A local attacker could cause a denial of service via malformed cgroup paths (CVE-2026-29111, CVSS 5.5 MEDIUM), and a malicious device could exploit the systemd udev component to execute arbitrary code as root. The update addresses these vulnerabilities for Ubuntu 14.04 LTS, 16.04 LTS, 18.04 LTS, and 20.04 LTS.
USN-8119-1 fixed vulnerabilities in systemd. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-29111) It was discovered that the systemd udev component incorrectly handled certain fields received from the kernel. An attacker with a malicious device could possibly use this issue to execute arbitrary code as an administrator (root).