{"id":"USN-8149-2","summary":"linux-oracle, linux-oracle-6.17, linux-raspi vulnerabilities","details":"Several security issues were discovered in the Linux kernel.\nAn attacker could possibly use these to compromise the system.\nThis update corrects flaws in the following subsystems:\n  - Cryptographic API;\n  - Netfilter;\n  - Network traffic control;\n(CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)\n","modified":"2026-04-13T12:59:27.309978634Z","published":"2026-04-09T00:05:19Z","related":["UBUNTU-CVE-2026-23060","UBUNTU-CVE-2026-23074","UBUNTU-CVE-2026-23111"],"upstream":["CVE-2026-23060","CVE-2026-23074","CVE-2026-23111","UBUNTU-CVE-2026-23060","UBUNTU-CVE-2026-23074","UBUNTU-CVE-2026-23111"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8149-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-23060"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-23074"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-23111"}],"affected":[{"package":{"name":"linux-oracle-6.17","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/linux-oracle-6.17@6.17.0-1010.10~24.04.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.17.0-1010.10~24.04.1"}]}],"versions":["6.17.0-1004.4~24.04.2","6.17.0-1007.7~24.04.1","6.17.0-1009.9~24.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-buildinfo-6.17.0-1010-oracle","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-buildinfo-6.17.0-1010-oracle-64k","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-headers-6.17.0-1010-oracle","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-headers-6.17.0-1010-oracle-64k","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-image-unsigned-6.17.0-1010-oracle","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-image-unsigned-6.17.0-1010-oracle-64k","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-modules-6.17.0-1010-oracle","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-modules-6.17.0-1010-oracle-64k","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-modules-extra-6.17.0-1010-oracle","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-modules-extra-6.17.0-1010-oracle-64k","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-oracle-6.17-headers-6.17.0-1010","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-oracle-6.17-tools-6.17.0-1010","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-tools-6.17.0-1010-oracle","binary_version":"6.17.0-1010.10~24.04.1"},{"binary_name":"linux-tools-6.17.0-1010-oracle-64k","binary_version":"6.17.0-1010.10~24.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8149-2.json","cves_map":{"cves":[{"id":"CVE-2026-23060","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-23074","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-23111","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}},{"package":{"name":"linux-oracle","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/linux-oracle@6.17.0-1010.10?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.17.0-1010.10"}]}],"versions":["6.14.0-1005.5","6.14.0-1007.7+25.10.1","6.16.0-1001.1","6.17.0-1001.1","6.17.0-1002.2","6.17.0-1003.3","6.17.0-1005.5","6.17.0-1006.6","6.17.0-1007.7","6.17.0-1009.9"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-buildinfo-6.17.0-1010-oracle","binary_version":"6.17.0-1010.10"},{"binary_name":"linux-buildinfo-6.17.0-1010-oracle-64k","binary_version":"6.17.0-1010.10"},{"binary_name":"linux-headers-6.17.0-1010-oracle","binary_version":"6.17.0-1010.10"},{"binary_name":"linux-headers-6.17.0-1010-oracle-64k","binary_version":"6.17.0-1010.10"},{"binary_name":"linux-image-unsigned-6.17.0-1010-oracle","binary_version":"6.17.0-1010.10"},{"binary_name":"linux-image-unsigned-6.17.0-1010-oracle-64k","binary_version":"6.17.0-1010.10"},{"binary_name":"linux-modules-6.17.0-1010-oracle","binary_version":"6.17.0-1010.10"},{"binary_name":"linux-modules-6.17.0-1010-oracle-64k","binary_version":"6.17.0-1010.10"},{"binary_name":"linux-oracle-headers-6.17.0-1010","binary_version":"6.17.0-1010.10"},{"binary_name":"linux-oracle-tools-6.17.0-1010","binary_version":"6.17.0-1010.10"},{"binary_name":"linux-tools-6.17.0-1010-oracle","binary_version":"6.17.0-1010.10"},{"binary_name":"linux-tools-6.17.0-1010-oracle-64k","binary_version":"6.17.0-1010.10"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8149-2.json","cves_map":{"cves":[{"id":"CVE-2026-23060","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-23074","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-23111","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:25.10"}}},{"package":{"name":"linux-raspi","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/linux-raspi@6.17.0-1011.11?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.17.0-1011.11"}]}],"versions":["6.14.0-1005.5","6.17.0-1003.3","6.17.0-1004.4","6.17.0-1005.5","6.17.0-1006.6","6.17.0-1007.7","6.17.0-1008.8","6.17.0-1010.10"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-buildinfo-6.17.0-1011-raspi","binary_version":"6.17.0-1011.11"},{"binary_name":"linux-headers-6.17.0-1011-raspi","binary_version":"6.17.0-1011.11"},{"binary_name":"linux-image-6.17.0-1011-raspi","binary_version":"6.17.0-1011.11"},{"binary_name":"linux-modules-6.17.0-1011-raspi","binary_version":"6.17.0-1011.11"},{"binary_name":"linux-raspi-headers-6.17.0-1011","binary_version":"6.17.0-1011.11"},{"binary_name":"linux-raspi-tools-6.17.0-1011","binary_version":"6.17.0-1011.11"},{"binary_name":"linux-tools-6.17.0-1011-raspi","binary_version":"6.17.0-1011.11"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8149-2.json","cves_map":{"cves":[{"id":"CVE-2026-23060","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-23074","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-23111","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:25.10"}}}],"schema_version":"1.7.5"}