Software description
- aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1159, >= 5.15.0-1000, >= 6.8.0-1008)
- aws-5.15 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
- aws-6.8 – Linux kernel for Amazon Web Services (AWS) systems - (>= 6.8.0-1000)
- azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.15.0-1000, >= 6.8.0-1007)
- azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1168)
- azure-5.15 – Linux kernel for Microsoft Azure cloud systems - (>= 5.15.0-1069)
- gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000, >= 6.8.0-1007)
- gcp-4.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 4.15.0-1154)
- gcp-5.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
- gcp-6.8 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 6.8.0-1000)
- generic-4.15 – Linux kernel - (>= 4.15.0-214)
- generic-5.15 – Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
- generic-5.4 – Linux kernel - (>= 5.4.0-150, >= 5.4.0-26)
- aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1159, >= 5.15.0-1000, >= 6.8.0-1008)
- aws-5.15 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
- aws-6.8 – Linux kernel for Amazon Web Services (AWS) systems - (>= 6.8.0-1000)
- azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.15.0-1000, >= 6.8.0-1007)
- azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1168)
- azure-5.15 – Linux kernel for Microsoft Azure cloud systems - (>= 5.15.0-1069)
- gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000, >= 6.8.0-1007)
- gcp-4.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 4.15.0-1154)
- gcp-5.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
- gcp-6.8 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 6.8.0-1000)
- generic-4.15 – Linux kernel - (>= 4.15.0-214)
- generic-5.15 – Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
- generic-5.4 – Linux kernel - (>= 5.4.0-150, >= 5.4.0-26)
- gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.15.0-1000)
- ibm – Linux kernel for IBM cloud systems - (>= 5.15.0-1000, >= 6.8.0-1005)
- ibm-5.15 – Linux kernel for IBM cloud systems - (>= 5.15.0-1000)
- ibm-6.8 – Linux kernel for IBM cloud systems - (>= 6.8.0-1000)
- linux – Linux kernel - (>= 5.15.0-71, >= 5.15.0-24, >= 6.8.0-1)
- lowlatency-4.15 – Linux kernel - (>= 4.15.0-214)
- lowlatency-5.15 – Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
- lowlatency-5.4 – Linux kernel - (>= 5.4.0-150, >= 5.4.0-26)
- oracle – Linux kernel for Oracle Cloud systems - (>= 4.15.0-1129, >= 5.15.0-1055, >= 6.8.0-1005)
- oracle-5.15 – Linux kernel for Oracle Cloud systems - (>= 5.15.0-1055)
Details
In the Linux kernel, the following vulnerability has been
resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If
kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we
propagate the error back to the ioctl but leave the vGIC vCPU data
initialised.
In the Linux kernel, the following vulnerability has been
resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length
or offset exceeds sg_cnt and then use bogus sg->length/offset values,
leading to _copy_to_iter() GPF/KASAN.
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container.)(CVE-2026-31431)
In the Linux kernel, the following vulnerability has been
resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If
kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we
propagate the error back to the ioctl but leave the vGIC vCPU data
initialised.
In the Linux kernel, the following vulnerability has been
resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length
or offset exceeds sg_cnt and then use bogus sg->length/offset values,
leading to _copy_to_iter() GPF/KASAN.
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container.)(CVE-2026-31431)
Checking update status
To check your kernel type and Livepatch version, enter this command:
canonical-livepatch statusThe problem can be corrected in these Livepatch versions:
| Kernel type | 24.04 | 22.04 | 20.04 | 18.04 |
|---|---|---|---|---|
| aws | 120.2 | 120.2 | — | 120.2 |
| aws-5.15 | — | — | 120.2 | — |
| aws-6.8 | — | 120.2 | — | — |
| azure | 120.2 | 120.2 | — | — |
| azure-4.15 | — | — | — | 120.2 |
| azure-5.15 | — | — | 120.2 | — |
| gcp | 120.2 | 120.2 | — | — |
| gcp-4.15 | — | — | — | 120.2 |
| gcp-5.15 | — | — | 120.2 | — |
| gcp-6.8 | — | 120.2 | — | — |
| generic-4.15 | — | — | — | 120.2 |
| generic-5.15 | — | — | 120.2 | — |
| generic-5.4 | — | — | 120.2 | 120.2 |
| gke | — | 120.2 | — | — |
| ibm | 120.2 | 120.2 | — | — |
| ibm-5.15 | — | — | 120.2 | — |
| ibm-6.8 | — | 120.2 | — | — |
| linux | 120.2 | 120.2 | — | — |
| lowlatency-4.15 | — | — | — | 120.2 |
| lowlatency-5.15 | — | — | 120.2 | — |
| lowlatency-5.4 | — | — | 120.2 | 120.2 |
| oracle | 120.2 | 120.2 | — | 120.2 |
| oracle-5.15 | — | — | 120.2 | — |
References
Have additional questions?