StackPatch is liveSee product

Back to CVE digest
Ubuntu USN · USN-8393-1

Linux kernel (Azure FIPS) vulnerabilities

Published: Thu, 04 Jun 2026 22:10

CVE-2026-23069CVE-2026-23089CVE-2026-31533CVE-2026-23005CVE-2026-22976CVE-2026-23001CVE-2026-23113CVE-2026-22991CVE-2026-23202CVE-2025-71222CVE-2026-47328CVE-2026-23086CVE-2026-23123CVE-2025-71182CVE-2026-23212CVE-2025-71268CVE-2026-23260CVE-2026-23198CVE-2026-23182CVE-2026-23094CVE-2026-23261CVE-2026-23095CVE-2026-23061CVE-2025-71190CVE-2026-23351CVE-2026-22997CVE-2026-23047CVE-2026-23053CVE-2026-23075CVE-2026-22998CVE-2026-23173CVE-2026-23087CVE-2026-23146CVE-2026-43078CVE-2026-46300CVE-2026-43033CVE-2026-23059CVE-2026-23031CVE-2026-23144CVE-2025-40082CVE-2026-23071CVE-2026-46028CVE-2026-31504CVE-2026-23258CVE-2026-23103CVE-2025-71180CVE-2026-23064CVE-2025-71163CVE-2025-71162CVE-2026-23076CVE-2026-23126CVE-2026-23206CVE-2026-23148CVE-2026-23083CVE-2025-71185CVE-2026-23264CVE-2026-23160CVE-2025-68358CVE-2026-23168CVE-2026-22980CVE-2026-43503CVE-2026-23159CVE-2026-23062CVE-2026-23010CVE-2026-47329CVE-2025-71197CVE-2026-23163CVE-2026-22979CVE-2026-23167CVE-2026-23030CVE-2026-23124CVE-2024-50004CVE-2026-23191CVE-2026-23021CVE-2025-71188CVE-2024-58096CVE-2026-23179CVE-2025-71184CVE-2025-71220CVE-2025-71200CVE-2025-71195CVE-2025-71225CVE-2026-23019CVE-2026-23038CVE-2026-23101CVE-2026-47335CVE-2025-71194CVE-2026-22999CVE-2026-31676CVE-2026-23187CVE-2026-47337CVE-2026-23125CVE-2026-23213CVE-2026-23274CVE-2025-37926CVE-2026-23057CVE-2026-23120CVE-2026-23156CVE-2026-23262CVE-2026-23020CVE-2026-23093CVE-2025-71224CVE-2026-23090CVE-2024-58097CVE-2026-22990CVE-2026-23058CVE-2026-23172CVE-2026-23068CVE-2026-22992CVE-2026-43077CVE-2026-23011CVE-2026-23050CVE-2026-23116CVE-2025-38201CVE-2026-23200CVE-2026-23170CVE-2026-23032CVE-2025-71191CVE-2026-23096CVE-2026-47334CVE-2026-22977CVE-2026-23026CVE-2025-68725CVE-2026-23102CVE-2026-31419CVE-2026-23139CVE-2026-23145CVE-2026-23257CVE-2026-23215CVE-2026-23136CVE-2026-23135CVE-2025-71160CVE-2026-23164CVE-2025-71186CVE-2026-23088CVE-2025-71199CVE-2026-23003CVE-2026-23121CVE-2026-22984CVE-2026-23056CVE-2026-23133CVE-2026-23166CVE-2026-23073CVE-2026-47330CVE-2026-23054CVE-2026-23140CVE-2026-23193CVE-2026-23254CVE-2026-23110CVE-2026-23204CVE-2026-23129CVE-2026-23178CVE-2026-23141CVE-2026-43494CVE-2026-23128CVE-2026-23131CVE-2025-71196CVE-2025-68803CVE-2026-47326CVE-2026-23065CVE-2026-23394CVE-2026-23099CVE-2026-47332CVE-2026-43284CVE-2026-23150CVE-2025-68365CVE-2026-23205CVE-2026-31431CVE-2025-68351CVE-2026-23049CVE-2026-47333CVE-2026-22994CVE-2026-23084CVE-2026-23091CVE-2026-23078CVE-2026-47331CVE-2025-71183CVE-2026-23037CVE-2026-46000CVE-2026-47336CVE-2026-23000CVE-2025-71193CVE-2026-23006CVE-2026-23119CVE-2026-23063CVE-2026-23097CVE-2026-46333CVE-2026-23151CVE-2026-22996CVE-2025-71192CVE-2026-23107CVE-2025-71198CVE-2026-22978CVE-2026-23080CVE-2026-45998CVE-2026-23108CVE-2025-38591CVE-2026-23214CVE-2026-23035CVE-2026-47327CVE-2026-23216CVE-2026-22982CVE-2026-43500CVE-2025-40149CVE-2025-68823CVE-2026-23025CVE-2026-23105CVE-2025-40039CVE-2026-23256CVE-2026-23033CVE-2026-23176CVE-2026-23180CVE-2026-23085CVE-2026-23142CVE-2025-68749CVE-2026-23098CVE-2025-71189CVE-2026-23190

