic-64k 7.0.0-22.22
linux-image-7.0.0-22-realtime 7.0.0-22.22.1
linux-image-7.0.0-22-realtime-64k 7.0.0-22.22.1
linux-image-aws 7.0.0-1006.6
linux-image-aws-64k 7.0.0-1006.6
linux-image-aws-64k-7.0 7.0.0-1006.6
linux-image-aws-7.0 7.0.0-1006.6
linux-image-gcp 7.0.0-1005.5
linux-image-gcp-64k 7.0.0-1005.5
linux-image-gcp-64k-7.0 7.0.0-1005.5
linux-image-gcp-7.0 7.0.0-1005.5
linux-image-generic 7.0.0-22.22
linux-image-generic-64k 7.0.0-22.22
linux-image-generic-64k-7.0 7.0.0-22.22
linux-image-generic-64k-hwe-26.04 7.0.0-22.22
linux-image-generic-7.0 7.0.0-22.22
linux-image-generic-hwe-26.04 7.0.0-22.22
linux-image-ibm 7.0.0-1007.7
linux-image-ibm-7.0 7.0.0-1007.7
linux-image-nvidia 7.0.0-1009.9
linux-image-nvidia-64k 7.0.0-1009.9
linux-image-nvidia-64k-7.0 7.0.0-1009.9
linux-image-nvidia-7.0 7.0.0-1009.9
linux-image-oracle 7.0.0-1005.5
linux-image-oracle-64k 7.0.0-1005.5
linux-image-oracle-64k-7.0 7.0.0-1005.5
linux-image-oracle-7.0 7.0.0-1005.5
linux-image-raspi 7.0.0-1011.11
linux-image-raspi-7.0 7.0.0-1011.11
linux-image-raspi-realtime 7.0.0-1011.11
linux-image-raspi-realtime-7.0 7.0.0-1011.11
linux-image-realtime 7.0.0-22.22.1
linux-image-realtime-64k 7.0.0-22.22.1
linux-image-realtime-64k-7.0 7.0.0-22.22.1
linux-image-realtime-64k-hwe-26.04 7.0.0-22.22.1
linux-image-realtime-7.0 7.0.0-22.22.1
linux-image-realtime-hwe-26.04 7.0.0-22.22.1
linux-image-virtual 7.0.0-22.22
linux-image-virtual-7.0 7.0.0-22.22
linux-image-virtual-hwe-26.04 7.0.0-22.22

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8370-1
CVE-2026-43284, CVE-2026-43494, CVE-2026-43500, CVE-2026-43503,
CVE-2026-45998, CVE-2026-46000, CVE-2026-46300, CVE-2026-46333,
CVE-2026-47326, CVE-2026-47327, CVE-2026-47328, CVE-2026-47329,
CVE-2026-47330, CVE-2026-47332, CVE-2026-47333, CVE-2026-47334,
CVE-2026-47337

Package Information:
https://launchpad.net/ubuntu/+source/linux/7.0.0-22.22
https://launchpad.net/ubuntu/+source/linux-aws/7.0.0-1006.6
https://launchpad.net/ubuntu/+source/linux-gcp/7.0.0-1005.5
https://launchpad.net/ubuntu/+source/linux-ibm/7.0.0-1007.7
https://launchpad.net/ubuntu/+source/linux-nvidia/7.0.0-1009.9
https://launchpad.net/ubuntu/+source/linux-oracle/7.0.0-1005.5
https://launchpad.net/ubuntu/+source/linux-raspi/7.0.0-1011.11
https://launchpad.net/ubuntu/+source/linux-realtime/7.0.0-22.22.1



[USN-8371-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8371-1
June 02, 2026

linux, linux-aws, linux-azure, linux-azure-6.17, linux-hwe-6.17,
linux-nvidia-6.17, linux-oem-6.17, linux-oracle, linux-oracle-6.17,
linux-raspi, linux-realtime, linux-realtime-6.17 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-realtime: Linux kernel for Real-time systems
- linux-azure-6.17: Linux kernel for Microsoft Azure cloud systems
- linux-hwe-6.17: Linux hardware enablement (HWE) kernel
- linux-nvidia-6.17: Linux kernel for NVIDIA systems
- linux-oem-6.17: Linux kernel for OEM systems
- linux-oracle-6.17: Linux kernel for Oracle Cloud systems
- linux-realtime-6.17: Linux kernel for Real-time systems

Details:

It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000)

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503,
CVE-2026-46300)

