1. Ubuntu Security Notices
  2. LSN-0117-1

LSN-0117-1: Kernel Live Patch Security Notice

Publication date

29 January 2026

Overview

Several security issues were fixed in the kernel.

Releases

Software description

  • aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1159, >= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000, >= 6.8.0-1008)
  • aws-5.15 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
  • azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.15.0-1000, >= 6.8.0-1007)
  • azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1168)
  • azure-5.15 – Linux kernel for Microsoft Azure cloud systems - (>= 5.15.0-1069)
  • gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000, >= 6.8.0-1007)
  • gcp-4.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 4.15.0-1154)
  • gcp-5.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
  • generic-4.15 – Linux kernel - (>= 4.15.0-214)
  • generic-5.15 – Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
  • generic-5.4 – Linux kernel - (>= 5.4.0-150, >= 5.4.0-26)
  • ibm – Linux kernel for IBM cloud systems - (>= 6.8.0-1005)
  • ibm-5.15 – Linux kernel for IBM cloud systems - (>= 5.15.0-1000)
  • aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1159, >= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000, >= 6.8.0-1008)
  • aws-5.15 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
  • azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.15.0-1000, >= 6.8.0-1007)
  • azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1168)
  • azure-5.15 – Linux kernel for Microsoft Azure cloud systems - (>= 5.15.0-1069)
  • gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000, >= 6.8.0-1007)
  • gcp-4.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 4.15.0-1154)
  • gcp-5.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
  • generic-4.15 – Linux kernel - (>= 4.15.0-214)
  • generic-5.15 – Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
  • generic-5.4 – Linux kernel - (>= 5.4.0-150, >= 5.4.0-26)
  • ibm – Linux kernel for IBM cloud systems - (>= 6.8.0-1005)
  • ibm-5.15 – Linux kernel for IBM cloud systems - (>= 5.15.0-1000)
  • linux – Linux kernel - (>= 5.15.0-71, >= 5.15.0-24, >= 6.8.0-1)
  • lowlatency-4.15 – Linux kernel - (>= 4.15.0-214)
  • lowlatency-5.15 – Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
  • lowlatency-5.4 – Linux kernel - (>= 5.4.0-150, >= 5.4.0-26)
  • oracle – Linux kernel for Oracle Cloud systems - (>= 4.15.0-1129, >= 5.15.0-1055, >= 6.8.0-1005)
  • oracle-5.15 – Linux kernel for Oracle Cloud systems - (>= 5.15.0-1055)

Details

In the Linux kernel, the following vulnerability has been
resolved: e100: Fix possible use after free in e100_xmit_prepare In
e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so
e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will
resend the skb.

In the Linux kernel, the following vulnerability has been
resolved: macsec: fix UAF bug for real_dev Create a new macsec device but
not get reference to real_dev.

In the Linux kernel, the following vulnerability has been
resolved: wifi: ath12k: fix firmware crash due to invalid peer nss
Currently, if the access point receives an association request containing
an Extended HE Capabilities Information Element with an invalid MCS-NSS, it
triggers a firmware crash.

In the Linux kernel, the following vulnerability has been
resolved: drm/xe/oa: Fix overflow in oa batch buffer By default
xe_bb_create_job() appends a MI_BATCH_BUFFER_END to...

In the Linux kernel, the following vulnerability has been
resolved: e100: Fix possible use after free in e100_xmit_prepare In
e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so
e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will
resend the skb.

In the Linux kernel, the following vulnerability has been
resolved: macsec: fix UAF bug for real_dev Create a new macsec device but
not get reference to real_dev.

In the Linux kernel, the following vulnerability has been
resolved: wifi: ath12k: fix firmware crash due to invalid peer nss
Currently, if the access point receives an association request containing
an Extended HE Capabilities Information Element with an invalid MCS-NSS, it
triggers a firmware crash.

In the Linux kernel, the following vulnerability has been
resolved: drm/xe/oa: Fix overflow in oa batch buffer By default
xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch buffer, this is
not a problem if batch buffer is only used once but oa reuses the batch
buffer for the same metric and at each call it appends a
MI_BATCH_BUFFER_END, printing the warning below and then overflowing.

In the Linux kernel, the following vulnerability has been
resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses
is initialized to NULL.

In the Linux kernel, the following vulnerability has been
resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
Explicitly verify the target vCPU is fully online prior to clamping the
index in kvm_get_vcpu().

In the Linux kernel, the following vulnerability has been
resolved: sched: sch_cake: add bounds checks to host bulk flow fairness
counts Even though we fixed a logic error in the commit cited below, syzbot
still managed to trigger an underflow of the per-host bulk flow counters,
leading to an out of bounds memory access.

In the Linux kernel, the following vulnerability has been
resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan
[email protected] found that ets_class_from_arg() can index an Out-
Of-Bound class in ets_class_from_arg() when passed clid of 0.

In the Linux kernel, the following vulnerability has been
resolved: usb: cdc-acm: Check control transfer buffer size before access If
the first fragment is shorter than struct usb_cdc_notification, we can't
calculate an expected_size.

In the Linux kernel, the following vulnerability has been
resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private
data and it cannot be used after free_netdev() call.

In the Linux kernel, the following vulnerability has been
resolved: exfat: fix random stack corruption after get_block When get_block
is called with a buffer_head allocated on the stack, such as
do_mpage_readpage, stack corruption due to buffer_head UAF may occur in the
following race condition situation.

Checking update status

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status

The problem can be corrected in these Livepatch versions:

Kernel type 24.04 22.04 20.04 18.04
aws 117.4 117.5 117.4 117.4
aws-5.15 117.5
azure 117.4 117.5
azure-4.15 117.4
azure-5.15 117.5
gcp 117.4 117.6
gcp-4.15 117.4
gcp-5.15 117.6
generic-4.15 117.4
generic-5.15 117.6
generic-5.4 117.4 117.4
ibm 117.4
ibm-5.15 117.5
linux 117.4 117.6
lowlatency-4.15 117.4
lowlatency-5.15 117.5
lowlatency-5.4 117.4 117.4
oracle 117.4 117.6 117.4
oracle-5.15 117.6

References

Have additional questions?

Talk to a member of the team ›