CVE coverage

Ubuntu 22.04 LTS CVE tracker

Q: How do I check Ubuntu 22.04 CVEs on a running host?

For the immediate count: `apt list --upgradable 2>/dev/null | grep -ci security`. For a per-CVE breakdown with fix versions, Noxen reads dpkg over SSH and matches installed source-package versions against the OSV Ubuntu:22.04:LTS ecosystem feed. No agent on the target.

Noxen pulls Ubuntu 22.04 CVE data from OSV.dev's Ubuntu ecosystem feed — the same source Canonical itself publishes through their security tracker. Records are deduped against NVD/VulnCheck and shipped in a signed snapshot, daily. Pro/ESM-tagged fixes are kept distinct so you can see whether a patch requires a paid subscription before clicking through.

Live

Headline numbers

Total CVE records (all distros)Loading…
Last buildLoading…
OSV records (Ubuntu + others)Loading…
NVD records (cross-platform)Loading…

How matching works

What Noxen does for an Ubuntu 22.04 host

Reads /etc/os-release over SSH to confirm the host is on Ubuntu 22.04.
Reads the dpkg package list — every binary package, plus its corresponding source package via dpkg-query --showformat='${Source}'.
Filters the local feed cache to OSV records tagged with ecosystem Ubuntu:22.04:LTS.
For each record, compares your installed version against the OSV-published fix version using the Debian/Ubuntu version-comparison rules (epoch, upstream, debian-revision).
Emits a finding only when the installed version is older than the fix. Where Ubuntu Pro / ESM-only fixes apply, they are flagged separately.

Live listings

Top recent critical CVEs (Ubuntu 22.04 / Ubuntu ecosystem)

Most-recently-published critical CVEs in the Ubuntu 22.04 / Ubuntu ecosystem. Auto-deduped to one row per CVE ID. Snapshot baked at 2026-06-12; live re-fetch on page load.

CVE	Sev.	CVSS	Summary	Package	Fix in	Published
UBUNTU-CVE-2026-46135	critical	—	In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmet_tcp_handle_icreq() updates queue->state after sending an Initialization Connection Response (ICResp), bu	linux	—	2026-05-28
UBUNTU-CVE-2026-45988	critical	—	In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get re	linux	—	2026-05-27
UBUNTU-CVE-2026-46043	critical	—	In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that the incoming packet is at least header_size(pkt) bytes long before pay	linux-azure	—	2026-05-27
UBUNTU-CVE-2026-43501	critical	—	In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6_hdr->dad	linux-hwe-edge	—	2026-05-21
UBUNTU-CVE-2026-43304	critical	—	In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has	linux-hwe-edge	—	2026-05-08
UBUNTU-CVE-2026-43197	critical	9.1	In the Linux kernel, the following vulnerability has been resolved: netconsole: avoid OOB reads, msg is not nul-terminated msg passed to netconsole from the console subsystem is not guaranteed to be nul-terminated. Before recent commit 7eab	linux-hwe-edge	—	2026-05-06
UBUNTU-CVE-2026-43125	critical	—	In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, i	linux	—	2026-05-06
UBUNTU-CVE-2026-43185	critical	—	In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smb_direct_prepare_negotiation() smb_direct_prepare_negotiation() casts an unsigned __u32 value from sp->max_recv_size and req->preferred_sen	linux-hwe-edge	—	2026-05-06

Top recent high-severity CVEs (Ubuntu 22.04 / Ubuntu ecosystem)

