StackPatch is liveSee product

Back to CVE digest
Ubuntu USN · USN-8462-1

Linux kernel (Oracle) vulnerabilities

Published: Mon, 22 Jun 2026 23:17

CVE-2026-43284CVE-2026-46333CVE-2026-46300CVE-2026-43033CVE-2026-31533CVE-2026-43077CVE-2026-43500CVE-2026-31504CVE-2026-43503CVE-2026-43494CVE-2026-31419CVE-2026-46028CVE-2026-43078CVE-2026-31431

Summary

Several security issues were fixed in the Linux kernel.

Details

It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431) It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Ethernet bonding driver; - Packet sockets; - RDS protocol; - TLS protocol; (CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078, CVE-2026-43494, CVE-2026-46028)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu focal

  • linux-oracle-5.155.15.0-1106.112~20.04.1apt_upgrade

    Standard apt upgrade. Install 5.15.0-1106.112~20.04.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-oracle-5.15

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-buildinfo-5.15.0-1106-oracle5.15.0-1106.112~20.04.1apt_upgrade

    Standard apt upgrade. Install 5.15.0-1106.112~20.04.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-1106-oracle

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-headers-5.15.0-1106-oracle5.15.0-1106.112~20.04.1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-headers-5.15.0-1106-oracle
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-headers-oracle5.15.0.1106.112~20.04.1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-headers-oracle
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-headers-oracle-5.155.15.0.1106.112~20.04.1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-headers-oracle-5.15
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-headers-oracle-edge5.15.0.1106.112~20.04.1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-headers-oracle-edge
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-image-5.15.0-1106-oracle5.15.0-1106.112~20.04.1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-image-5.15.0-1106-oracle
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-image-oracle5.15.0.1106.112~20.04.1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-image-oracle
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-image-oracle-5.155.15.0.1106.112~20.04.1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-image-oracle-5.15
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-image-oracle-edge5.15.0.1106.112~20.04.1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-image-oracle-edge
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-image-unsigned-5.15.0-1106-oracle5.15.0-1106.112~20.04.1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-image-unsigned-5.15.0-1106-oracle
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-5.15.0-1106-oracle5.15.0-1106.112~20.04.1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-5.15.0-1106-oracle
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-modules-extra-5.15.0-1106-oracle5.15.0-1106.112~20.04.1kernel_reboot

    Kernel package — apt-upgrade then REBOOT to load the patched kernel.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-modules-extra-5.15.0-1106-oracle
sudo reboot

    Reboot is required. ~30-60s downtime; containers self-restart.

  • linux-oracle5.15.0.1106.112~20.04.1apt_upgrade

    Standard apt upgrade. Install 5.15.0.1106.112~20.04.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-oracle

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-oracle-5.155.15.0.1106.112~20.04.1apt_upgrade

    Standard apt upgrade. Install 5.15.0.1106.112~20.04.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-oracle-5.15

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-oracle-5.15-headers-5.15.0-11065.15.0-1106.112~20.04.1apt_upgrade

    Standard apt upgrade. Install 5.15.0-1106.112~20.04.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-oracle-5.15-headers-5.15.0-1106

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-oracle-5.15-tools-5.15.0-11065.15.0-1106.112~20.04.1apt_upgrade

    Standard apt upgrade. Install 5.15.0-1106.112~20.04.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-oracle-5.15-tools-5.15.0-1106

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-oracle-edge5.15.0.1106.112~20.04.1apt_upgrade

    Standard apt upgrade. Install 5.15.0.1106.112~20.04.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-oracle-edge

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-tools-5.15.0-1106-oracle5.15.0-1106.112~20.04.1apt_upgrade

    Standard apt upgrade. Install 5.15.0-1106.112~20.04.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-tools-5.15.0-1106-oracle

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-tools-oracle5.15.0.1106.112~20.04.1apt_upgrade

    Standard apt upgrade. Install 5.15.0.1106.112~20.04.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-tools-oracle

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-tools-oracle-5.155.15.0.1106.112~20.04.1apt_upgrade

    Standard apt upgrade. Install 5.15.0.1106.112~20.04.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-tools-oracle-5.15

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • linux-tools-oracle-edge5.15.0.1106.112~20.04.1apt_upgrade

    Standard apt upgrade. Install 5.15.0.1106.112~20.04.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y linux-tools-oracle-edge

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8462-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8462-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first
Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free (3 servers) / from $9/mo (14-day free trial) / Solo $9/mo / Pro $29/mo / Team $79/mo. Indie pricing.

Start free trial →See StackPatch →Live audit log →