Qualys discovered that a race condition existed in the ptrace subsystem of
the Linux kernel when privileged processes are exiting. An unprivileged
local attacker could use this issue to expose sensitive information.
(CVE-2026-46333)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contain a memory leak when handling AppArmor notifications. A local
attacker could use this to cause resource exhaustion. (CVE-2026-47326)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contain a NULL pointer dereference when handling AppArmor notifications. A
local attacker could use this to cause a kernel oops. (CVE-2026-47327)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained an invalid free when handling AppArmor notifications. A local
attacker could use this to corrupt kernel memory. (CVE-2026-47328)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained insufficient validation of AppArmor notification responses. A
local attacker could use this to allow crafted responses to be processed.
(CVE-2026-47329)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 used
an uninitialized variable when handling AppArmor notifications. A local
attacker could use this to cause incorrect caching of data.
(CVE-2026-47330)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained an out-of-bounds (OOB) read when handling AppArmor notifications.
A local attacker could use this to cause information disclosure of kernel
memory. (CVE-2026-47332)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained a out-of-bounds (OOB) read when handling AppArmor notifications.
A local attacker could use this to cause kernel memory corruption and,
theoretically, influence processing of AppArmor policies. (CVE-2026-47333)

Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained incorrect holding of locks when handling AppArmor notifications.
A local attacker could use this to cause a kernel panic or deadlock.
(CVE-2026-47334)

Tristan Madani and Trevor Lawrence have each independently discovered that
Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a NULL pointer dereference
when handling AppArmor network socket mediation. A local attacker could use
this to cause a kernel oops. (CVE-2026-47337)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- RDS protocol;
- RxRPC session sockets;
(CVE-2026-31676, CVE-2026-43494)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
linux-image-6.17.0-1014-realtime 6.17.0-1014.16
linux-image-6.17.0-1016-oracle 6.17.0-1016.16
linux-image-6.17.0-1016-oracle-64k 6.17.0-1016.16
linux-image-6.17.0-1017-aws 6.17.0-1017.17
linux-image-6.17.0-1017-aws-64k 6.17.0-1017.17
linux-image-6.17.0-1017-azure 6.17.0-1017.17
linux-image-6.17.0-1018-raspi 6.17.0-1018.18
linux-image-6.17.0-35-generic 6.17.0-35.35
linux-image-6.17.0-35-generic-64k 6.17.0-35.35
linux-image-aws 6.17.0-1017.17
linux-image-aws-6.17 6.17.0-1017.17
linux-image-aws-64k 6.17.0-1017.17
linux-image-aws-64k-6.17 6.17.0-1017.17
linux-image-azure 6.17.0-1017.17
linux-image-azure-6.17 6.17.0-1017.17
linux-image-generic 6.17.0-35.35
linux-image-generic-6.17 6.17.0-35.35
linux-image-generic-64k 6.17.0-35.35
linux-image-generic-64k-6.17 6.17.0-35.35
linux-image-oracle 6.17.0-1016.16
linux-image-oracle-6.17 6.17.0-1016.16
linux-image-oracle-64k 6.17.0-1016.16
linux-image-oracle-64k-6.17 6.17.0-1016.16
linux-image-raspi 6.17.0-1018.18
linux-image-raspi-6.17 6.17.0-1018.18
linux-image-realtime 6.17.0-1014.16
linux-image-realtime-6.17 6.17.0-1014.16
linux-image-virtual 6.17.0-35.35
linux-image-virtual-6.17 6.17.0-35.35

