USN-8281-1

Details

It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

Cryptographic API;
Packet sockets; (CVE-2026-31504, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078)

Affected Packages

linux

Ubuntu Pro 18.04 LTS

Fixed in:

4.15.0-250.262

linux-aws

Ubuntu Pro 18.04 LTS

Fixed in:

4.15.0-1192.205

linux-gcp-4.15

Ubuntu Pro 18.04 LTS

Fixed in:

4.15.0-1185.202

linux-kvm

Ubuntu Pro 18.04 LTS

Fixed in:

4.15.0-1174.179

linux-oracle

Ubuntu Pro 18.04 LTS

Fixed in:

4.15.0-1154.165

linux-aws-fips

Ubuntu Pro FIPS-updates 18.04 LTS

Fixed in:

4.15.0-2130.136

linux-fips

Ubuntu Pro FIPS-updates 18.04 LTS

Fixed in:

4.15.0-1147.159

linux-gcp-fips

Ubuntu Pro FIPS-updates 18.04 LTS

Fixed in:

4.15.0-2093.99

References

ADVISORY

https://ubuntu.com/security/notices/USN-8281-1