Explore top 10 tips to secure your open-source projects now. Read More
×Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-8297-1 May 22, 2026 linux-gcp-5.15 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems Details: Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU drivers; - HID subsystem; - Intel Trace Hub HW tracing drivers; - IIO ADC drivers; - IRQ chip drivers; - Modular ISDN driver; - LED subsystem; - UACCE accelerator framework; - Ethernet bonding driver; - Network drivers; - STMicroelectronics network drivers; - Ethernet team driver; - NVME drivers; - PHY drivers; - SLIMbus drivers; - W1 Dallas's 1-wire bus driver; - Xen hypervisor drivers; - BTRFS file system; - Ext4 file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - NFC subsystem; - BPFsubsystem; - IRQ subsystem; - Memory management; - Bluetooth subsystem; - CAN network layer; - Networking core; - IPv4 networking; - IPv6 networking; - L2TP protocol; - NET/ROM layer; - Network traffic control; - SCTP protocol; - TLS protocol; - XFRM subsystem; - Creative Sound Blaster X-Fi driver; - USB sound devices; (CVE-2023-53421, CVE-2023-53520, CVE-2023-53662, CVE-2023-54207, CVE-2025-38057, CVE-2025-38125, CVE-2025-38232, CVE-2025-38408, CVE-2025-38591, CVE-2025-40149, CVE-2025-40164, CVE-2025-68211, CVE-2025-68340, CVE-2025-68365, CVE-2025-68725, CVE-2025-68817, CVE-2025-71162, CVE-2025-71163, CVE-2025-71185, CVE-2025-71186, CVE-2025-71188, CVE-2025-71190, CVE-2025-71191, CVE-2025-71194, CVE-2025-71196, CVE-2025-71197, CVE-2025-71199, CVE-2026-22997, CVE-2026-22998, CVE-2026-22999, CVE-2026-23001, CVE-2026-23003, CVE-2026-23011, CVE-2026-23026, CVE-2026-23033, CVE-2026-23037, CVE-2026-23038, CVE-2026-23049, CVE-2026-23056, CVE-2026-23058, CVE-2026-23061, CVE-2026-23063, CVE-2026-23064, CVE-2026-23071, CVE-2026-23073, CVE-2026-23075, CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083, CVE-2026-23084, CVE-2026-23085, CVE-2026-23087, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091, CVE-2026-23093, CVE-2026-23095, CVE-2026-23096, CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101, CVE-2026-23103, CVE-2026-23105, CVE-2026-23108, CVE-2026-23112, CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23124, CVE-2026-23125, CVE-2026-23128, CVE-2026-23133, CVE-2026-23145, CVE-2026-23146, CVE-2026-23150, CVE-2026-23164, CVE-2026-23167, CVE-2026-23170, CVE-2026-23209) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.15.0-1106-gcp 5.15.0-1106.115~20.04.1 Available with Ubuntu Pro linux-image-gcp 5.15.0.1106.115~20.04.1 Available with Ubuntu Pro linux-image-gcp-5.15 5.15.0.1106.115~20.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8297-1 CVE-2023-2640, CVE-2023-32629, CVE-2023-53421, CVE-2023-53520, CVE-2023-53662, CVE-2023-54207, CVE-2025-38057, CVE-2025-38125, CVE-2025-38232, CVE-2025-38408, CVE-2025-38591, CVE-2025-40149, CVE-2025-40164, CVE-2025-68211, CVE-2025-68340, CVE-2025-68365, CVE-2025-68725, CVE-2025-68817, CVE-2025-71162, CVE-2025-71163, CVE-2025-71185, CVE-2025-71186, CVE-2025-71188, CVE-2025-71190, CVE-2025-71191, CVE-2025-71194, CVE-2025-71196, CVE-2025-71197, CVE-2025-71199, CVE-2026-22997, CVE-2026-22998, CVE-2026-22999, CVE-2026-23001, CVE-2026-23003, CVE-2026-23011, CVE-2026-23026, CVE-2026-23033, CVE-2026-23037, CVE-2026-23038, CVE-2026-23049, CVE-2026-23056, CVE-2026-23058, CVE-2026-23061, CVE-2026-23063, CVE-2026-23064, CVE-2026-23071, CVE-2026-23073, CVE-2026-23075, CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083, CVE-2026-23084, CVE-2026-23085, CVE-2026-23087, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091, CVE-2026-23093, CVE-2026-23095, CVE-2026-23096, CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101, CVE-2026-23103, CVE-2026-23105, CVE-2026-23108, CVE-2026-23112, CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23124, CVE-2026-23125, CVE-2026-23128, CVE-2026-23133, CVE-2026-23145, CVE-2026-23146, CVE-2026-23150, CVE-2026-23164, CVE-2026-23167, CVE-2026-23170, CVE-2026-23209 . Fixes for critical security issues in Ubuntu's Linux kernel targeting GCP to prevent potential privilege escalation attacks.. Ubuntu Linux GCP Security kernel Privilege Escalation. . LinuxSecurity.com Team
