https://ubuntu.com//blog/feedUbuntu blog feedhttp://www.rssboard.org/rss-specificationPython FeedgenThu, 21 May 2026 19:07:27 +0000https://ubuntu.com//blog/developing-web-apps-with-local-llm-inference<p>I’ve yet to meet a developer that enjoys working with metered AI APIs. The need to pay for every API call in development works in direct opposition to the ethos of rapid iteration, and it’s easy for the costs to get out of hand. That’s why Canonical has created a different approach to building AI-powered [&hellip;]</p> <p>I’ve yet to meet a developer that enjoys working with metered AI APIs. The need to pay for every API call in development works in direct opposition to the ethos of rapid iteration, and it’s easy for the costs to get out of hand. That’s why Canonical has created a different approach to building AI-powered applications; one where the model lives inside your app, not behind a pay-per-token HTTP call. This post walks through the ideas behind <strong>Embedded AI</strong> – integrating local LLM inference directly into your app – and demonstrates those ideas in practice on the NVIDIA DGX Spark.</p> <h2 class="wp-block-heading"><strong>The problem with remote AI services</strong></h2> <p>Today’s default architecture for AI-powered applications is a hub-and-spoke model: multiple applications each call out to a shared AI service (OpenAI, Anthropic, Google Gemini, etc.). That service is responsible for running inference, metering usage, enforcing rate limits, and billing you by the token.</p> <p>This model solves one real problem: you do not have to manage GPU infrastructure yourself. But it introduces several others:</p> <ol> <li><strong>Cost unpredictability.</strong> Every call has a marginal cost. In development, where you iterate fast and make many exploratory requests, those costs compound quickly and often surprise teams mid-sprint.</li> <li><strong>Network latency.</strong> A round-trip to a remote API adds tens to hundreds of milliseconds per request. For applications that chain multiple model calls (agents, RAG pipelines, multi-step reasoning), the latency accumulates and degrades user experience.</li> <li><strong>Data privacy.</strong> Sending sensitive data to a third-party service requires trust in that service’s data policies, creates compliance complexity, and may simply be prohibited in regulated industries.</li> <li><strong>Dev-to-production friction.</strong> Development environments stub the API or use different credentials than production. Configuration drift, mock/real mismatches, and environment-specific behavior all stem from the fact that the “AI” in development is not the same thing as the “AI” in production.</li> <li><strong>Operational complexity.</strong> Rotating API keys, managing quotas across teams, handling upstream outages, and understanding why a model behaves differently today versus last week are all problems that come bundled with remote AI services.</li> </ol> <h2 class="wp-block-heading"><strong>From AI services to local LLM inference</strong></h2> <figure class="wp-block-image size-full"><img alt="" height="686" loading="lazy" sizes="(min-width: 1600px) 1600px, 100vw" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1600/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fd2e0%2Fimage.png" srcset="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_460/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fd2e0%2Fimage.png 460w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_620/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fd2e0%2Fimage.png 620w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1036/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fd2e0%2Fimage.png 1036w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1681/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fd2e0%2Fimage.png 1681w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1920/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fd2e0%2Fimage.png 1920w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1600/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fd2e0%2Fimage.png 1600w" width="1600"/></figure> <p>The idea behind Embedded AI is straightforward: treat the model and its inference runtime the way you already treat a software package as a <strong>local dependency of your application</strong>, not as a remote third-party service.</p> <p>Instead of three apps all calling a shared external endpoint:</p> <ul> <li>APP 1 ──┐</li> <li>APP 2 ──┤──► AI Service (remote, metered, shared)</li> <li>APP 3 ──┘</li> </ul> <p>Each app packages and runs its own inference engine:</p> <ul> <li>APP 1 + AI  (local, free at runtime, isolated)</li> <li>APP 2 + AI  (local, free at runtime, isolated)</li> <li>APP 3 + AI  (local, free at runtime, isolated)</li> </ul> <p>This idea mirrors how organizations moved from server-side database instances to local SQLite, or from shared Redis clusters to in-process caches for appropriate workloads. The question is whether the hardware and the packaging tooling have caught up enough to make it practical.</p> <p>In 2026, the answer is increasingly yes.</p> <h2 class="wp-block-heading"><strong>Inference snaps: installing AI like a package</strong></h2> <p>The friction in running local LLM inference has historically been setup complexity: installing NVIDIA CUDA drivers, choosing the right quantization for your GPU’s VRAM, configuring the inference server, managing updates. Canonical’s <a href="https://github.com/canonical/inference-snaps">inference snaps</a> solve this.</p> <p>An inference snap packages together:</p> <ul> <li><strong>The model weights</strong> in a format optimized for local hardware</li> <li><strong>The inference runtime</strong> (llama.cpp, vLLM, or others, selected automatically)</li> <li><strong>Hardware-specific optimizations</strong> (quantization level, batching strategy, inference engine selection)</li> <li><strong>A standard OpenAI-compatible HTTP API</strong> exposed locally</li> <li><strong>Dependency management and automatic updates</strong> via the Snap store</li> </ul> <p>The snap’s engine manager detects your hardware at install time and selects the engine that makes best use of your CPU, GPU, or NPU. You do not choose quantization manually. You do not install CUDA toolkit by hand. You run one command:</p> <pre class="wp-block-code"><code>sudo snap install gemma3</code></pre> <p>With that, you have a locally running Gemma 3 inference server exposing an OpenAI-compatible endpoint, hardware-optimized, with automatic updates. The model is immediately usable from any application that knows how to make an HTTP call.</p> <p>Snaps expose a content interface mechanism that lets other snaps (your application) read the endpoint URL from a shared status.json file:</p> <p>sudo snap connect demo-app:inference-snap-status gemma3:status</p> <p>After this connection, your application can read exactly where the inference endpoint is listening without any configuration file or environment variable management. The snap system handles the plumbing.</p> <h2 class="wp-block-heading"><strong>The reference implementations</strong></h2> <p>The<a href="https://github.com/abdelrahmanhosny/embedded-ai"> embedded-ai</a> repository contains two concrete examples, both built as snaps themselves, so they integrate cleanly with the inference snap ecosystem.</p> <h3 class="wp-block-heading"><strong>App 1: simple chat</strong></h3> <p>The first example (<code>_01_simple_chat</code>) is deliberately minimal. It demonstrates the core pattern: a snap-packaged Python application that reads the inference endpoint from the Gemma 3 snap’s status interface and streams a chat completion to stdout.</p> <p><strong>Building and running:</strong></p> <pre class="wp-block-code"><code># Build the snap cd _01_simple_chat &amp;&amp; snapcraft pack   # or: make build # Install it sudo snap install demo-app_*.snap --dangerous --devmode # Connect it to the inference snap sudo snap connect demo-app:inference-snap-status gemma3:status # Run it demo-app</code></pre> <p>The app streams a single chat completion using the model exposed by the inference snap. Because the inference snap exposes an <strong>OpenAI-compatible API</strong>, the Python code looks identical to code that calls api.openai.com; except the base URL points to localhost and there is no API key. The model runs on your machine. The cost of that call is electricity.