kmod update
Published: Thu, 30 Apr 2026 15:55
Summary
kmod has been updated to block loading of the algif_aead kernel module.
Details
It was discovered that the Linux kernel algif_aead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algif_aead module as a measure to mitigate the issue until kernel updates are made available. See the following URL for more information https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu jammy
kmod→29-1ubuntu1.1apt_upgradeStandard apt upgrade. Install 29-1ubuntu1.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y kmod
Most apt upgrades restart their service automatically. needrestart lists anything else.
kmod→29-1ubuntu1.1apt_upgradeStandard apt upgrade. Install 29-1ubuntu1.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y kmod
Most apt upgrades restart their service automatically. needrestart lists anything else.
libkmod-dev→29-1ubuntu1.1apt_upgradeStandard apt upgrade. Install 29-1ubuntu1.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libkmod-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libkmod2→29-1ubuntu1.1apt_upgradeStandard apt upgrade. Install 29-1ubuntu1.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libkmod2
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu noble
kmod→31+20240202-2ubuntu7.2apt_upgradeStandard apt upgrade. Install 31+20240202-2ubuntu7.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y kmod
Most apt upgrades restart their service automatically. needrestart lists anything else.
kmod→31+20240202-2ubuntu7.2apt_upgradeStandard apt upgrade. Install 31+20240202-2ubuntu7.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y kmod
Most apt upgrades restart their service automatically. needrestart lists anything else.
libkmod-dev→31+20240202-2ubuntu7.2apt_upgradeStandard apt upgrade. Install 31+20240202-2ubuntu7.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libkmod-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libkmod2→31+20240202-2ubuntu7.2apt_upgradeStandard apt upgrade. Install 31+20240202-2ubuntu7.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libkmod2
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu questing
kmod→34.2-2ubuntu1.1apt_upgradeStandard apt upgrade. Install 34.2-2ubuntu1.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y kmod
Most apt upgrades restart their service automatically. needrestart lists anything else.
kmod→34.2-2ubuntu1.1apt_upgradeStandard apt upgrade. Install 34.2-2ubuntu1.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y kmod
Most apt upgrades restart their service automatically. needrestart lists anything else.
libkmod-dev→34.2-2ubuntu1.1apt_upgradeStandard apt upgrade. Install 34.2-2ubuntu1.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libkmod-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libkmod2→34.2-2ubuntu1.1apt_upgradeStandard apt upgrade. Install 34.2-2ubuntu1.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libkmod2
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8226-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8226-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
References
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.