Summary

Several security issues were fixed in the Linux kernel.

Details

It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431) It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contain a memory leak when handling AppArmor notifications. A local attacker could use this to cause resource exhaustion. (CVE-2026-47326) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contain a NULL pointer dereference when handling AppArmor notifications. A local attacker could use this to cause a kernel oops. (CVE-2026-47327) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained an invalid free when handling AppArmor notifications. A local attacker could use this to corrupt kernel memory. (CVE-2026-47328) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained insufficient validation of AppArmor notification responses. A local attacker could use this to allow crafted responses to be processed. (CVE-2026-47329) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 used an uninitialized variable when handling AppArmor notifications. A local attacker could use this to cause incorrect caching of data. (CVE-2026-47330) Tristan Madani discovered that Ubuntu Linux kernel 6.8 contained a use- after-free (UAF) bug. A local attacker could use this to cause memory corruption and, theoretically, arbitrary code execution. (CVE-2026-47331) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained an out-of-bounds (OOB) read when handling AppArmor notifications. A local attacker could use this to cause information disclosure of kernel memory. (CVE-2026-47332) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a out-of-bounds (OOB) read when handling AppArmor notifications. A local attacker could use this to cause kernel memory corruption and, theoretically, influence processing of AppArmor policies. (CVE-2026-47333) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained incorrect holding of locks when handling AppArmor notifications. A local attacker could use this to cause a kernel panic or deadlock. (CVE-2026-47334) Tristan Madani discovered that Ubuntu Linux kernel 6.8 contained a NULL pointer dereference when handling AppArmor notifications. A local attacker could use this to cause a kernel panic. (CVE-2026-47335) Tristan Madani discovered that Ubuntu Linux kernel 6.8 used an uninitialized variable when handling AppArmor AF_INET/AF_INET6 socket mediation. A local attacker could use this to influence processing of fine- grained network socket mediation. (CVE-2026-47336) Tristan Madani and Trevor Lawrence have each independently discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a NULL pointer dereference when handling AppArmor network socket mediation. A local attacker could use this to cause a kernel oops. (CVE-2026-47337) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Cryptographic API; - Compute Acceleration Framework; - Drivers core; - Null block device driver; - Ublk userspace block driver; - Bluetooth drivers; - Counter interface drivers; - DMA engine subsystem; - DPLL subsystem; - GPU drivers; - HID subsystem; - Intel Trace Hub HW tracing drivers; - IIO ADC drivers; - IIO subsystem; - On-Chip Interconnect management framework; - IRQ chip drivers; - Modular ISDN driver; - LED subsystem; - Multiple devices driver; - UACCE accelerator framework; - MMC subsystem; - Ethernet bonding driver; - Network drivers; - Mellanox network drivers; - NVME drivers; - PHY drivers; - x86 platform drivers; - i.MX PM domains; - SCSI subsystem; - SLIMbus drivers; - SPI subsystem; - TCM subsystem; - W1 Dallas's 1-wire bus driver; - Xen hypervisor drivers; - BTRFS file system; - EFI Variable file system; - exFAT file system; - Ext4 file system; - HFS+ file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - Scheduler infrastructure; - Netfilter; - NFC subsystem; - Tracing infrastructure; - io_uring