</p> <p>This pattern has an important architectural implication: <strong>your application code is decoupled from the specific model</strong>. Swap gemma3 for a different inference snap (say, qwen-vl or nemotron-3-nano), re-run the snap connect, and your app works against the new model with zero code changes.</p> <h3 class="wp-block-heading"><strong>App 2: PDF summarizer</strong></h3> <p>The second example (<code>_02_pdf_summarizer</code>) shows a more realistic use case: processing a document and generating a summary using the local model.</p> <p><strong>Building and running:</strong></p> <pre class="wp-block-code"><code># Build the snap cd _02_pdf_summarizer &amp;&amp; snapcraft pack   # or: make build # Install it sudo snap install pdf-summarizer_*.snap --dangerous --devmode # Connect to the inference snap sudo snap connect pdf-summarizer:inference-snap-status gemma3:status # Summarize a PDF pdf-summarizer /path/to/document.pdf</code></pre> <p>The app reads the PDF from disk, sends its content to the local LLM inference endpoint, and streams a concise summary to stdout. Notice what is <strong>not</strong> happening here: the PDF contents are not leaving your machine. They are not being sent to a third-party API. There is no data processing agreement to worry about, no risk of training data contamination, no latency from a WAN round-trip. The model reads your document locally and gives you an answer.</p> <p>For enterprise use cases involving legal documents, medical records, financial reports, or any other sensitive material, this distinction is often the deciding factor in whether AI-powered features can be built at all.</p> <p><strong>Why package your app as a snap too?</strong></p> <p>You might wonder: why package the demo apps themselves as snaps? You could just run a Python script that calls localhost:PORT.</p> <p>The answer is about distribution and dependency management. When your application is a snap:</p> <ol> <li><strong>Dependencies are bundled.</strong> Your Python version, pip packages, and any native libraries are frozen in the snap. No <code>virtualenv</code> setup, no <code>pip install -r requirements.txt</code> on the target machine.</li> <li><strong>The content interface works cleanly.</strong> The snap system’s connection mechanism lets your app and the inference snap share a secure, well-defined channel for discovering the endpoint URL. This is cleaner than environment variables or config files and works correctly across snap updates.</li> <li><strong>Your app updates like software.</strong> Snap updates are atomic and rollback-safe. If an update breaks something, you revert with one command.</li> <li><strong>You ship once, run anywhere Ubuntu runs.</strong> The same snap package that runs on your DGX Spark runs on an Ubuntu server in a data centre, on edge devices with a supported GPU, or on any Ubuntu Certified hardware.</li> </ol> <p>This is the realization of the dev-to-production parity promise: you develop, test, and ship the same artifact.</p> <h2 class="wp-block-heading"><strong>When does local LLM inference make sense?</strong></h2> <p>Local AI is not the right answer for every situation. It makes the most sense when:</p> <p><strong>Privacy is a hard requirement.</strong> Legal, medical, financial, or government workloads where data cannot leave the premises are natural fits.</p> <p><strong>Latency matters.</strong> Applications that call the model in a tight loop (agents, real-time assistants, streaming pipelines) benefit enormously from eliminating network round-trips.</p> <p><strong>Costs would otherwise scale with usage.</strong> Internal tools used heavily by a team, e.g. code review assistants, document summarizers, knowledge base Q&amp;A, accumulate token costs fast. A one-time hardware investment can amortize quickly against ongoing API bills.</p> <p><strong>Dev-to-production parity is important.</strong> Teams that are tired of “works against the API in dev, behaves differently in prod” issues benefit from having the exact same model and runtime in every environment.</p> <p><strong>Offline or air-gapped environments.</strong> Manufacturing floors, research labs, field deployments, and any environment without reliable internet connectivity need local inference by necessity.</p> <p>It is less suitable for workloads that genuinely need frontier model scale (where a 70B local model is not competitive with a 200B+ remote one), or for sporadic, low-volume AI use where the hardware investment does not justify itself.</p> <h2 class="wp-block-heading"><strong>Getting started</strong></h2> <p>Everything described in this post is open source and documented:</p> <p><a href="https://documentation.ubuntu.com/inference-snaps/">Inference snaps documentation and tutorials</a></p> <p><a href="http://github.com/canonical/inference-snaps">Inference snaps source</a></p> <p><a href="https://github.com/abdelrahmanhosny/embedded-ai">Reference implementations</a></p> <p>The fastest path to running your first locally-inferred completion:</p> <pre class="wp-block-code"><code># 1. Install the model snap sudo snap install gemma3 # 2. Clone the reference repo git clone https://github.com/abdelrahmanhosny/embedded-ai.git cd embedded-ai/_01_simple_chat # 3. Build and install the demo app snap snapcraft pack        # or: make build sudo snap install demo-app_*.snap --dangerous --devmode # 4. Connect the app to the inference snap sudo snap connect demo-app:inference-snap-status gemma3:status # 5. Run it demo-app</code></pre> <p>That is all it takes to go from zero to a locally-running, hardware-optimized, OpenAI-compatible LLM serving your application; no API key, no monthly bill, no data leaving your machine.</p> <hr class="wp-block-separator has-alpha-channel-opacity"/> <p><em>The code examples in this post reference the embedded-ai repository at commit main as of May 2026. The Inference Snaps project is maintained by Canonical under an open source license.</em></p> Abdelrahman Hosny (Abdelrahman Hosny)AIInference SnapsUbuntuThu, 21 May 2026 14:19:46 +0000https://ubuntu.com//blog/pintheft-linux-kernel-vulnerability-mitigation<p>A local privilege escalation (LPE) security vulnerability in the Linux kernel, codename “PinTheft,” was publicly disclosed on May 19, 2026. The vulnerability was fixed in the mainline Linux kernel tree. A proof-of-concept exploit was published along with public disclosure. The vulnerability does not have a CVE ID assigned at the moment; other discovering teams may [&hellip;]</p> <p>A local privilege escalation (LPE) security vulnerability in the Linux kernel, codename “PinTheft,” was publicly disclosed on May 19, 2026. The vulnerability was <a href="https://github.com/torvalds/linux/commit/e174929793195e0cd6a4adb0cad731b39f9019b4">fixed</a> in the mainline Linux kernel tree. A proof-of-concept exploit was published along with public disclosure. The vulnerability does not have a CVE ID assigned at the moment; other discovering teams may have given this issue other names. Ubuntu installations are only impacted if they use RDS (Reliable Datagram Sockets), a protocol generally used for high-performance computing (HPC).   The default Ubuntu configuration disables the automatic loading of the module affected by this vulnerability.</p> <p>The vulnerability is a reference count bug that allows poisoning the page cache with malicious contents, similar to Copy Fail (CVE-2026-31431) or Dirty COW (CVE-2016-5195).</p> <p>The vulnerability does not have a CVSS score assigned yet. Canonical assesses the vulnerability to have a CVSS 3.1 score of 7.8, corresponding to a High severity. The Ubuntu Priority assigned is Medium, the local privilege escalation to root from unprivileged users is balanced against the default configuration of Ubuntu being safe against this issue. Ubuntu uses a <code>/etc/modprobe.d/blacklist-rare-network.conf</code> configuration file that disables rarely used network protocols, including the affected RDS.