{"id":"USN-8402-1","summary":"systemd vulnerabilities","details":"It was discovered that systemd-nspawn incorrectly handled certain optional\nconfiguration files. A local attacker could possibly use this issue to\nescape to the host system and execute arbitrary code. (CVE-2026-40226)\n\nIt was discovered that systemd-resolved incorrectly validated DNSSEC\nrecords for signed domains. An attacker could possibly use this issue to\nmanipulate DNS records. This issue only affected Ubuntu 22.04 LTS.\n(CVE-2023-7008)","modified":"2026-06-08T23:03:52.339660669Z","published":"2026-06-08T13:17:14Z","related":["UBUNTU-CVE-2023-7008","UBUNTU-CVE-2026-40226"],"upstream":["CVE-2023-7008","CVE-2026-40226","UBUNTU-CVE-2023-7008","UBUNTU-CVE-2026-40226"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8402-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-7008"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-40226"}],"affected":[{"package":{"name":"systemd","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/systemd?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"249.11-0ubuntu3.21"}]}],"versions":["248.3-1ubuntu8","249.5-2ubuntu1","249.5-2ubuntu2","249.5-2ubuntu3","249.5-2ubuntu4","249.9-0ubuntu2","249.10-0ubuntu1","249.10-0ubuntu2","249.11-0ubuntu1","249.11-0ubuntu2","249.11-0ubuntu3","249.11-0ubuntu3.1","249.11-0ubuntu3.3","249.11-0ubuntu3.4","249.11-0ubuntu3.6","249.11-0ubuntu3.7","249.11-0ubuntu3.9","249.11-0ubuntu3.10","249.11-0ubuntu3.11","249.11-0ubuntu3.12","249.11-0ubuntu3.15","249.11-0ubuntu3.16","249.11-0ubuntu3.17","249.11-0ubuntu3.19","249.11-0ubuntu3.20"],"ecosystem_specific":{"binaries":[{"binary_version":"249.11-0ubuntu3.21","binary_name":"libnss-myhostname"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"libnss-mymachines"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"libnss-resolve"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"libnss-systemd"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"libpam-systemd"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"libsystemd0"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"libudev1"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"systemd"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"systemd-container"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"systemd-coredump"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"systemd-journal-remote"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"systemd-oomd"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"systemd-repart"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"systemd-standalone-sysusers"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"systemd-standalone-tmpfiles"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"systemd-sysv"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"systemd-tests"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"systemd-timesyncd"},{"binary_version":"249.11-0ubuntu3.21","binary_name":"udev"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8402-1.json","cves_map":{"cves":[{"id":"CVE-2023-7008","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-40226"}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"systemd","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/systemd?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"255.4-1ubuntu8.16"}]}],"versions":["253.5-1ubuntu6","253.5-1ubuntu7","255.2-3ubuntu2","255.4-1ubuntu5","255.4-1ubuntu6","255.4-1ubuntu7","255.4-1ubuntu8","255.4-1ubuntu8.1","255.4-1ubuntu8.2","255.4-1ubuntu8.4","255.4-1ubuntu8.5","255.4-1ubuntu8.6","255.4-1ubuntu8.8","255.4-1ubuntu8.10","255.4-1ubuntu8.11","255.4-1ubuntu8.12","255.4-1ubuntu8.14","255.4-1ubuntu8.15"],"ecosystem_specific":{"binaries":[{"binary_version":"255.4-1ubuntu8.16","binary_name":"libnss-myhostname"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"libnss-mymachines"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"libnss-resolve"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"libnss-systemd"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"libpam-systemd"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"libsystemd-shared"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"libsystemd0"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"libudev1"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-boot"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-boot-efi"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-container"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-coredump"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-homed"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-journal-remote"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-oomd"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-resolved"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-standalone-sysusers"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-standalone-tmpfiles"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-sysv"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-tests"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-timesyncd"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-ukify"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"systemd-userdbd"},{"binary_version":"255.4-1ubuntu8.16","binary_name":"udev"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8402-1.json","cves_map":{"cves":[{"id":"CVE-2026-40226","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}},{"package":{"name":"systemd","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/systemd?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"257.9-0ubuntu2.5"}]}],"versions":["257.4-1ubuntu3","257.6-1ubuntu1","257.7-1ubuntu1","257.7-1ubuntu3","257.8-0ubuntu2","257.9-0ubuntu1","257.9-0ubuntu2","257.9-0ubuntu2.1","257.9-0ubuntu2.3","257.9-0ubuntu2.4"],"ecosystem_specific":{"binaries":[{"binary_version":"257.9-0ubuntu2.5","binary_name":"libnss-myhostname"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"libnss-mymachines"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"libnss-resolve"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"libnss-systemd"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"libpam-systemd"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"libsystemd-shared"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"libsystemd0"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"libudev1"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-boot"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-boot-efi"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-boot-tools"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-container"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-coredump"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-cryptsetup"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-homed"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-journal-remote"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-oomd"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-repart"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-resolved"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-standalone-shutdown"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-standalone-sysusers"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-standalone-tmpfiles"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-sysv"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-tests"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-timesyncd"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-ukify"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"systemd-userdbd"},{"binary_version":"257.9-0ubuntu2.5","binary_name":"udev"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8402-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-40226"}],"ecosystem":"Ubuntu:25.10"}}}],"schema_version":"1.7.5"}