subsystem; - BPF subsystem; - Perf events; - Floating proportions library; - Memory management; - Bluetooth subsystem; - CAN network layer; - Ceph Core library; - Networking core; - IPv4 networking; - IPv6 networking; - L2TP protocol; - MAC80211 subsystem; - NET/ROM layer; - Packet sockets; - RDS protocol; - RxRPC session sockets; - Network traffic control; - SCTP protocol; - TLS protocol; - Unix domain sockets; - VMware vSockets driver; - Wireless networking; - ALSA AC97 driver; - Generic PCM loopback sound driver; - Creative Sound Blaster X-Fi driver; - AMD SoC Alsa drivers; - Texas InstrumentS Audio (ASoC/HDA) drivers; - USB sound devices; - KVM subsystem; (CVE-2024-50004, CVE-2024-58096, CVE-2024-58097, CVE-2025-37926, CVE-2025-38201, CVE-2025-38591, CVE-2025-40039, CVE-2025-40082, CVE-2025-40149, CVE-2025-68351, CVE-2025-68358, CVE-2025-68365, CVE-2025-68725, CVE-2025-68749, CVE-2025-68803, CVE-2025-68823, CVE-2025-71160, CVE-2025-71162, CVE-2025-71163, CVE-2025-71180, CVE-2025-71182, CVE-2025-71183, CVE-2025-71184, CVE-2025-71185, CVE-2025-71186, CVE-2025-71188, CVE-2025-71189, CVE-2025-71190, CVE-2025-71191, CVE-2025-71192, CVE-2025-71193, CVE-2025-71194, CVE-2025-71195, CVE-2025-71196, CVE-2025-71197, CVE-2025-71198, CVE-2025-71199, CVE-2025-71200, CVE-2025-71220, CVE-2025-71222, CVE-2025-71224, CVE-2025-71225, CVE-2025-71268, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22979, CVE-2026-22980, CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-22994, CVE-2026-22996, CVE-2026-22997, CVE-2026-22998, CVE-2026-22999, CVE-2026-23000, CVE-2026-23001, CVE-2026-23003, CVE-2026-23005, CVE-2026-23006, CVE-2026-23010, CVE-2026-23011, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021, CVE-2026-23025, CVE-2026-23026, CVE-2026-23030, CVE-2026-23031, CVE-2026-23032, CVE-2026-23033, CVE-2026-23035, CVE-2026-23037, CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23050, CVE-2026-23053, CVE-2026-23054, CVE-2026-23056, CVE-2026-23057, CVE-2026-23058, CVE-2026-23059, CVE-2026-23061, CVE-2026-23062, CVE-2026-23063, CVE-2026-23064, CVE-2026-23065, CVE-2026-23068, CVE-2026-23069, CVE-2026-23071, CVE-2026-23073, CVE-2026-23075, CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083, CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23087, CVE-2026-23088, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091, CVE-2026-23093, CVE-2026-23094, CVE-2026-23095, CVE-2026-23096, CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101, CVE-2026-23102, CVE-2026-23103, CVE-2026-23105, CVE-2026-23107, CVE-2026-23108, CVE-2026-23110, CVE-2026-23113, CVE-2026-23116, CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23123, CVE-2026-23124, CVE-2026-23125, CVE-2026-23126, CVE-2026-23128, CVE-2026-23129, CVE-2026-23131, CVE-2026-23133, CVE-2026-23135, CVE-2026-23136, CVE-2026-23139, CVE-2026-23140, CVE-2026-23141, CVE-2026-23142, CVE-2026-23144, CVE-2026-23145, CVE-2026-23146, CVE-2026-23148, CVE-2026-23150, CVE-2026-23151, CVE-2026-23156, CVE-2026-23159, CVE-2026-23160, CVE-2026-23163, CVE-2026-23164, CVE-2026-23166, CVE-2026-23167, CVE-2026-23168, CVE-2026-23170, CVE-2026-23172, CVE-2026-23173, CVE-2026-23176, CVE-2026-23178, CVE-2026-23179, CVE-2026-23180, CVE-2026-23182, CVE-2026-23187, CVE-2026-23190, CVE-2026-23191, CVE-2026-23193, CVE-2026-23198, CVE-2026-23200, CVE-2026-23202, CVE-2026-23204, CVE-2026-23205, CVE-2026-23206, CVE-2026-23212, CVE-2026-23213, CVE-2026-23214, CVE-2026-23215, CVE-2026-23216, CVE-2026-23254, CVE-2026-23256, CVE-2026-23257, CVE-2026-23258, CVE-2026-23260, CVE-2026-23261, CVE-2026-23262, CVE-2026-23264, CVE-2026-23274, CVE-2026-23351, CVE-2026-23394, CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-31676, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078, CVE-2026-43494, CVE-2026-46028)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu noble