</p> <h1 class="wp-block-heading">Impact</h1> <p>The vulnerability allows an attacker to replace the in-memory contents of arbitrary files. The disk contents are not affected, but programs that read a file, make changes, and write the data back may make the changes persistent.</p> <p>The published proof of concept exploit rewrites a setuid executable with a very short program that grants root privileges to an unprivileged local user with very high reliability.</p> <p> The impact of the vulnerability is unclear in containerized environments. It’s possible that an attacker in a container cannot use this to escape the container themselves, but could corrupt data for other containers or the main host, and if the raw storage for files is shared, could choose their targets.</p> <h1 class="wp-block-heading">Affected releases</h1> <p>The default configuration of all Ubuntu releases is not affected, either because the relevant kernels do not have the issue, or because the issue is mitigated in the shipped configuration.</p> <p>Ubuntu kernel images for 16.04 LTS and earlier do not have the issue.</p> <p>Ubuntu kernel images on Focal Fossa (20.04 LTS) and later are affected. Ubuntu Bionic Beaver (18.04 LTS) only has the vulnerable code on the HWE kernel versions (5.4).</p> <p>In Ubuntu, the vulnerability fix will be distributed through the Linux kernel image packages. Until the Linux kernel security update is available, the default Ubuntu configuration is not affected because it disables the vulnerable kernel module from automatically loading. This default mitigation impacts programs that use RDS networking. Users that need this functionality would have to explicitly load the rds module, a configuration that would allow this vulnerability to be exploited.</p> <figure class="wp-block-table"><table><tbody><tr><td><strong>Release</strong></td><td><strong>Package Name</strong></td><td><strong>Fixed Version</strong></td></tr><tr><td>Trusty Tahr (14.04 LTS)</td><td>linux</td><td>Not affected</td></tr><tr><td>Xenial Xerus (16.04 LTS)</td><td>linux</td><td>Not affected</td></tr><tr><td>Bionic Beaver (18.04 LTS)</td><td>linux</td><td>Linux 4.15 – not affected<br/>Linux 5.4 (HWE) – mitigated in default configuration</td></tr><tr><td>Focal Fossa (20.04 LTS)</td><td>linux</td><td>Mitigated in default configuration</td></tr><tr><td>Jammy Jellyfish (22.04 LTS)</td><td>linux</td><td>Mitigated in default configuration</td></tr><tr><td>Noble Numbat (24.04 LTS)</td><td>linux</td><td>Mitigated in default configuration</td></tr><tr><td>Questing Quokka (25.10)</td><td>linux</td><td>Mitigated in default configuration</td></tr><tr><td>Resolute Raccoon (26.04 LTS)</td><td>linux</td><td>Mitigated in default configuration</td></tr></tbody></table></figure> <h1 class="wp-block-heading">How to check if you are impacted</h1> <p>Confirm that the <code>rds</code> module is not currently loaded:</p> <pre class="wp-block-code"><code>lsmod | grep -qE '^rds ' &amp;&amp; echo "Module is loaded (vulnerable)" || echo "Module is NOT loaded"</code></pre> <p>Ensure that the automatic loading of the module is disabled:</p> <pre class="wp-block-code"><code>grep -rqE '^alias net-pf-21 off' /etc/modprobe.d/ &amp;&amp; echo "Automatic loading disabled (NOT vulnerable)" || echo "Automatic loading possible (vulnerable)"</code></pre> <p>Ensure that the module is not loaded at boot time:</p> <pre class="wp-block-code"><code>grep -rqE '^rds' /etc/modules-load.d/ /usr/lib/modules-load.d/ &amp;&amp; echo "Module is loaded at boot time (vulnerable)" || echo "Module is not loaded at boot time (NOT vulnerable)"</code></pre> <h1 class="wp-block-heading">Manual mitigation</h1> <p>No manual mitigation is necessary on default Ubuntu systems. If you previously enabled RDS on your systems, you may disable it from automatically loading again via:</p> <pre class="wp-block-code"><code>rmmod rds<br/>echo "alias net-pf-21 off" | sudo tee /etc/modprobe.d/blacklist-rds.conf</code></pre> <h1 class="wp-block-heading">Disabling the mitigation</h1> <p>Once kernel updates are available and installed, the mitigation can be removed if you must run RDS applications:</p> <pre class="wp-block-code"><code>sudo rm /etc/modprobe.d/blacklist-rds.conf</code></pre> <p>We recommend that you do not disable this mitigation unless you must run RDS.</p> Luci Stanescu (Luci Stanescu)SecurityVulnerabilitiesThu, 21 May 2026 12:30:51 +0000https://ubuntu.com//blog/managed-kubeflow-microsoft-azure-canonical-release<p>Canonical has announced the general availability of Managed Kubeflow on the Microsoft Azure Marketplace. This fully managed MLOps platform allows enterprise AI teams to deploy a production-ready environment in under an hour, eliminating infrastructure maintenance.</p> <p>Canonical, the publisher of Ubuntu, today announced the general availability (GA) of Managed Kubeflow on the Microsoft Azure Marketplace. This solution enables AI teams to get a fully managed, production-ready MLOps platform in their own tenant.</p> <p>Upstream Kubeflow is a powerful tool for machine learning, but it remains notoriously challenging to deploy and maintain. Organizations often find that their high-value data science teams waste a considerable portion of their capacity on infrastructure maintenance. Day-2 operations, such as manual upgrades and complex security patching, frequently stall model delivery and inflate operational costs.</p> <p>Canonical Managed Kubeflow solves these challenges by giving enterprise and startup AI teams a fully operational, open source MLOps platform in under an hour – managed 24/7 by Canonical’s engineers – so data scientists can focus entirely on models rather than infrastructure. </p> <h3 class="wp-block-heading"><strong>Enterprise-grade control and data governance</strong></h3> <p>Managed Kubeflow on Azure removes the burden of monitoring and maintenance from platform engineering teams. Canonical’s expert engineers provide 24/7 management, including seamless version upgrades.</p> <p>The platform is built on the following core pillars:</p> <ul> <li><strong>In-tenancy deployment:</strong> The service runs entirely in-tenancy within the customer’s Azure Virtual Network (VNet). Proprietary models and training data never leave the customer’s security perimeter.</li> <li><strong>Single Sign On:</strong> Native integration with Microsoft Entra ID, Okta or any other OpenID Connect (OIDC) compliant identity provider provides teams with securely designed, centralized authentication and access control.</li> <li><strong>Portability and control:</strong> Built on proven upstream Kubeflow, MLFlow and KServe, the platform ensures total portability as both the underlying application and automation code are open source. Your investment can travel with you if your strategy shifts toward hybrid or multi-cloud environments.</li> </ul> <h3 class="wp-block-heading"><strong>Accelerating Kubeflow time-to-value</strong></h3> <p>The service is available directly via the <a href="https://marketplace.microsoft.com/en-us/product/canonical.managed-kubeflow">Azure Marketplace</a> as a transactable listing. Every subscription decrements a customer’s Microsoft Azure Consumption Commitment (MACC) on a 1-for-1 basis. This enables startups and large enterprises to bypass lengthy procurement cycles and deploy using existing Azure commitment.</p> <p>The platform scales effortlessly to accommodate a diverse range of enterprise workload demands. Users can deploy lightweight environments for rapid prototyping and initial testing phases. For critical production workloads, built-in High Availability (HA) guarantees enhanced system reliability.</p> <p>The service runs natively inside the robust Azure Kubernetes Service (AKS) environment. Administrators can configure independent worker pools featuring auto-scaling capabilities. Depending on your use case the service enables you to allocate cost-effective CPUs for development tasks and powerful GPUs for intensive model training. This optimizes Azure spend while simultaneously accelerating workflow performance.