Ubuntu Issues Linux Kernel Security Updates Across Supported Releases
Ubuntu published multiple security notices to fix Linux kernel vulnerabilities affecting a broad range of releases, including Ubuntu 14.04 LTS, 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, and 25.10. The Canadian Centre for Cyber Security highlighted the advisories in notices AV26-264 and AV26-296, covering Ubuntu security updates released over consecutive weekly periods.
The Cyber Centre urged users and administrators to review the referenced Ubuntu Security Notices and apply the required updates to affected systems. The advisories describe defensive patching activity for kernel flaws across supported Ubuntu versions and do not report a named threat actor, ransomware operation, or confirmed active exploitation campaign.
How this story unfolded
25 events from the most recent confirmed update back to the earliest known activity.
Cyber Centre issues advisory AV26-529 for new Ubuntu kernel fixes
On 2026-06-01, the Canadian Centre for Cyber Security published advisory AV26-529 covering Ubuntu security notices issued between May 25 and May 31, 2026, for Linux kernel vulnerabilities affecting Ubuntu 20.04 LTS, 22.04 LTS, 24.04 LTS, and 25.10. The advisory referenced Linux kernel (Low Latency), Linux kernel (Intel IoTG Real-time), and Linux kernel (Azure) notices and urged users and administrators to apply the updates.
Cyber Centre issues advisory AV26-505 for new Ubuntu kernel fixes
On 2026-05-25, the Canadian Centre for Cyber Security published advisory AV26-505 covering Ubuntu security notices issued between May 18 and May 24, 2026, for Linux kernel vulnerabilities affecting Ubuntu 14.04 LTS, 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, and 25.10. The advisory urged users and administrators to review the referenced Ubuntu Security Notices and apply the necessary updates.
Cyber Centre issues advisory AV26-482 for new Ubuntu kernel fixes
On 2026-05-19, the Canadian Centre for Cyber Security published advisory AV26-482 covering Ubuntu security notices issued between May 11 and May 17, 2026, for Linux kernel vulnerabilities affecting Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS. The advisory referenced Ubuntu notices including USN-8257-1, USN-8255-1, and USN-8258-1 and urged users and administrators to apply the necessary updates.
Ubuntu publishes CVE-2026-46333 kernel exposure status matrix
On 2026-05-18, Ubuntu published a CVE page for CVE-2026-46333 showing the main linux package as vulnerable on Ubuntu 22.04 LTS, 24.04 LTS, 25.10, and 26.04 LTS. The page also showed many cloud, OEM, realtime, FIPS, and other derivative kernel packages still under evaluation or otherwise not affected due to supersession, release status, or end of support.
Cyber Centre issues advisory AV26-440 for new Ubuntu kernel fixes
On 2026-05-11, the Canadian Centre for Cyber Security published advisory AV26-440 covering Ubuntu security notices issued between May 4 and May 10, 2026, for Linux kernel vulnerabilities affecting Ubuntu 20.04 LTS, 22.04 LTS, 24.04 LTS, and 25.10. The advisory referenced USN-8255-1, USN-8257-1, and USN-8258-1 and urged users and administrators to review the notices and apply the necessary updates.
Ubuntu publishes CVE-2026-43500 kernel exposure status matrix
On 2026-05-07, Ubuntu published a CVE page for CVE-2026-43500 showing many kernel package variants, including linux, linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime, and multiple cloud- and vendor-specific kernels, as vulnerable across supported Ubuntu releases. The matrix also noted numerous older, superseded, end-of-support, FIPS, and realtime package tracks as not affected, ignored, under evaluation, or still awaiting fixes.
Ubuntu publishes CVE-2026-43284 kernel exposure status matrix
On 2026-05-07, Ubuntu published a CVE page for CVE-2026-43284 showing multiple kernel package variants, including linux, linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, and linux-realtime, as vulnerable across supported Ubuntu releases. The matrix also identified some older or superseded package tracks as not affected, unsupported, or not in release, including certain Ubuntu Pro FIPS and realtime variants.
Cyber Centre issues advisory AV26-416 for new Ubuntu kernel fixes
On 2026-05-04, the Canadian Centre for Cyber Security published advisory AV26-416 covering Ubuntu security notices issued between April 27 and May 3, 2026, for Linux kernel vulnerabilities affecting Ubuntu 20.04 LTS and 24.04 LTS. The advisory referenced USN-8185-2 and USN-8224-1 and urged users and administrators to review the notices and apply the necessary updates.