CVE	Sev.	CVSS	Summary	Package	Fix in	Published
UBUNTU-CVE-2026-10846	high	—	NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID,	ldns	—	2026-06-09
UBUNTU-CVE-2026-46319	high	—	In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: Only release RCU read lock after ct_ft When looking up a flow table in act_ct in tcf_ct_flow_table_get(), rhashtable_lookup_fast() internally opens and c	linux-hwe-edge	—	2026-06-09
UBUNTU-CVE-2026-46320	high	—	In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tap_get_user_xdp() tap_get_user_xdp() rejects a frame shorter than ETH_HLEN with -EINVAL, and returns -ENOMEM when build_skb() fails. Both	linux-hwe-edge	—	2026-06-09
UBUNTU-CVE-2026-45447	high	—	Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote c	openssl	1.0.1f-1ubuntu2.27+esm14	2026-06-09
UBUNTU-CVE-2026-46277	high	—	In the Linux kernel, the following vulnerability has been resolved: mm/zone_device: do not touch device folio after calling ->folio_free() The contents of a device folio can immediately change after calling ->folio_free(), as the folio may	linux-hwe-edge	—	2026-06-08
UBUNTU-CVE-2026-46304	high	—	In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free nvmet_tcp_release_queue_work() runs on nvmet-wq and can drop the final controller reference through nvmet_cq_put().	linux-azure	—	2026-06-08
UBUNTU-CVE-2026-46311	high	—	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the mapping data properly. This fixes the securi	linux-hwe-edge	—	2026-06-08
UBUNTU-CVE-2025-71315	high	—	In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank	linux-hwe-edge	—	2026-06-08

New to severity terminology? CVE, CVSS, CWE, CPE explained.

Notable

Recent CVEs Ubuntu 22.04 operators should know.

CVE-2024-6387 (regreSSHion) — OpenSSH signal-handler race producing pre-auth RCE.. Ubuntu advisory · Noxen deep-dive.
CVE-2024-3094 (xz backdoor) — Supply-chain backdoor in xz-utils 5.6.0 / 5.6.1.. Ubuntu advisory · Noxen deep-dive.
CVE-2024-1086 (nf_tables UAF) — Linux kernel privilege-escalation, observed in the wild.. Ubuntu advisory.
CVE-2026-31431 (kernel algif_aead) — Local privilege escalation in the kernel's userspace AEAD interface.. Ubuntu advisory · Noxen deep-dive.

FAQ

Frequently asked about Ubuntu 22.04 CVEs

How many CVEs affect Ubuntu 22.04 LTS?

Ubuntu 22.04 LTS (Jammy) sits inside the 2-million+ Ubuntu ecosystem feed Noxen consumes (OSV.dev + NVD). The 22.04 subset is filtered by ecosystem tag (Ubuntu:22.04:LTS) and rebuilt daily; live counts at the top of this page.

How do I check Ubuntu 22.04 CVEs on a running host?

For the immediate count: apt list --upgradable 2>/dev/null | grep -ci security. For a per-CVE breakdown with fix versions, Noxen reads dpkg over SSH and matches installed source-package versions against the OSV Ubuntu:22.04:LTS ecosystem feed. No agent on the target.

Is Ubuntu 22.04 still supported in 2026?

Yes. Ubuntu 22.04 LTS receives standard security updates from Canonical until April 2027 (5-year LTS window). Ubuntu Pro / ESM extends paid coverage through April 2032 — extended-window CVE fixes appear in the feed tagged Ubuntu:Pro:22.04:LTS. Many homelab and small-fleet operators are still on 22.04 because the 24.04 upgrade hasn't pulled them yet.

What's different between Ubuntu 22.04 and 24.04 CVE coverage?

Same data source (OSV.dev's Ubuntu ecosystem feed). Difference is the package versions and what's been backported. A CVE patched upstream in OpenSSH 9.8 gets a 22.04 backport into openssh-server 1:8.9p1-3ubuntu0.10+esm2 (note the +esm2 suffix indicating Pro/ESM channel) and a separate 24.04 backport into 1:9.6p1-3ubuntu13.3. Noxen matches against the right per-release fix version automatically.

Does Noxen need Ubuntu Pro to scan 22.04 hosts?

No. The CVE feed Noxen consumes is publicly available regardless of Pro. What Pro provides is access to the actual fix packages (via Canonical's ESM channels). Noxen will tell you the host needs Pro to install the patched version when the only available fix is ESM-gated; the scan itself doesn't require a subscription.

Scan an Ubuntu 22.04 fleet with Noxen

Add your Ubuntu 22.04 hosts via your existing ~/.ssh/config; Noxen reads dpkg state and matches against the live signed feed. No agent, no SaaS round-trip. $79 one-time.

← back to the CVE dashboard Ubuntu 24.04 → Ubuntu 20.04 →