</p> <p>For AI and data executives, the service solves the challenge of needing to staff specialized MLOps teams before achieving product-market fit. It combines flexibility with the reliability required for production-grade AI projects, all while ensuring data governance, significantly lowering the barrier to innovation</p> <h3 class="wp-block-heading"><strong>Get started with Managed Kubeflow on Azure </strong></h3> <p>Managed Kubeflow on Azure is available now on the Azure Marketplace. Organizations can deploy the service directly from the Azure Marketplace to begin scaling their AI operations immediately:</p> <p><a href="https://marketplace.microsoft.com/en-us/product/canonical.managed-kubeflow">Deploy Managed Kubeflow on Azure</a></p> <h3 class="wp-block-heading"><strong>Additional resources</strong></h3> <ul> <li><a href="https://documentation.ubuntu.com/managed-applications/en/latest/azure/kubeflow/get-started/">Read the product documentation</a></li> </ul> <h3 class="wp-block-heading"><strong>About Canonical</strong></h3> <p>Canonical, the publisher of Ubuntu, provides open source security, support, and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments, and home users, Canonical delivers trusted open source for everyone. Learn more at <a href="https://canonical.com/">https://canonical.com/</a></p> Massimiliano Gori (Massimiliano Gori)KubeflowMicrosoft AzureThu, 21 May 2026 06:32:59 +0000https://ubuntu.com//blog/ubuntu-core-26-cloud-integration<p>Welcome to this blog series which explores innovative uses of Ubuntu Core. Throughout this series, Canonical’s Engineers will show what you can build with this Core 26 release, highlighting the features and tools available to you.&nbsp; In this first blog, Michael Croft-White, Engineer Director for Canonical’s Telemetry team, will show you how Ubuntu Core integrates [&hellip;]</p> <p>Welcome to this blog series which explores innovative uses of Ubuntu Core. Throughout this series, Canonical’s Engineers will show what you can build with this Core 26 release, highlighting the features and tools available to you. </p> <p>In this first blog, Michael Croft-White, Engineer Director for Canonical’s Telemetry team, will show you how Ubuntu Core integrates with both AWS IoT Greengrass and Azure IoT Edge to enable cloud-driven device management and intelligent edge workloads. With these platforms, developers gain centralised control of deployments, flexible workload orchestration, and the ability to process data locally while still leveraging the awesome power of the cloud for analytics and monitoring. Coupled with Ubuntu Core architecture, this provides an end-to-end infrastructure for managing the complete lifecycle of devices in the field.</p> <h2 class="wp-block-heading">Scaling to meet edge and cloud demands</h2> <p>Cloud platforms have transformed how we build and operate connected systems. With services like AWS IoT Greengrass and Azure IoT Edge, developers can deploy, monitor, and manage workloads across fleets of devices from a central location.</p> <p>However, not everything can happen in the cloud. Many IoT scenarios require workloads to run directly on the device, whether to reduce latency, operate with intermittent connectivity, or handle sensitive data locally. This is especially true for applications involving AI inference, real-time processing, or autonomous decision-making.</p> <figure class="wp-block-image size-full"><img alt="" height="1024" loading="lazy" sizes="(min-width: 1536px) 1536px, 100vw" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1536/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F3e69%2Fimage.png" srcset="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_460/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F3e69%2Fimage.png 460w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_620/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F3e69%2Fimage.png 620w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1036/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F3e69%2Fimage.png 1036w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1681/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F3e69%2Fimage.png 1681w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1920/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F3e69%2Fimage.png 1920w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1536/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F3e69%2Fimage.png 1536w" width="1536"/></figure> <p>The challenge, then, is not choosing between cloud and edge, but combining them effectively. You need a way to run intelligent workloads locally while still benefiting from cloud-based orchestration, updates, and observability.</p> <p>Ubuntu Core sits at the centre of this approach. By providing a secure, consistent, and immutable platform on the device, it enables seamless integration with cloud runtimes, allowing you to extend cloud intelligence to the edge without compromising on performance or control.</p> <h2 class="wp-block-heading">Cloud runtime integration</h2> <p>Both AWS and Azure bring their own way of extending cloud capabilities to the edge. On Ubuntu Core, these are delivered as snaps and container-based runtimes that sit neatly on top of the system.</p> <p>When it comes to cloud runtime integration, both AWS IoT Greengrass and Azure IoT Edge offer a clean, secure path. Whether it’s Greengrass or the Azure, the agent snap cleanly authorises, authenticates, and integrates the device into the End-2-End workflow.</p> <p>Once connected, the process is streamlined: the Greengrass snap registers with AWS and starts receiving cloud-defined components to capture, process, or send data; similarly, the Azure-provisioned device automatically pulls containerised modules via IoT Hub and executes them locally </p> <p>In both cases, the important part is that the device becomes an extension of the cloud. You don’t manually install applications anymore—you deploy them.</p> <h2 class="wp-block-heading">Deploying an edge AI workload</h2> <p>Let’s take a simple example. Imagine you want your device to capture images from a webcam and detect objects in real time.</p> <p>With AWS IoT Greengrass, you can package this logic into components. One component captures images, another processes them using a model, and a third handles communication with the cloud. Once deployed, these components run continuously on the device, reacting to data as it arrives.</p> <figure class="wp-block-image size-full"><img alt="" height="876" loading="lazy" sizes="(min-width: 1036px) 1036px, 100vw" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1036/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0944%2Fimage.png" srcset="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_460/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0944%2Fimage.png 460w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_620/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0944%2Fimage.png 620w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1036/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0944%2Fimage.png 1036w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1681/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0944%2Fimage.png 1681w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1920/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0944%2Fimage.png 1920w" width="1036"/></figure> <p>On Azure IoT Edge, you would achieve the same outcome using modules. A container pulls images from the camera, another runs inference—perhaps using Intel OpenVINO—and another sends results upstream. These modules are defined in the cloud and delivered automatically to the device.</p> <p>In both cases, the device is doing the heavy lifting locally. It captures data, runs inference, and only sends the results back to the cloud. This keeps latency low and reduces the amount of data being transmitted.</p> <h2 class="wp-block-heading">Configuration and onboarding</h2> <p>One of the advantages of Ubuntu Core 26 is how easily you can prepare devices for this kind of deployment. You can build an image that already includes the necessary snaps—Greengrass or Azure components—and ship it directly to the field.