This page lists publicly disclosed CVE vulnerabilities affecting canonical ubuntu_linux (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-47337 | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops. | [email protected] | 3.3 | 0.01% | 2026-05-28 | 2026-05-29 |
| CVE-2026-47336 | Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an unprivileged local user and could result in incorrect fine-grained mediation of network sockets. | [email protected] | 3.3 | 0.01% | 2026-05-28 | 2026-05-29 |
| CVE-2026-47335 | Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel panic. | [email protected] | 5.5 | 0.01% | 2026-05-28 | 2026-05-29 |
| CVE-2026-31431 KEV | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 2.23% | 2026-04-22 | 2026-05-21 |
| CVE-2026-3888 | Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS. | [email protected] | 7.8 | 0.01% | 2026-03-17 | 2026-06-04 |
| CVE-2026-3497 | Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program with | [email protected] | 6.9 | 0.06% | 2026-03-12 | 2026-06-02 |
| CVE-2025-32463 KEV | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | [email protected] | 9.3 | 57.34% | 2025-06-30 | 2025-11-05 |
| CVE-2025-5054 | Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport | [email protected] | 4.7 | 0.01% | 2025-05-30 | 2025-11-03 |
| CVE-2023-5616 | In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user. | [email protected] | 4.9 | 0.05% | 2025-04-15 | 2025-08-26 |
| CVE-2022-1804 | accountsservice no longer drops permissions when writting .pam_environment | [email protected] | 5.5 | 0.08% | 2025-03-25 | 2025-08-26 |
| CVE-2025-26466 | A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. | [email protected] | 5.9 | 62.37% | 2025-02-28 | 2026-02-10 |
| CVE-2022-1736 | Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default. | [email protected] | 9.8 | 0.47% | 2025-01-31 | 2025-08-26 |
| CVE-2024-6387 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | [email protected] | 8.1 | 63.83% | 2024-07-01 | 2026-05-12 |
| CVE-2020-27352 | When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended. | [email protected] | 9.3 | 0.14% | 2024-06-21 | 2025-08-26 |
| CVE-2022-28658 | Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | [email protected] | 5.5 | 0.04% | 2024-06-04 | 2024-11-21 |
| CVE-2022-28657 | Apport does not disable python crash handler before entering chroot | [email protected] | 7.8 | 0.05% | 2024-06-04 | 2024-11-21 |
| CVE-2022-28656 | is_closing_session() allows users to consume RAM in the Apport process | [email protected] | 5.5 | 0.04% | 2024-06-04 | 2025-03-19 |
| CVE-2022-28655 | is_closing_session() allows users to create arbitrary tcp dbus connections | [email protected] | 7.1 | 0.04% | 2024-06-04 | 2024-11-21 |
| CVE-2022-28654 | is_closing_session() allows users to fill up apport.log | [email protected] | 5.5 | 0.04% | 2024-06-04 | 2024-11-21 |
| CVE-2022-28652 | ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | [email protected] | 5.5 | 0.04% | 2024-06-04 | 2025-03-13 |