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-8255-3 May 19, 2026 linux-nvidia-tegra-5.15, linux-raspi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-raspi: Linux kernel for Raspberry Pi systems - linux-nvidia-tegra-5.15: Linux kernel for NVIDIA Tegra systems Details: Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; (CVE-2026-23112, CVE-2026-23273) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS linux-image-5.15.0-1100-raspi 5.15.0-1100.103 linux-image-raspi 5.15.0.1100.98 linux-image-raspi-5.15 5.15.0.1100.98 linux-image-raspi-nolpae 5.15.0.1100.98 Ubuntu 20.04 LTS linux-image-5.15.0-1058-nvidia-tegra 5.15.0-1058.58~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-1058-nvidia-tegra-rt 5.15.0-1058.58~20.04.1 Available with Ubuntu Pro linux-image-nvidia-tegra 5.15.0.1058.58~20.04.1 Available with Ubuntu Pro linux-image-nvidia-tegra-5.15 5.15.0.1058.58~20.04.1 Available with Ubuntu Pro linux-image-nvidia-tegra-rt 5.15.0.1058.58~20.04.1 Available with Ubuntu Pro linux-image-nvidia-tegra-rt-5.15 5.15.0.1058.58~20.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8255-3 https://ubuntu.com/security/notices/USN-8255-2 https://ubuntu.com/security/notices/USN-8255-1 CVE-2023-2640, CVE-2023-32629, CVE-2026-23112, CVE-2026-23273 Package Information: https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1100.103 . Several security issues fixed in Ubuntu kernel, including overlayfs flaws that allow privilege escalation. Updates required.. Linux Kernel Update, Ubuntu Security Update, System Compromise, OverlayFS Issue. . LinuxSecurity.com Team
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-8255-2 May 11, 2026 linux-azure-5.15 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems Details: Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; (CVE-2026-23112, CVE-2026-23273) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.15.0-1111-azure 5.15.0-1111.120~20.04.1 Available with Ubuntu Pro linux-image-azure 5.15.0.1111.120~20.04.1 Available with Ubuntu Pro linux-image-azure-5.15 5.15.0.1111.120~20.04.1 Available with Ubuntu Pro linux-image-azure-cvm 5.15.0.1111.120~20.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to anunavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8255-2 https://ubuntu.com/security/notices/USN-8255-1 CVE-2023-2640, CVE-2023-32629, CVE-2026-23112, CVE-2026-23273 . Several critical security fixes for the Ubuntu 20.04 LTS kernel address local privilege escalation risks.. Ubuntu Linux Kernel Security Update, OverlayFS Privileges, Critical Security Advisories. . LinuxSecurity.com Team
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel-rt security and bug fix update Advisory ID: RHSA-2021:5241-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:5241 Issue date: 2021-12-21 CVE Names: CVE-2021-20321 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64 Red Hat Enterprise Linux for Real Time (v. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename() (CVE-2021-20321) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.5.z1 source tree (BZ#2023988) * [rt] RHEL-8.6: disable KASAN, KCSAN and UBSAN for kernel-rt (BZ#2026384) 4. Solution: For details on how to apply this update, which includes thechanges described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2013242 - CVE-2021-20321 kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename() 6. Package List: Red Hat Enterprise Linux Real Time for NFV (v. 8): Source: kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.src.rpm x86_64: kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-kvm-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-kvm-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm Red Hat Enterprise