</p> <p>When the device boots, it connects to the network, authenticates with the cloud platform, and registers itself. From that point on, it appears in your cloud console, ready to receive workloads.</p> <p>This is often referred to as zero-touch onboarding. The device effectively introduces itself, and you take over from the cloud side.</p> <p>You could, for example, ship identical hardware to different customers without deciding upfront what each one will do. Once powered on, each device appears in your cloud environment, and you assign it a role by deploying the appropriate workload.</p> <h2 class="wp-block-heading">Updating and evolving workloads</h2> <p>After deployment, requirements rarely stay the same. You might want to update your AI model, tweak how images are processed, or change how results are handled.</p> <p>With both Greengrass and Azure IoT Edge, you can make these changes centrally and push them to the device. The new version is deployed, the old one is replaced, and the system continues running.</p> <p>Ubuntu Core supports this process by ensuring updates are transactional and reliable. If something goes wrong, the system can roll back to a known good state.</p> <p>This means you can confidently evolve your application over time, even across a large fleet of devices.</p> <h2 class="wp-block-heading">Monitoring and debugging</h2> <p>Once your devices are running in the field, visibility becomes essential.</p> <p>Through AWS or Azure, you can see whether your workloads are running, check logs, and monitor communication with the cloud. If something stops working, you don’t need to send someone on-site—you can investigate remotely and have full access to the system.</p> <figure class="wp-block-image size-full"><img alt="" height="753" loading="lazy" sizes="(min-width: 2048px) 2048px, 100vw" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_2048/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fb229%2Fimage.png" srcset="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_460/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fb229%2Fimage.png 460w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_620/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fb229%2Fimage.png 620w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1036/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fb229%2Fimage.png 1036w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1681/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fb229%2Fimage.png 1681w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1920/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fb229%2Fimage.png 1920w" width="2048"/></figure> <p>You can also redeploy components or modules, restart services, or update configurations, all from your cloud interface.</p> <p>For devices deployed in remote or hard-to-reach locations, this capability is invaluable.</p> <h2 class="wp-block-heading">What’s next?</h2> <p>Ubuntu Core 26 provides a secure and reliable foundation for edge devices, while AWS IoT Greengrass and Azure IoT Edge bring the cloud-native capabilities needed to deploy and manage workloads at scale.</p> <p>Together, they allow you to treat your devices not as isolated systems, but as part of a larger, cloud-connected platform—where applications can be deployed, updated, and monitored just like any other cloud service.</p> <p>In future blogs, we’ll explore more advanced scenarios, including deeper integration with cloud services and more complex workload orchestration.</p> <p>Below are some useful links for further reading:</p> <ul> <li><a href="https://ubuntu.com/blog/getting-started-with-azure-iot-edge-on-ubuntu-core">Getting started with AWS IoT Greengrass on Ubuntu Core</a></li> <li><a href="https://canonical.com/blog/tutorial-getting-started-with-aws-greengrass-on-ubuntu-core">Getting Started with Azure IoT Edge on Ubuntu Core</a></li> </ul> Gabriel Aguiar Noury (Gabriel Aguiar Noury)AWSazureIoTUbuntu CoreWed, 20 May 2026 09:37:26 +0000https://ubuntu.com//blog/ssh-keysign-pwn-linux-vulnerability-fixes-available<p>An information disclosure security vulnerability in the Linux kernel was publicly disclosed on May 15th, 2026. The vulnerability was reported by Qualys and fixed in the mainline Linux kernel tree. A proof-of-concept exploit was published soon after public disclosure. The ID CVE-2026-46333 was assigned, but the vulnerability is also referred to as &#8220;ssh-keysign-pwn&#8221;, based on [&hellip;]</p> <p>An information disclosure security vulnerability in the Linux kernel was publicly disclosed on May 15th, 2026. The vulnerability was reported by Qualys and <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=36d49bba19f2c19c933d13b25dcf4eb607a030b3">fixed</a> in the mainline Linux kernel tree. A proof-of-concept exploit was published soon after public disclosure. The ID <a href="https://ubuntu.com/security/CVE-2026-46333">CVE-2026-46333</a> was assigned, but the vulnerability is also referred to as “ssh-keysign-pwn”, based on the proof-of-concept exploit.</p> <p>The vulnerability is a race condition that can result in the disclosure of sensitive files to unprivileged local users. The exploit demonstrates this by disclosing the contents of the <code>/etc/shadow</code> file (containing hashed local user passwords) and OpenSSH server host private keys (which could facilitate SSH on-path attacks or impact SSH host-based authentication).</p> <p><a href="https://ubuntu.com/security/CVE-2026-46333">CVE-2026-46333</a> has been assigned a CVSS 3.1 score of 5.5 by CISA, corresponding to a severity of Medium. Canonical agrees with this assessment. The Ubuntu Priority assigned is High, due to the disclosure of sensitive local information to unprivileged users.</p> <p>This post describes a mitigation that disables the ability to exploit the vulnerability, at a cost of being unable to run debugging tools (such as gdb and gcore) as unprivileged users.</p> <h1 class="wp-block-heading">Impact</h1> <p>The vulnerability allows disclosure of files opened by a suid or sgid executable to an unprivileged attacker that invokes the suid or sgid executable. The race condition occurs as the privileged process exits, which requires the executable to keep the sensitive files open when exiting. During a short window, an unprivileged attacker can inspect an invoked privileged process using the <code>ptrace()</code> system call.</p> <p>The demonstrated exploits include:</p> <ul> <li>The ability to read the contents of the <code>/etc/shadow</code> file via the sgid <code>/usr/bin/chage</code>. The file contains hashed local user passwords and would require an additional brute-force attack in order to retrieve the plain-text passwords. The <a href="https://documentation.ubuntu.com/security/security-features/cryptography/password-hashing/#password-hashing">algorithms used by Ubuntu</a> are considered strong against such attacks, but require passwords that conform to current best practices.</li> <li>The ability to read the OpenSSH server host private keys via the suid <code>/usr/lib/openssh/ssh-keysign</code>. These are used by the OpenSSH server to prove its identity to clients and ensure that an <a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">on-path attack</a> does not compromise SSH connections. Additionally, the OpenSSH host keys are used for <a href="https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Host-based_Authentication">host-based authentication</a> and their disclosure could lead to user impersonation on deployments that use this uncommon authentication method.</li> </ul> <p>On container deployments, the information that can be disclosed is strictly within the confines of the container and, generally, unlikely to be useful to an attacker.</p> <h1 class="wp-block-heading">Affected releases</h1> <p>In Ubuntu, the vulnerability fix will be distributed through the Linux kernel image packages. Until the Linux kernel security update is available, a mitigation can be applied according to the instructions below. The mitigation will impact debuggers, such as gdb. The mitigation will not be necessary once the kernel is updated.