A local attacker can cause a denial of service via cgroup path mishandling (CVE-2026-29111, CVSS 5.5), and an attacker with a malicious device can achieve root code execution via the udev component. The vulnerabilities affect Ubuntu 25.10, 24.04 LTS, and 22.04 LTS with specific outdated systemd package versions. A system update and reboot are required to apply the fixes, which upgrade the packages to versions like `257.9-0ubuntu2.3` for Ubuntu 25.10.
Ubuntu Security Notices USN-8119-1 USN-8119-1: systemd vulnerabilities Publication date 23 March 2026 Overview Several security issues were fixed in systemd. Releases 25.10 24.04 LTS 22.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages systemd - system and service manager Details It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. ( CVE-2026-29111 ) It was discovered that the systemd udev component incorrectly handled certain fields received from the kernel. An attacker with a malicious device could possibly use this issue to execute arbitrary code as an administrator (root). It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. ( CVE-2026-29111 ) It was discovered that the systemd udev component incorrectly handled certain fields received from the kernel. An attacker with a malicious device could possibly use this issue to execute arbitrary code as an administrator (root). Update instructions After a standard system update you need to reboot your computer to make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 25.10 questing libsystemd0 – 257.9-0ubuntu2.3 libudev1 – 257.9-0ubuntu2.3 systemd – 257.9-0ubuntu2.3 udev – 257.9-0ubuntu2.3 24.04 LTS noble libsystemd0 – 255.4-1ubuntu8.14 libudev1 – 255.4-1ubuntu8.14 systemd – 255.4-1ubuntu8.14 udev – 255.4-1ubuntu8.14 22.04 LTS jammy libsystemd0 – 249.11-0ubuntu3.19 libudev1 – 249.11-0ubuntu3.19 systemd – 249.11-0ubuntu3.19 udev – 249.11-0ubuntu3.19 Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2026-29111 CVE-2026-29111