Cyber Centre issues advisory AV26-390 for new Ubuntu kernel fixes
On 2026-04-27, the Canadian Centre for Cyber Security published advisory AV26-390 covering Ubuntu security notices issued between April 20 and April 26, 2026, for Linux kernel vulnerabilities affecting Ubuntu 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, and 25.10. The advisory urged users and administrators to review the notices and apply the necessary updates.
Cyber Centre issues advisory AV26-367 for new Ubuntu kernel fixes
On 2026-04-20, the Canadian Centre for Cyber Security published advisory AV26-367 covering Ubuntu security notices issued between April 13 and April 19, 2026, for Linux kernel vulnerabilities affecting Ubuntu 14.04 LTS through Ubuntu 25.10. The advisory urged users and administrators to review the notices and apply the necessary updates.
Cyber Centre issues advisory AV26-338 for new Ubuntu kernel fixes
On 2026-04-13, the Canadian Centre for Cyber Security published advisory AV26-338 covering Ubuntu security notices issued between April 6 and April 12, 2026, for Linux kernel vulnerabilities affecting Ubuntu 14.04 LTS through 25.10. The advisory urged users and administrators to review the notices and apply the required updates.
Cyber Centre issues advisory AV26-317 for new Ubuntu kernel fixes
On 2026-04-07, the Canadian Centre for Cyber Security published advisory AV26-317 covering Ubuntu security notices issued between March 30 and April 5, 2026, for Linux kernel vulnerabilities affecting Ubuntu 14.04 LTS through 25.10. The advisory urged users and administrators to review the notices and apply the necessary updates.
Ubuntu issues USN-8141-1 for Linux kernel (Raspberry Pi) vulnerabilities
On 2026-04-01, Ubuntu published security notice USN-8141-1 addressing vulnerabilities in the Linux kernel for Raspberry Pi systems. This was another distinct Raspberry Pi kernel security update released during Ubuntu's early-April 2026 patch cycle.
Ubuntu issues USN-8095-5 for Linux kernel (Raspberry Pi) vulnerabilities
On 2026-04-01, Ubuntu published security notice USN-8095-5 addressing vulnerabilities in the Linux kernel for Raspberry Pi systems. The notice represents a specific kernel patch release within Ubuntu's early-April 2026 security update cycle.
Ubuntu issues USN-8094-5 for Linux kernel (Raspberry Pi) vulnerabilities
On 2026-04-01, Ubuntu published security notice USN-8094-5 addressing vulnerabilities in the Linux kernel for Raspberry Pi systems. This was a separate Raspberry Pi kernel security update issued alongside other early-April 2026 Ubuntu kernel notices.
Cyber Centre issues advisory AV26-296 for latest Ubuntu kernel fixes
On 2026-03-30, the Canadian Centre for Cyber Security published advisory AV26-296 covering Ubuntu's March 23-29 kernel vulnerability notices and recommending that administrators review and apply the updates.
Ubuntu publishes another round of Linux kernel security notices
Between 2026-03-23 and 2026-03-29, Ubuntu released additional security notices addressing Linux kernel vulnerabilities across multiple releases, ranging from Ubuntu 14.04 LTS through Ubuntu 25.10.
Cyber Centre publishes advisory AV26-264 on Ubuntu kernel updates
On 2026-03-23, the Canadian Centre for Cyber Security published advisory AV26-264 summarizing Ubuntu's March 16-22 kernel security notices and urging users and administrators to apply the required updates.
Ubuntu issues Linux kernel security notices for multiple releases
Between 2026-03-16 and 2026-03-22, Ubuntu published security notices to address Linux kernel vulnerabilities affecting multiple supported releases, including 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, and 25.10.
Ubuntu issues USN-8060-7 for Linux kernel (NVIDIA) vulnerabilities
On 2026-03-10, Ubuntu published security notice USN-8060-7 addressing Linux kernel (NVIDIA) vulnerabilities. This represents an earlier round of Ubuntu kernel-related security updates than those currently captured in the timeline.
Ubuntu issues USN-8059-8 for Linux kernel (NVIDIA) vulnerabilities
On 2026-03-10, Ubuntu published security notice USN-8059-8 addressing vulnerabilities in the Linux kernel for NVIDIA-related packages. This was a separate kernel security update from USN-8060-7 issued the same day.
Ubuntu publishes CVE-2022-32250 kernel exposure status matrix
On 2026-01-01, Ubuntu published a CVE page for CVE-2022-32250 detailing exposure and remediation status across affected Ubuntu Linux kernel package variants. The page represents Ubuntu's official tracking matrix for this specific kernel vulnerability.