</p> <figure class="wp-block-table"><table><tbody><tr><td><strong>Release</strong></td><td><strong>Package Name</strong></td><td><strong>Fixed Version</strong></td></tr><tr><td>Trusty Tahr (14.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Xenial Xerus (16.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Bionic Beaver (18.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Focal Fossa (20.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Jammy Jellyfish (22.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Noble Numbat (24.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Questing Quokka (25.10)</td><td>linux</td><td>Affected</td></tr><tr><td>Resolute Raccoon (26.04 LTS)</td><td>linux</td><td>Affected</td></tr></tbody></table></figure> <h1 class="wp-block-heading">How to check if you are impacted</h1> <p>All of the releases from the table above are impacted.</p> <h1 class="wp-block-heading">Manual mitigation</h1> <p>The mitigation disables the ability of unprivileged users to attach to other processes using the <code>ptrace()</code> system call. This is generally used by debuggers. The <a href="https://documentation.ubuntu.com/security/security-features/process-memory/#ptrace-scope">kernel.yama.ptrace_scope</a> sysctl can be used to restrict the situations in which the affected system call can be used. On Ubuntu, the sysctl parameter defaults to the value <code>1</code>, which imposes an ancestor-descendant relationship between the attacker’s process and the victim. The scope can be further restricted with one of the following values:</p> <ul> <li><code><strong>2</strong></code>: this disallows the use of the <code>ptrace()</code> system call for users without the <code>CAP_SYS_PTRACE</code> privilege, which is the case for most users. As such, an attacker would not normally have this capability,. Debugging tools that utilize ptrace, such as gdb and gcore, will be impacted for unprivileged users.</li> <li><code><strong>3</strong></code>: this disables attaching to processes using <code>ptrace()</code> altogether. Debugging tools that utilize ptrace, such as gdb and gcore, will be impacted for all users, including privileged ones.</li> </ul> <p>Please note that if the sysctl is set to the value <code>3</code>, it cannot be changed without a system reboot.</p> <p>The following instructions change the currently running value of the <code>kernel.yama.ptrace_scope</code> sysctl and configure a drop-in file (<code>/etc/sysctl.d/99-CVE-2026-46333.conf</code>) to retain the value across reboots. We consider setting the to the value 2 to be a sufficient mitigation. If you wish to use the value <code>3</code>, you can adjust the command accordingly.</p> <pre class="wp-block-code"><code>echo kernel.yama.ptrace_scope=2 | sudo tee /etc/sysctl.d/99-CVE-2026-46333.conf sudo sysctl -p /etc/sysctl.d/99-CVE-2026-46333.conf</code></pre> <h1 class="wp-block-heading">Disabling the mitigation</h1> <p>Once kernel updates are available and installed, the mitigation can be removed:</p> <pre class="wp-block-code"><code>sudo rm /etc/sysctl.d/99-CVE-2026-46333.conf<br/>sudo sysctl kernel.yama.ptrace_scope=1</code></pre> <p>We recommend you do not set this parameter to the value <code>0</code>, as doing so would disable the protections provided by the feature, as explained <a href="https://documentation.ubuntu.com/security/common-mistakes/dangerous-sysctls/#kernel-yama-ptrace-scope">here</a>.</p> Luci Stanescu (Luci Stanescu)SecurityVulnerabilitiesTue, 19 May 2026 18:20:06 +0000https://ubuntu.com//blog/canonical-launches-ubuntu-core-26<p>Ubuntu Core 26 introduces precise Linux builds, optimized OTA updates, live kernel patching, and enhanced hardware-backed protection for mission-critical deployments. May 19, 2026 Today, Canonical announced the general availability of Ubuntu Core 26, its minimal, immutable operating system with up to 15 years of security maintenance.&nbsp; Ubuntu Core 26 brings key system improvements for mission-critical [&hellip;]</p> <h4 class="wp-block-heading">Ubuntu Core 26 introduces precise Linux builds, optimized OTA updates, live kernel patching, and enhanced hardware-backed protection for mission-critical deployments.</h4> <p><strong>May 19, 2026</strong></p> <p>Today, Canonical announced the general availability of Ubuntu Core 26, its minimal, immutable operating system with up to 15 years of security maintenance. </p> <p>Ubuntu Core 26 brings key system improvements for mission-critical operations and low-latency AI workloads, through reduced installation times, 90% smaller OTA updates, and precision-led builds via Chisel. As with prior releases, every component is a sandboxed, cryptographically-signed snap, creating a measured boot chain where only verified software runs. With this new long-term supported (LTS) release, Ubuntu Core remains your trusted Linux platform for mission-critical systems, helping you meet requirements for the EU Cyber Resilience Act (CRA) while enabling securely-designed, verifiable, and private AI deployments built on deep software traceability and hardware-based trust.</p> <blockquote class="p-pull-quote--small"> <p class="p-pull-quote__quote">Ten years ago, Ubuntu Core pioneered a new OS security model, where every component is strictly confined, transactionally updated, and independently verifiable. Today, that approach is reflected in emerging industry standards. With Ubuntu Core 26, we continue to deliver the foundation that critical infrastructure operators need to meet the Cyber Resilience Act, run attested, immutable edge AI workloads, and manage devices securely at scale.</p> <span class="p-pull-quote__citation">Jon Seager, VP of Ubuntu Engineering at Canonical</span> </blockquote> <div class="p-cta-block"> <a class="p-button--positive" href="https://documentation.ubuntu.com/core/tutorials/build-your-first-image/">Build your custom Ubuntu Core 26 image</a> <a href="https://documentation.ubuntu.com/core/tutorials/try-pre-built-images/">Try pre-built Ubuntu Core images &gt;</a> </div> <h2 class="wp-block-heading">Faster from installation to update </h2> <p>For critical infrastructure operators managing large fleets of devices over long lifecycles, the cost of software updates and the time required for device provisioning and image installation quickly compound. Ubuntu Core 26 delivers significant improvements across each of these areas.</p> <p>Ubuntu Core 26 sets a new efficiency benchmark for over-the-air updates. An improved snap-delta format reduces update sizes between 50% and 90% for most snaps. Updates to the Core base snaps drop from 16MB to just 1.5MB in size. These gains are paired with initramfs-based installations that bypass redundant reboots by default, reducing installation time. </p> <blockquote class="p-pull-quote--small"> <p class="p-pull-quote__quote">Scaling AI to the extreme edge requires every millisecond of performance and every byte of bandwidth to be used effectively. By integrating Ubuntu Core with our RZ family of MPUs, our joint customers will benefit from accelerated boot times and a significantly reduced base image footprint. These optimizations will enable them to deploy sophisticated AI workloads on highly resource constrained hardware without compromising speed or security.