Ubuntu 24.04 LTS
linux-image-6.17.0-1014-realtime 6.17.0-1014.16~24.04.1
Available with Ubuntu Pro
linux-image-6.17.0-1016-oracle 6.17.0-1016.16~24.04.1
linux-image-6.17.0-1016-oracle-64k 6.17.0-1016.16~24.04.1
linux-image-6.17.0-1017-azure 6.17.0-1017.17~24.04.1
linux-image-6.17.0-1021-nvidia 6.17.0-1021.21
linux-image-6.17.0-1021-nvidia-64k 6.17.0-1021.21
linux-image-6.17.0-1024-oem 6.17.0-1024.24
linux-image-6.17.0-35-generic 6.17.0-35.35~24.04.1
linux-image-6.17.0-35-generic-64k 6.17.0-35.35~24.04.1
linux-image-azure 6.17.0-1017.17~24.04.1
linux-image-azure-6.17 6.17.0-1017.17~24.04.1
linux-image-generic-6.17 6.17.0-35.35~24.04.1
linux-image-generic-64k-6.17 6.17.0-35.35~24.04.1
linux-image-generic-64k-hwe-24.04 6.17.0-35.35~24.04.1
linux-image-generic-hwe-24.04 6.17.0-35.35~24.04.1
linux-image-nvidia-6.17 6.17.0-1021.21
linux-image-nvidia-64k-6.17 6.17.0-1021.21
linux-image-nvidia-64k-hwe-24.04 6.17.0-1021.21
linux-image-nvidia-hwe-24.04 6.17.0-1021.21
linux-image-oem-24.04 6.17.0-1024.24
linux-image-oem-24.04a 6.17.0-1024.24
linux-image-oem-24.04b 6.17.0-1024.24
linux-image-oem-24.04c 6.17.0-1024.24
linux-image-oem-24.04d 6.17.0-1024.24
linux-image-oem-6.17 6.17.0-1024.24
linux-image-oracle 6.17.0-1016.16~24.04.1
linux-image-oracle-6.17 6.17.0-1016.16~24.04.1
linux-image-oracle-64k 6.17.0-1016.16~24.04.1
linux-image-oracle-64k-6.17 6.17.0-1016.16~24.04.1
linux-image-realtime-6.17 6.17.0-1014.16~24.04.1
Available with Ubuntu Pro
linux-image-realtime-hwe-24.04 6.17.0-1014.16~24.04.1
Available with Ubuntu Pro
linux-image-virtual-6.17 6.17.0-35.35~24.04.1
linux-image-virtual-hwe-24.04 6.17.0-35.35~24.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8371-1
CVE-2026-31676, CVE-2026-43284, CVE-2026-43494, CVE-2026-43500,
CVE-2026-43503, CVE-2026-45998, CVE-2026-46000, CVE-2026-46300,
CVE-2026-46333, CVE-2026-47326, CVE-2026-47327, CVE-2026-47328,
CVE-2026-47329, CVE-2026-47330, CVE-2026-47332, CVE-2026-47333,
CVE-2026-47334, CVE-2026-47337

Package Information:
https://launchpad.net/ubuntu/+source/linux/6.17.0-35.35
https://launchpad.net/ubuntu/+source/linux-aws/6.17.0-1017.17
https://launchpad.net/ubuntu/+source/linux-azure/6.17.0-1017.17
https://launchpad.net/ubuntu/+source/linux-oracle/6.17.0-1016.16
https://launchpad.net/ubuntu/+source/linux-raspi/6.17.0-1018.18
https://launchpad.net/ubuntu/+source/linux-realtime/6.17.0-1014.16
https://launchpad.net/ubuntu/+source/linux-azure-6.17/6.17.0-1017.17~24.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-6.17/6.17.0-35.35~24.04.1
https://launchpad.net/ubuntu/+source/linux-nvidia-6.17/6.17.0-1021.21
https://launchpad.net/ubuntu/+source/linux-oem-6.17/6.17.0-1024.24

https://launchpad.net/ubuntu/+source/linux-oracle-6.17/6.17.0-1016.16~24.04.1

https://launchpad.net/ubuntu/+source/linux-realtime-6.17/6.17.0-1014.16~24.04.1



[USN-8363-1] MySQL vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8363-1
June 02, 2026

mysql-8.0, mysql-8.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-8.4: MySQL database
- mysql-8.0: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.46 in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
Ubuntu 25.10 and Ubuntu 26.04 LTS have been updated to MySQL 8.4.9.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-46.html
https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-9.html
https://www.oracle.com/security-alerts/cpuapr2026.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
mysql-server 8.4.9-0ubuntu0.26.04.1

Ubuntu 25.10
mysql-server 8.4.9-0ubuntu0.25.10.1

Ubuntu 24.04 LTS
mysql-server-8.0 8.0.46-0ubuntu0.24.04.2

Ubuntu 22.04 LTS
mysql-server-8.0 8.0.46-0ubuntu0.22.04.2

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-8363-1
CVE-2026-21998, CVE-2026-22001, CVE-2026-22002, CVE-2026-22004,
CVE-2026-22005, CVE-2026-22009, CVE-2026-22015, CVE-2026-22017,
CVE-2026-34267, CVE-2026-34270, CVE-2026-34271, CVE-2026-34276,
CVE-2026-34278, CVE-2026-34293, CVE-2026-34303, CVE-2026-34304,
CVE-2026-34308, CVE-2026-34317, CVE-2026-34318, CVE-2026-34319,
CVE-2026-35236, CVE-2026-35237, CVE-2026-35238, CVE-2026-35239,
CVE-2026-35240

Package Information:
https://launchpad.net/ubuntu/+source/mysql-8.4/8.4.9-0ubuntu0.26.04.1
https://launchpad.net/ubuntu/+source/mysql-8.4/8.4.9-0ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.46-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.46-0ubuntu0.22.04.2


Hplip, Python-Wsgidav, Xorg-x11-Server, and Roundcubemail updates for Fedora

XZ Utils, Linux Kernel, Dovecot, and Multiple System Packages updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...