USN-8280-1

Details

It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

Cryptographic API;
Packet sockets;
TLS protocol; (CVE-2026-31504, CVE-2026-31533, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078)

Affected Packages(14 packages)

linux-gcp-5.4

Ubuntu Pro 18.04 LTS

Fixed in:

5.4.0-1162.171~18.04.1

linux-ibm-5.4

Ubuntu Pro 18.04 LTS

Fixed in:

5.4.0-1105.110~18.04.1

linux-oracle-5.4

Ubuntu Pro 18.04 LTS

Fixed in:

5.4.0-1157.167~18.04.1

linux

Ubuntu Pro 20.04 LTS

Fixed in:

5.4.0-230.250

linux-aws

Ubuntu Pro 20.04 LTS

Fixed in:

5.4.0-1159.169

linux-bluefield

Ubuntu Pro 20.04 LTS

Fixed in:

5.4.0-1118.125

linux-gcp

Ubuntu Pro 20.04 LTS

Fixed in:

5.4.0-1162.171

linux-ibm

Ubuntu Pro 20.04 LTS

Fixed in:

5.4.0-1105.110

linux-kvm

Ubuntu Pro 20.04 LTS

Fixed in:

5.4.0-1146.155

linux-oracle

Ubuntu Pro 20.04 LTS

Fixed in:

5.4.0-1157.167

References

ADVISORY

https://ubuntu.com/security/notices/USN-8280-1