</p> <span class="p-pull-quote__citation">Mohammed Dogar, Vice President, Embedded Processing Product Group at Renesas</span> </blockquote> <figure class="wp-block-image size-full"><img alt="" height="807" loading="lazy" sizes="(min-width: 1249px) 1249px, 100vw" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1249/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F675d%2FRenesasEVK7.png" srcset="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_460/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F675d%2FRenesasEVK7.png 460w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_620/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F675d%2FRenesasEVK7.png 620w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1036/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F675d%2FRenesasEVK7.png 1036w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1681/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F675d%2FRenesasEVK7.png 1681w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1920/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F675d%2FRenesasEVK7.png 1920w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1249/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F675d%2FRenesasEVK7.png 1249w" width="1249"/><figcaption class="wp-element-caption"><em>An image of the Renesas RZ/V2L Evaluation Board Kit</em></figcaption></figure> <h2 class="wp-block-heading">A new era of precision builds with Chisel</h2> <p>Ubuntu Core 26 introduces a new <a href="https://documentation.ubuntu.com/chisel/latest/">Chisel-based</a> build system that brings precise composition and transforms how future Core base snaps will be assembled. It relies on Canonical’s release-specific package slice definitions, enforcing explicit, traceable dependencies. As a result, every file in the filesystem can be attributed to its originating slice and source package, improving the accuracy of integrity checks and vulnerability triage. This contrasts with approaches like Yocto builds, where provenance and dependency closure are largely implicit in layered recipes and post-processing. The new build system also contributes to a 7% reduction in base image size. </p> <blockquote class="p-pull-quote--small"> <p class="p-pull-quote__quote">Ubuntu Core at the edge along with Elementary’s secure cloud services, has enabled factories belonging to some of the largest Fortune 500 companies to take advantage of AI-based vision solutions that provide tremendous value and for the first time bridge the IT/OT networking barrier. The ability to verify every component in Ubuntu Core back to its source, with full transparency and traceability, forms a critical foundation for building verifiably private AI in highly regulated environments.</p> <span class="p-pull-quote__citation">Nathaniel Black, Senior Director of DevOps and Security at Elementary</span> </blockquote> <figure class="wp-block-image size-full"><img alt="" height="925" loading="lazy" sizes="(min-width: 1413px) 1413px, 100vw" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1413/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Faf24%2FElementary3.png" srcset="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_460/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Faf24%2FElementary3.png 460w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_620/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Faf24%2FElementary3.png 620w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1036/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Faf24%2FElementary3.png 1036w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1681/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Faf24%2FElementary3.png 1681w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1920/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Faf24%2FElementary3.png 1920w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1413/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Faf24%2FElementary3.png 1413w" width="1413"/><figcaption class="wp-element-caption"><em>Elementary’s end-to-end automated inspection hardware and AI controller interface</em></figcaption></figure> <p>Finally, Ubuntu Core 26 moves u-boot configuration to a single raw partition with redundant environment support. This enables safer, more reliable writes for both u-boot and snapd while removing recovery issues tied to file-based storage.</p> <h2 class="wp-block-heading">CRA compliance through hardware-rooted security </h2> <p>The EU Cyber Resilience Act (CRA) requires products to be secure by default, supported over the long term, and backed by clear accountability across the software stack. As with previous releases, Ubuntu Core aligns naturally with these requirements through its design, software traceability, and modular architecture, ensuring well-defined responsibility boundaries across the stack. Canonical assumes <em>Manufacturer </em>responsibilities under the CRA for the operating system’s release cycle by providing security maintenance for its core modules, continuous CVE monitoring and coordinated disclosure, and compliance with <a href="https://canonical.com/blog/canonical-iec-62443-4-1">IEC 62443-4-1</a>. </p> <p>Ubuntu Core 26 advances its security approach with foundational changes to Full Disk Encryption, laying the groundwork for evolution in this critical domain. By storing TPM-sealed keys directly within the LUKS2 header, it reduces the risk of key reuse across device states and establishes a foundation for future enhancements. New native OP-TEE integration brings ARM TrustZone hardware-rooted key protection to embedded deployments, sealing and unsealing disk encryption keys through the Trusted Execution Environment and reducing key exposure to the normal operating system. </p> <blockquote class="p-pull-quote--small"> <p class="p-pull-quote__quote">EpiSensor develops Virtual Power Plant infrastructure for some of the world’s most demanding environments, helping electricity grids integrate more renewables while balancing supply and demand. We chose Ubuntu Core because it gives us a secure, immutable, and remotely managed foundation for our IoT Gateways. With Ubuntu Core, we can securely and reliably update devices at a global scale, allowing us to adapt to rapidly evolving customer and market requirements.</p> <span class="p-pull-quote__citation">Brendan Carroll, CEO at EpiSensor</span> </blockquote> <figure class="wp-block-image size-full"><img alt="" height="1060" loading="lazy" sizes="(min-width: 1484px) 1484px, 100vw" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1484/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0e5c%2FEpisensor-3.png" srcset="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_460/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0e5c%2FEpisensor-3.png 460w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_620/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0e5c%2FEpisensor-3.png 620w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1036/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0e5c%2FEpisensor-3.png 1036w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1681/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0e5c%2FEpisensor-3.png 1681w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1920/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0e5c%2FEpisensor-3.png 1920w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1484/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F0e5c%2FEpisensor-3.png 1484w" width="1484"/><figcaption class="wp-element-caption"><em>EpiSensor’s Industrial IoT Gateway</em></figcaption></figure> <p>With the concurrent releases of Ubuntu 26.04 LTS and Ubuntu Core 26, Canonical is significantly expanding the reach of Livepatch to deliver seamless security across your broader infrastructure. Livepatch patches critical and high kernel vulnerabilities between scheduled security patching maintenance windows. For the first time, Livepatch brings its rebootless kernel patching capabilities to ARM64, providing zero-downtime updates for core devices starting with Ubuntu Core 26. Additionally, Livepatch is now officially supported on AMD64 architectures across all releases from Ubuntu Core 20 onwards. This ensures that a wider range of devices can achieve timely vulnerability remediation, an essential requirement for CRA compliance, without  operational disruption.</p> <h2 class="wp-block-heading">A complete platform for device builders</h2> <p>Every Ubuntu Core release brings improvements to its developer tools, and Core 26 is no exception. These improvements span from new <a href="https://documentation.ubuntu.com/core/explanation/system-snaps/">system snaps</a> that speed up device deployment to new features in <a href="https://documentation.ubuntu.com/snapcraft/stable/?