On 11 February 2026 the Ubuntu security team published advisory USN-8028-1, a Linux kernel update that patches a long list of vulnerabilities scattered across several subsystems. A handful affect AMD processors, and one of them hits the confidential-computing technology SEV-SNP.
What the advisory fixes
USN-8028-1 affects Ubuntu 24.04 LTS (Noble Numbat) and updates both the generic kernel (linux) and the Raspberry Pi variant (linux-raspi). It bundles fixes that touch many kernel subsystems: ARM architectures, the cryptographic API, network drivers, file systems and virtualization components, to name a few.
The three vulnerabilities that stand out involve AMD processors:
- CVE-2024-36331: improper initialization of CPU cache memory. It could let an attacker with hypervisor access overwrite the memory of a SEV-SNP-protected guest, breaking data integrity.
- CVE-2024-36350 and CVE-2024-36357: on certain AMD processors, an attacker could infer data from previous stores, which opens the door to leaking privileged information.
What SEV-SNP is and why it matters
AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) is a processor feature meant to protect virtual-machine memory from unauthorized access, including from the hypervisor itself. It is one of the building blocks of so-called confidential computing, common in the cloud, where whoever runs the infrastructure should not be able to read or tamper with tenant data.
CVE-2024-36331 erodes exactly that guarantee: a malicious hypervisor could exploit the faulty cache initialization to corrupt the memory of a SEV-SNP guest. The threat model is demanding, since it requires control of the hypervisor, so the real impact falls mainly on cloud providers and multi-tenant environments that rely on SEV-SNP as a security boundary.
Severity
It helps to put the numbers in context. Ubuntu rates CVE-2024-36331 as medium priority, and its CVSS 3.1 score sits at just 3.2 (low), because exploitation requires hypervisor privileges. This is not a bug you fire off remotely on the first try. That said, USN-8028-1 goes well beyond these three CVEs: it is part of a very broad batch that fixes flaws capable of causing privilege escalation, denial of service or information disclosure in other subsystems. That is why the advice to update is firm.
Mitigation and patch
The only recommended mitigation is to apply the update released by Ubuntu:
- Install the fixed kernel versions:
linux6.8.0-100.100 andlinux-raspi6.8.0-1047.51 (or later). - Reboot the system so the new kernel takes effect.
- Note that this update introduces ABI changes, so any third-party kernel modules will need to be recompiled.
You can update with sudo apt update && sudo apt full-upgrade and then reboot. USN-8028-1 is part of a series of kernel advisories published throughout February 2026 (USN-8028-1, USN-8033-1, USN-8052-1, USN-8059-1), so keeping the system up to date is your best defense.
If you want to better understand how Linux limits the reach of compromised processes, see our Ubuntu entry.
Source
- Ubuntu Security Notice USN-8028-1 (Linux kernel): https://ubuntu.com/security/notices/USN-8028-1
- Vulnerability detail on NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36331