1. Ubuntu Security Notices
  2. USN-8126-1

USN-8126-1: Linux kernel (Azure) vulnerabilities

Publication date

25 March 2026

Overview

Several security issues were fixed in the Linux kernel.

Releases

Packages

Details

Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)

It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive...

Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)

It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive information. (CVE-2024-36350, CVE-2024-36357)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

  • ARM32 architecture;
  • ARM64 architecture;
  • MIPS architecture;
  • Nios II architecture;
  • PA-RISC architecture;
  • PowerPC architecture;
  • RISC-V architecture;
  • S390 architecture;
  • Sun Sparc architecture;
  • User-Mode Linux (UML);
  • x86 architecture;
  • Xtensa architecture;
  • Block layer subsystem;
  • Cryptographic API;
  • Compute Acceleration Framework;
  • ACPI drivers;
  • Serial ATA and Parallel ATA drivers;
  • ATM drivers;
  • Drivers core;
  • ATA over ethernet (AOE) driver;
  • DRBD Distributed Replicated Block Device drivers;
  • Block device driver;
  • Network block device driver;
  • Ublk userspace block driver;
  • Bluetooth drivers;
  • Bus devices;
  • Hardware random number generator core;
  • Character device driver;
  • TPM device driver;
  • Clock framework and drivers;
  • Data acquisition framework and drivers;
  • CPU frequency scaling framework;
  • Hardware crypto device drivers;
  • Device frequency scaling framework;
  • Buffer Sharing and Synchronization framework;
  • DMA engine subsystem;
  • EDAC drivers;
  • Arm Firmware Framework for ARMv8-A(FFA);
  • ARM SCMI message protocol;
  • EFI core;
  • Intel Stratix 10 firmware drivers;
  • FPGA Framework;
  • GPU drivers;
  • HID subsystem;
  • Hardware monitoring drivers;
  • CoreSight HW tracing drivers;
  • I2C subsystem;
  • I3C subsystem;
  • IIO subsystem;
  • InfiniBand drivers;
  • Input Device core drivers;
  • Input Device (Miscellaneous) drivers;
  • Input Device (Tablet) drivers;
  • IOMMU subsystem;
  • IRQ chip drivers;
  • ISDN/mISDN subsystem;
  • Mailbox framework;
  • MCB driver;
  • Multiple devices driver;
  • Media drivers;
  • Multifunction device drivers;
  • Fastrpc Driver;
  • Microchip PCI driver;
  • Intel Management Engine Interface driver;
  • PCI Endpoint Test driver;
  • TI TPS6594 PFSM driver;
  • VMware VMCI Driver;
  • MMC subsystem;
  • MOST (Media Oriented Systems Transport) drivers;
  • MTD block device drivers;
  • Ethernet bonding driver;
  • Network drivers;
  • Mellanox network drivers;
  • STMicroelectronics network drivers;
  • Texas Instruments network drivers;
  • Ethernet team driver;
  • MediaTek network drivers;
  • NVDIMM (Non-Volatile Memory Device) drivers;
  • NVME drivers;
  • PCI subsystem;
  • PCCARD (PCMCIA/CardBus) bus subsystem;
  • Amlogic Meson DDR PMU;
  • Performance monitor drivers;
  • PHY drivers;
  • Pin controllers subsystem;
  • x86 platform drivers;
  • ARM PM domains;
  • Power supply drivers;
  • Powercap sysfs driver;
  • PPS (Pulse Per Second) driver;
  • PTP clock framework;
  • PWM drivers;
  • RapidIO drivers;
  • Voltage and Current Regulator drivers;
  • Remote Processor subsystem;
  • S/390 drivers;
  • SCSI subsystem;
  • ASPEED SoC drivers;
  • QCOM SoC drivers;
  • Samsung SoC drivers;
  • Texas Instruments SoC drivers;
  • SPI subsystem;
  • small TFT LCD display modules;
  • Media staging drivers;
  • TCM subsystem;
  • Trusted Execution Environment drivers;
  • Thunderbolt and USB4 drivers;
  • TTY drivers;
  • UFS subsystem;
  • Userspace I/O drivers;
  • Cadence USB3 driver;
  • ChipIdea USB driver;
  • USB Device Class drivers;
  • USB core drivers;
  • DesignWare USB3 driver;
  • USB Gadget drivers;
  • USB Host Controller drivers;