  • linux-azure-fips6.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-azure-fips

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-azure-fips6.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-azure-fips

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-azure-fips-6.86.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-azure-fips-6.8

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-azure-fips-cloud-tools-6.8.0-10596.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-azure-fips-cloud-tools-6.8.0-1059

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-azure-fips-headers-6.8.0-10596.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-azure-fips-headers-6.8.0-1059

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-azure-fips-tools-6.8.0-10596.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-azure-fips-tools-6.8.0-1059

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-buildinfo-6.8.0-1059-azure-fips6.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-buildinfo-6.8.0-1059-azure-fips

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-cloud-tools-6.8.0-1059-azure-fips6.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-cloud-tools-6.8.0-1059-azure-fips

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-cloud-tools-azure-fips6.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-cloud-tools-azure-fips

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-cloud-tools-azure-fips-6.86.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-cloud-tools-azure-fips-6.8

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-headers-6.8.0-1059-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-headers-6.8.0-1059-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-headers-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-headers-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-headers-azure-fips-6.86.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-headers-azure-fips-6.8
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-image-6.8.0-1059-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-image-6.8.0-1059-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-image-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-image-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-image-azure-fips-6.86.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-image-azure-fips-6.8
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-image-hmac-6.8.0-1059-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-image-hmac-6.8.0-1059-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-image-unsigned-6.8.0-1059-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-image-unsigned-6.8.0-1059-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-image-unsigned-hmac-6.8.0-1059-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-image-unsigned-hmac-6.8.0-1059-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-6.8.0-1059-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-6.8.0-1059-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-extra-6.8.0-1059-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-extra-6.8.0-1059-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-extra-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-extra-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-extra-azure-fips-6.86.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-extra-azure-fips-6.8
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-involflt-6.8.0-1059-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-involflt-6.8.0-1059-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-involflt-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-involflt-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-involflt-azure-fips-6.86.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-involflt-azure-fips-6.8
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-iwlwifi-6.8.0-1059-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-iwlwifi-6.8.0-1059-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-iwlwifi-azure-fips6.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-iwlwifi-azure-fips
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-iwlwifi-azure-fips-6.86.8.0-1059.65+fips1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-iwlwifi-azure-fips-6.8
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-tools-6.8.0-1059-azure-fips6.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-tools-6.8.0-1059-azure-fips

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-tools-azure-fips6.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-tools-azure-fips

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-tools-azure-fips-6.86.8.0-1059.65+fips1apt_upgrade

    Standard apt upgrade. Install 6.8.0-1059.65+fips1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-tools-azure-fips-6.8

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8393-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8393-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first
Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →