Ubuntu 26.04 High Containerd Denial of Service Issues USN-8472-1

ubuntu

June 25, 2026

Several security issues were fixed in containerd.

Summary

Several security issues were fixed in containerd.

Software Description:

- containerd-app: open and reliable container runtime

Details:

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS

frames. A remote attacker could possibly use this issue to cause containerd

to enter an infinite loop, resulting in a denial of service. (CVE-2026-33814)

Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly

handled group parsing when creating containers from images. An attacker

could possibly use this issue to cause containerd to consume excessive

memory, resulting in a denial of service. (CVE-2026-47262)

Henry Beberman and Robert Prast discovered that containerd incorrectly

validated image references when importing container checkpoints. An

attacker could possibly use this issue to poison the local image cache and

execute arbitrary code in other pods. This issue only affected Ubuntu

22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10 and Ubuntu 26.04 LTS.

(CVE-2026-501...

Read the Full Advisory

Topics Covered

security advisory denial of service Ubuntu patch high containerd

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  containerd                      2.2.2-0ubuntu1.1

Ubuntu 25.10
  containerd                      2.2.1-0ubuntu1~25.10.2

Ubuntu 24.04 LTS
  containerd                      2.2.1-0ubuntu1~24.04.3

Ubuntu 22.04 LTS
  containerd                      2.2.1-0ubuntu1~22.04.2

Ubuntu 20.04 LTS
  containerd                      1.7.24-0ubuntu1~20.04.2+esm2
                                  Available with Ubuntu Pro

After a standard system update you need to restart containerd to make all
the necessary changes.