  • Renesas USBHS Controller drivers;
  • USB Mass Storage drivers;
  • USB Type-C support driver;
  • USB Type-C Connector System Software Interface driver;
  • VFIO drivers;
  • Virtio Host (VHOST) subsystem;
  • Backlight driver;
  • Framebuffer layer;
  • TSM Common Guest driver;
  • Virtio drivers;
  • Xen hypervisor drivers;
  • AFS file system;
  • File systems infrastructure;
  • BTRFS file system;
  • Ceph distributed file system;
  • EFI Variable file system;
  • exFAT file system;
  • Ext4 file system;
  • F2FS file system;
  • FUSE (File system in Userspace);
  • GFS2 file system;
  • HFS file system;
  • HFS+ file system;
  • HugeTLB file system;
  • Journaling layer for block devices (JBD2);
  • JFFS2 file system;
  • JFS file system;
  • KERNFS file system;
  • Network file system (NFS) client;
  • Network file system (NFS) server daemon;
  • NILFS2 file system;
  • File system notification infrastructure;
  • NTFS3 file system;
  • OCFS2 file system;
  • OrangeFS file system;
  • Overlay file system;
  • Proc file system;
  • Diskquota system;
  • SMB network file system;
  • SquashFS file system;
  • UDF file system;
  • XFS file system;
  • DRM display driver;
  • Asynchronous Transfer Mode (ATM) subsystem;
  • BPF subsystem;
  • Memory Management;
  • Internal shared memory driver;
  • LZO compression library;
  • Mellanox drivers;
  • NFS page cache wrapper;
  • padata parallel execution mechanism;
  • Memory management;
  • Networking subsytem;
  • Media input infrastructure;
  • Bluetooth subsystem;
  • IP tunnels definitions;
  • Netfilter;
  • Network traffic control;
  • Rose network layer;
  • SCTP protocol;
  • Network sockets;
  • UDP network protocol;
  • eXpress Data Path;
  • XFRM subsystem;
  • Digital Audio (PCM) driver;
  • Universal MIDI packet (UMP) support module;
  • Tracing infrastructure;
  • User-space API (UAPI);
  • io_uring subsystem;
  • IPC subsystem;
  • Control group (cgroup);
  • Kernel crash support code;
  • Perf events;
  • Kernel exit() syscall;
  • Kernel futex primitives;
  • IRQ subsystem;
  • Padata parallel execution mechanism;
  • Kernel command line parsing driver;
  • PID allocator;
  • Hibernation control;
  • RCU subsystem;
  • Restartable seuqences system call mechanism;
  • Scheduler infrastructure;
  • Syscalls implementation;
  • Timer subsystem;
  • Maple Tree data structure library;
  • KASAN memory debugging framework;
  • 802.1Q VLAN protocol;
  • 9P file system network protocol;
  • Appletalk network protocol;
  • Amateur Radio drivers;
  • B.A.T.M.A.N. meshing protocol;
  • Ethernet bridge;
  • CAN network layer;
  • Ceph Core library;
  • Networking core;
  • Devlink API;
  • Distributed Switch Architecture;
  • HSR network protocol;
  • IPv4 networking;
  • IPv6 networking;
  • MAC80211 subsystem;
  • Management Component Transport Protocol (MCTP);
  • MultiProtocol Label Switching driver;
  • Multipath TCP;
  • NetLabel subsystem;
  • Netlink;
  • NFC subsystem;
  • Open vSwitch;
  • RDS protocol;
  • RF switch subsystem;
  • RxRPC session sockets;
  • SMC sockets;
  • Sun RPC protocol;
  • TIPC protocol;
  • TLS protocol;
  • Unix domain sockets;
  • VMware vSockets driver;
  • Wireless networking;
  • Integrity Measurement Architecture(IMA) framework;
  • ALSA framework;
  • WCD audio codecs;
  • Intel ASoC drivers;
  • MediaTek ASoC drivers;
  • QCOM ASoC drivers;
  • SoC audio core drivers;
  • USB sound devices;
  • Virtio sound driver;
  • CPU Power monitoring subsystem;
  • KVM subsystem

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.04 LTS jammy linux-image-6.8.0-1051-azure –  6.8.0-1051.57~22.04.1
linux-image-azure –  6.8.0-1051.57~22.04.1
linux-image-azure-6.8 –  6.8.0-1051.57~22.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

id="usn"

Have additional questions?

Talk to a member of the team ›