Linux for Real Time (v.8): Source: kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.src.rpm x86_64: kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm kernel-rt-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-20321 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYcHa0dzjgjWX9erEAQiaqQ//fB2LPmDURdQ6D3GJ5ZOG5XmRHNcpp770 uDHTljggUK4DnM7422e47ysfmfCHILvDQF6HyUgyNUOaYfLu9OcpqFDrdMWHI2q3 TrSp78BiZqZumEJt0s2C4yMBFGiClExTSQLgWN2atS50+R74vnTQyxEoeLc4GB7R kNKk32EZ/okO8Gfmnh4+XAqhtotLNYQPlIdpRfhhEFy7/7PkmbGpMJAIW40ZCRc4 szEGhQ28HN8thbumpPPkajZI+maa13luxVMoRAogQ8Q+A9/rI0Qu9ZMrRMBhgGcn OqH9QfS9xwEN3m26lxPq7lkIvocCOtW5LZOSjR8MiCqyON6r1R+9rgPEOcGvASJP 56Vyg106iStzmm0DhEWXpvwLrmXeyw9FfKqprMmfytboBLwSVYKnqinrSkGH8PRm 7A/YSyOKICUdnRxVdpRjABT5mSTWavdFwyChG9+Elgtfjpmhar+fp3Uxm5kZ68A4 ubrx7XM7RPKwcdvGMQeuld/h4bdlI04iiqrWiVhBJtY6qxBCLib6vzbfacO/GNu1 12Eubuxq3dC9U7P2zhgJ3zqTuFTLSQ1UYJFD/uHYsKnxmjAKPyzXQ7yRFuElprSx fso02oy6UfHQ7zjawjEZJoJ55dxu+iIqAZDE4dlynQQ5sWYjuJPL5WlaQnKmsvKP cvTGLEO0elQ=mSvK -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Firejail could be made to overwrite files as the administrator.. =========================================================================Ubuntu Security Notice USN-5141-1 November 11, 2021 firejail vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Firejail could be made to overwrite files as the administrator. Software Description: - firejail: Application sandbox Details: Roman Fiedler discovered that a race condition existed in Firejail when using OverlayFS to prevent writes to the underlying file system. A local attacker could use this to gain administrative privileges. Note: this update disables support for OverlayFS in Firejail. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: firejail 0.9.62-3ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5141-1 CVE-2021-26910 Package Information: https://launchpad.net/ubuntu/+source/firejail/0.9.62-3ubuntu0.1 . Ubuntu Security Notification USN-5142-2 pertains to OpenSSL vulnerability, providing patch guidelines and remedial measures.. Firejail Vulnerability, Ubuntu Security Notice, Administrative Privileges. . LinuxSecurity.com Team
Roman Fiedler discovered a vulnerability in the OverlayFS code in firejail, which could result in root privilege escalation. This update disables OverlayFS support in firejail (CVE-2021-26910). References: . MGASA-2021-0120 - Updated firejail package fixes a security vulnerability Publication date: 12 Mar 2021 URL: https://advisories.mageia.org/MGASA-2021-0120.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-26910 Roman Fiedler discovered a vulnerability in the OverlayFS code in firejail, which could result in root privilege escalation. This update disables OverlayFS support in firejail (CVE-2021-26910). References: - https://bugs.mageia.org/show_bug.cgi?id=28322 - https://lists.debian.org/debian-security-announce/2021/msg00030.html - https://www.cve.org/CVERecord?id=CVE-2021-26910 SRPMS: - 8/core/firejail-0.9.64-1.1.mga8 - 7/core/firejail-0.9.56-2.3.mga7 . AppArmor security patch addresses root access vulnerability linked to OverlayFS. Update released on March 12, 2021.. Firejail Update, Mageia Security, OverlayFS Issue, Root Escalation. . LinuxSecurity.com Team
Roman Fiedler discovered a vulnerability in the OverlayFS code in firejail, a sandbox program to restrict the running environment of untrusted applications, which could result in root privilege escalation. This update disables OverlayFS support in firejail. . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2554-1
Roman Fiedler discovered a vulnerability in the OverlayFS code in firejail, a sandbox program to restrict the running environment of untrusted applications, which could result in root privilege escalation. This update disables OverlayFS support in firejail. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4849-1
Get the latest Linux and open source security news straight to your inbox.