Linux kernel (FIPS) vulnerability
Published: Thu, 04 Jun 2026 22:05
Summary
The system could be compromised under certain conditions.
Details
A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystem: - Packet sockets; (CVE-2026-31504)
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu xenial
linux-fips→4.4.0-1125.132apt_upgradeStandard apt upgrade. Install 4.4.0-1125.132 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-fips
Most apt upgrades restart their service automatically. needrestart lists anything else.
linux-buildinfo-4.4.0-1125-fips→4.4.0-1125.132apt_upgradeStandard apt upgrade. Install 4.4.0-1125.132 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-buildinfo-4.4.0-1125-fips
Most apt upgrades restart their service automatically. needrestart lists anything else.
linux-fips→4.4.0.1125.127apt_upgradeStandard apt upgrade. Install 4.4.0.1125.127 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-fips
Most apt upgrades restart their service automatically. needrestart lists anything else.
linux-fips-cloud-tools-common→4.4.0-1125.132apt_upgradeStandard apt upgrade. Install 4.4.0-1125.132 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-fips-cloud-tools-common
Most apt upgrades restart their service automatically. needrestart lists anything else.
linux-fips-headers-4.4.0-1125→4.4.0-1125.132apt_upgradeStandard apt upgrade. Install 4.4.0-1125.132 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-fips-headers-4.4.0-1125
Most apt upgrades restart their service automatically. needrestart lists anything else.
linux-fips-source-4.4.0→4.4.0-1125.132apt_upgradeStandard apt upgrade. Install 4.4.0-1125.132 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-fips-source-4.4.0
Most apt upgrades restart their service automatically. needrestart lists anything else.
linux-fips-tools-4.4.0-1125→4.4.0-1125.132apt_upgradeStandard apt upgrade. Install 4.4.0-1125.132 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-fips-tools-4.4.0-1125
Most apt upgrades restart their service automatically. needrestart lists anything else.
linux-headers-4.4.0-1125-fips→4.4.0-1125.132kernel_rebootKernel package — apt-upgrade then REBOOT to load the patched kernel.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-headers-4.4.0-1125-fips sudo reboot
Reboot is required. ~30-60s downtime; containers self-restart.
linux-headers-fips→4.4.0.1125.127kernel_rebootKernel package — apt-upgrade then REBOOT to load the patched kernel.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-headers-fips sudo reboot
Reboot is required. ~30-60s downtime; containers self-restart.
linux-image-4.4.0-1125-fips→4.4.0-1125.132kernel_rebootKernel package — apt-upgrade then REBOOT to load the patched kernel.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-image-4.4.0-1125-fips sudo reboot
Reboot is required. ~30-60s downtime; containers self-restart.
linux-image-fips→4.4.0.1125.127kernel_rebootKernel package — apt-upgrade then REBOOT to load the patched kernel.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-image-fips sudo reboot
Reboot is required. ~30-60s downtime; containers self-restart.
linux-image-hmac-4.4.0-1125-fips→4.4.0-1125.132kernel_rebootKernel package — apt-upgrade then REBOOT to load the patched kernel.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-image-hmac-4.4.0-1125-fips sudo reboot
Reboot is required. ~30-60s downtime; containers self-restart.
linux-image-unsigned-4.4.0-1125-fips→4.4.0-1125.132kernel_rebootKernel package — apt-upgrade then REBOOT to load the patched kernel.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-image-unsigned-4.4.0-1125-fips sudo reboot
Reboot is required. ~30-60s downtime; containers self-restart.
linux-image-unsigned-hmac-4.4.0-1125-fips→4.4.0-1125.132kernel_rebootKernel package — apt-upgrade then REBOOT to load the patched kernel.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-image-unsigned-hmac-4.4.0-1125-fips sudo reboot
Reboot is required. ~30-60s downtime; containers self-restart.
linux-modules-4.4.0-1125-fips→4.4.0-1125.132kernel_rebootKernel package — apt-upgrade then REBOOT to load the patched kernel.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-modules-4.4.0-1125-fips sudo reboot
Reboot is required. ~30-60s downtime; containers self-restart.
linux-modules-extra-4.4.0-1125-fips→4.4.0-1125.132kernel_rebootKernel package — apt-upgrade then REBOOT to load the patched kernel.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-modules-extra-4.4.0-1125-fips sudo reboot
Reboot is required. ~30-60s downtime; containers self-restart.
linux-tools-4.4.0-1125-fips→4.4.0-1125.132apt_upgradeStandard apt upgrade. Install 4.4.0-1125.132 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-tools-4.4.0-1125-fips
Most apt upgrades restart their service automatically. needrestart lists anything else.
linux-tools-fips→4.4.0.1125.127apt_upgradeStandard apt upgrade. Install 4.4.0.1125.127 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y linux-tools-fips
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8361-2?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8361-2 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.