Ubuntu publishes CVE-2022-40982 kernel and microcode exposure matrix
On 2026-01-01, Ubuntu published a CVE page for CVE-2022-40982 detailing remediation status across Linux kernel packages and Intel microcode for multiple Ubuntu releases and kernel flavors. The matrix showed many supported packages fixed, while some legacy branches were ignored due to end of support and linux-azure-fde-5.15 on Ubuntu 20.04 LTS remained vulnerable with work in progress.
Ubuntu publishes CVE-2024-50283 kernel exposure status matrix
On 2026-01-01, Ubuntu published a CVE page for CVE-2024-50283 detailing affected and fixed Linux kernel package variants across Ubuntu releases. The page serves as Ubuntu's exposure-status matrix for this specific kernel vulnerability.
Ubuntu publishes CVE-2024-50285 kernel exposure status matrix
Ubuntu published a CVE page for CVE-2024-50285 showing affected and fixed Linux kernel package variants across releases, including generic, AWS, Azure, GCP, Oracle, OEM, lowlatency, realtime, and FIPS-related kernels. The matrix indicated fixes for many noble (24.04 LTS) and oracular (24.10) packages while numerous jammy, focal, bionic, and xenial kernel tracks remained vulnerable or were marked unsupported, superseded, or ignored.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
28 references tracked. Mallory keeps watching after this page renders.
Ubuntu security advisory (AV26-529) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceUbuntu security advisory (AV26-505) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceUbuntu security advisory (AV26-482) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceCVE-2026-46333 | Ubuntu
ubuntu.com
Open sourceCVE-2022-32250 | Ubuntu
ubuntu.com
Open sourceCVE-2024-50283 | Ubuntu
ubuntu.com
Open sourceCVE-2024-50285 | Ubuntu
ubuntu.com
Open sourceCVE-2022-40982 | Ubuntu
ubuntu.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Canadian Cyber Centre Advisories Highlight Linux Kernel and Other Vendor Patch Updates
The Canadian Centre for Cyber Security issued multiple advisories urging organizations to apply vendor patches released between **February 16–22, 2026**, including updates addressing **Linux kernel vulnerabilities** impacting **Ubuntu** (16.04 LTS through 25.10) and **Red Hat** platforms (including *RHEL* and related offerings). The advisories emphasize routine but potentially high-impact exposure from unpatched kernel flaws across widely deployed enterprise and server environments, and direct administrators to review upstream vendor notices and deploy the corresponding updates. Separate Cyber Centre advisories also flagged patch requirements outside the Linux kernel: Microsoft released an update for **Microsoft Edge Stable** to remediate vulnerabilities in versions prior to `145.0.3800.70`, IBM published security advisories covering multiple products (including *Aspera Enterprise WebApps*, *Cloud Pak System*, *Storage Defender*, and others), and CISA issued ICS advisories for vulnerabilities across several industrial and IoT/OT products (including **Delta Electronics**, **GE Vernova**, **Honeywell CCTV**, **Siemens Simcenter**, and others) with recommended mitigations and updates where available. A Linux 7.0 release-candidate feature article is not a security advisory and does not materially relate to the patch/vulnerability notices in the other items.
Mar 21, 2026
Red Hat Linux Kernel Vulnerabilities Prompt Broad Update Advisory
The Canadian Centre for Cyber Security issued two notices warning that Red Hat had published multiple security advisories for vulnerabilities affecting several products, with a particular focus on **Linux kernel** updates. The affected offerings include **Red Hat CodeReady Linux Builder**, **Red Hat Enterprise Linux**, **Red Hat Enterprise Linux Server**, and **Red Hat Enterprise Linux for Real Time** across multiple versions and platforms. The first notice, `AV26-318`, covered Red Hat advisories released between March 30 and April 5, while the second, `AV26-341`, covered advisories published between April 6 and 12. In both cases, the Cyber Centre urged users and administrators to review the referenced Red Hat advisories and apply the necessary updates to address the disclosed vulnerabilities.
May 11, 2026
Multiple Linux Kernel Vulnerabilities Prompt dCERT Advisories
dCERT published two advisories, `2025-1332` and `2025-1527`, warning of **multiple vulnerabilities in the Linux kernel**. The notices indicate that separate sets of kernel flaws were significant enough to warrant dedicated advisories, underscoring continued security risk in one of the most widely deployed operating system components across servers, cloud infrastructure, appliances, and embedded systems. While no public synopsis was included in the referenced advisories, the alerts point organizations to review affected kernel versions, assess exposure across Linux-based assets, and apply vendor-provided updates or mitigations. Because kernel vulnerabilities can affect core system security boundaries and stability, unpatched systems may face elevated risk depending on the specific flaws and deployment context.
May 22, 2026