USN-8121-1

Source
https://ubuntu.com/security/notices/USN-8121-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8121-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-8121-1
Published
2026-03-24T18:11:30Z
Modified
2026-03-25T18:23:53.877309Z
Summary
linux-aws-fips vulnerability
Details

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853)

References

Affected packages

Ubuntu:Pro:FIPS-updates:20.04:LTS / linux-aws-fips

Package

Name
linux-aws-fips
Purl
pkg:deb/ubuntu/linux-aws-fips@5.4.0-1156.166+fips1?arch=source&distro=fips-updates/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-1156.166+fips1

Affected versions

5.*
5.4.0-1021.21+fips2
5.4.0-1069.73+fips2
5.4.0-1071.76+fips1
5.4.0-1072.77+fips1
5.4.0-1073.78+fips1
5.4.0-1078.84+fips1
5.4.0-1080.87+fips1
5.4.0-1081.88+fips1
5.4.0-1083.90+fips1
5.4.0-1085.92+fips1
5.4.0-1086.93+fips1
5.4.0-1088.96+fips1
5.4.0-1089.97+fips1
5.4.0-1092.100+fips1
5.4.0-1093.101+fips1
5.4.0-1094.102+fips1
5.4.0-1096.104+fips1
5.4.0-1099.107+fips1
5.4.0-1100.108+fips1
5.4.0-1101.109+fips1
5.4.0-1102.110+fips1
5.4.0-1103.111+fips1
5.4.0-1104.112+fips1
5.4.0-1105.113+fips1
5.4.0-1106.114+fips1
5.4.0-1107.115+fips1
5.4.0-1108.116+fips1
5.4.0-1109.118+fips1
5.4.0-1110.119+fips1
5.4.0-1111.120+fips1
5.4.0-1112.121+fips1
5.4.0-1113.123+fips1
5.4.0-1114.124+fips1
5.4.0-1116.126+fips1
5.4.0-1117.127+fips1
5.4.0-1118.128+fips1
5.4.0-1119.129+fips1
5.4.0-1120.130+fips1
5.4.0-1121.131+fips1
5.4.0-1122.132+fips1
5.4.0-1123.133+fips1
5.4.0-1124.134+fips1
5.4.0-1125.135+fips1
5.4.0-1126.136+fips2
5.4.0-1127.137+fips1
5.4.0-1128.138+fips1
5.4.0-1129.139+fips1
5.4.0-1130.140+fips1
5.4.0-1131.141+fips1
5.4.0-1132.142+fips1
5.4.0-1133.143+fips1
5.4.0-1134.144+fips1
5.4.0-1135.145+fips1
5.4.0-1136.146+fips1
5.4.0-1137.147+fips1
5.4.0-1139.149+fips1
5.4.0-1140.151+fips1
5.4.0-1142.153+fips1
5.4.0-1144.155+fips1
5.4.0-1145.156+fips1
5.4.0-1146.156+fips1
5.4.0-1147.157+fips1
5.4.0-1148.158+fips1
5.4.0-1149.159+fips1
5.4.0-1150.160+fips1
5.4.0-1151.161+fips1
5.4.0-1152.162+fips1
5.4.0-1153.163+fips1
5.4.0-1154.164+fips1
5.4.0-1155.165+fips1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "linux-aws-fips-headers-5.4.0-1156",
            "binary_version": "5.4.0-1156.166+fips1"
        },
        {
            "binary_name": "linux-aws-fips-tools-5.4.0-1156",
            "binary_version": "5.4.0-1156.166+fips1"
        },
        {
            "binary_name": "linux-buildinfo-5.4.0-1156-aws-fips",
            "binary_version": "5.4.0-1156.166+fips1"
        },
        {
            "binary_name": "linux-headers-5.4.0-1156-aws-fips",
            "binary_version": "5.4.0-1156.166+fips1"
        },
        {
            "binary_name": "linux-image-unsigned-5.4.0-1156-aws-fips",
            "binary_version": "5.4.0-1156.166+fips1"
        },
        {
            "binary_name": "linux-image-unsigned-hmac-5.4.0-1156-aws-fips",
            "binary_version": "5.4.0-1156.166+fips1"
        },
        {
            "binary_name": "linux-modules-5.4.0-1156-aws-fips",
            "binary_version": "5.4.0-1156.166+fips1"
        },
        {
            "binary_name": "linux-modules-extra-5.4.0-1156-aws-fips",
            "binary_version": "5.4.0-1156.166+fips1"
        },
        {
            "binary_name": "linux-tools-5.4.0-1156-aws-fips",
            "binary_version": "5.4.0-1156.166+fips1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8121-1.json"
cves_map
{
    "ecosystem": "Ubuntu:Pro:FIPS-updates:20.04:LTS",
    "cves": []
}