_gl=1*1a9yfus*_ga*MTU0OTc1ODAyNC4xNzU2ODEwNDM3*_ga_892F83CXG5*czE3NzY4NDg3NjEkbzYkZzEkdDE3NzY4NDg3ODMkajQ1JGwwJGgw">Snapcraft</a>, the build tool for packaging software in the snap container format. </p> <p><a href="https://ubuntu.com/frame">Ubuntu Frame</a>, Ubuntu Core’s display server for embedding graphical applications now supports multiple graphical applications on a single display, with configurable layouts, custom client placement and a new accessibility launcher. The gpu-2604 interface brings graphics acceleration to Ubuntu Core 26 applications, supported by a new Snapcraft extension for graphics integration.</p> <p>For fleet observability, Ubuntu Core 26 integrates with the <a href="https://canonical.com/observability">Canonical Observability Stack</a>, a highly integrated, low-ops observability solution built on Juju and Kubernetes. Ubuntu Core streams logs and metrics from the device to centralized Grafana, Loki, and Prometheus infrastructure that can be deployed in the cloud or on-premise, without burdening the device’s primary workloads.</p> <p>Finally, Snapcraft introduces <a href="https://documentation.ubuntu.com/snapcraft/stable/reference/components/"><em>components</em></a>, a flexible new way to package and distribute snap application resources. First tested in Ubuntu Core 24 for delivering NVIDIA drivers, this feature is now available to the wider community. It allows snap maintainers to distribute large or optional resources, such as debug symbols, translations, or optional drivers, alongside their main snap without bloating the base installation.</p> <h2 class="wp-block-heading">Build your Core image today</h2> <ul> <li><a href="https://ubuntu.com/core">Learn more about Ubuntu Core 26</a></li> <li><a href="https://documentation.ubuntu.com/core/tutorials/try-pre-built-images/">Get started with our documentation</a>  </li> <li><a href="https://canonical.com/case-study/elementary-ai-machine-vision">Learn how Elementary scales its AI solution</a></li> <li><a href="https://canonical.com/case-study/episensor">Discover how EpiSensor accelerates sustainable energy transition </a></li> </ul> <h2 class="wp-block-heading">About Canonical </h2> <p>Canonical, the publisher of Ubuntu, provides open source security, support and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments and home users, Canonical delivers trusted open source for everyone. </p> <p>Learn more at<a href="https://canonical.com/"> canonical.com</a></p> Canonical (Canonical)Embedded DevicesIoTUbuntu CoreTue, 19 May 2026 08:00:00 +0000https://ubuntu.com//blog/finding-the-blind-spot-how-canonical-hunts-logic-flaws-with-ai<p>AI is accelerating and improving how security engineers find and fix vulnerabilities. A new tool developed and used at Canonical, called Redhound, has already uncovered three critical logic vunerabilites, paving the way for a more secure software landscape.</p> <p>The recent unveiling of <a href="https://red.anthropic.com/2026/mythos-preview/">Anthropic’s Claude Mythos preview</a> has radically shifted the cybersecurity landscape. We are now in an era where AI can autonomously discover and exploit zero-day vulnerabilities in mature codebases at machine speed. Perhaps the most exciting revelation from the Mythos preview was the demonstration that frontier models can now successfully reason about complex, <em>domain-specific business logic bugs</em> – a class of vulnerabilities historically reserved for human security researchers.</p> <p>Earlier this year, I began developing an internal AI-powered auditing agent called Redhound to proactively hunt for these exact blind spots. Built on frontier models, Redhound puts that reasoning to work against our own codebases at Canonical.</p> <p>Redhound has already proven its value, recently uncovering <strong>three critical logic vulnerabilities</strong> in LXD, our container and virtual machine manager. These bugs had survived years of manual review and static analysis. Redhound found them in under a day of unsupervised analysis.</p> <p>Below, I break down the mechanics of this adversarial pipeline, the technical details of the three zero-days (now patched and disclosed), and how agentic auditing changes the way we secure infrastructure.</p> <h2 class="wp-block-heading">The bugs that fall through every other tool</h2> <p><strong>Static analysis</strong> handles pattern-matching problems well: injection sinks, unsafe API calls, and dangerous concatenations. Modern scanners were built to find these problems, and they do that work reliably.</p> <p>What these scanners cannot do is reason about what is missing: for example, a checklist that names three fields when the data structure has four; or a validation that reads one file while the operation it gates uses a different one. These are not sloppy code errors; they are exploitable gaps in code that reads correctly to a careful reviewer. Because the line that would close the gap does not exist in the source, a tool looking for patterns has nothing to match against.</p> <p><strong>Dynamic analysis </strong>and fuzzing fail for a related reason: they need a runtime signal – a crash, a panic, a sanitizer trip. A request that should have been denied but succeeds looks identical to a legitimate one. There is nothing for the fuzzer to trip on.</p> <p><strong>Manual review and penetration testing</strong> catch these bugs, but the work is time-consuming and demands substantial domain expertise. Finding the vulnerabilities by hand means combing through hundreds of thousands of lines that are correct, waiting to notice the one that isn’t. Mature codebases survive years of this and still ship logic bugs.</p> <p>These are the bugs Redhound goes after: the code does exactly what it was written to do, but that does not map to the intent of the security model.</p> <h2 class="wp-block-heading">How Redhound works</h2> <p>Redhound audits our codebases the way a determined human attacker would: reading a project end-to-end, generating adversarial hypotheses, dispatching agents to investigate each one, and running a separate round of agents to refute them.</p> <p>The pipeline runs in five conceptual phases:</p> <ol> <li><strong>Deterministic Recon</strong>: Before any agent reads a single line, static-analysis tooling maps the codebase. This includes every function, type, and call edge; every HTTP, gRPC, and CLI entry point; and categorized security signals (auth, crypto, deserialization, injection).</li> </ol> <ol start="2"> <li><strong>Threat Modeling</strong>: An agent reads the recon graph and identifies what an attacker would want (e.g., host root, cross-tenant access, a cluster admin certificate) and maps the trust boundaries between an outside attacker and each target.</li> </ol> <ol start="3"> <li><strong>Iterative Loop</strong>: Each cycle, a red-team agent generates a batch of attack hypotheses. Each hypothesis is dispatched to a separate investigator agent given the relevant slice of the call graph. The investigator either finds a concrete exploit path or reports the hypothesis as false.</li> </ol> <ol start="4"> <li><strong>Debunking</strong>: This is the most critical design decision. Every confirmed-looking finding is handed to a “debunker” agent with the exact opposite objective. Its job is to independently read the source and find the runtime guard that kills the attack – with no anchoring from the investigator’s confidence.</li> </ol> <ol start="5"> <li><strong>Impact Assessment</strong>: A technical fault in the code does not automatically equate to a security vulnerability. This final agent cross-references any finding that survives the debunker against the original threat model and the application’s defined trust boundaries. By evaluating the precise attacker prerequisites and calculating the actual privilege gain, the assessor ensures that the pipeline escalates only verifiable, high-impact exploits rather than purely theoretical issues.</li> </ol> <p>Only findings that survive the debunker reach a human reviewer. Redhound then generates a draft report and a runnable proof-of-concept (PoC) exploit to streamline the validation process.</p> <h2 class="wp-block-heading">Three classes of bug</h2> <p>The three findings are a useful sample because they represent three different classes of logic flaws. All three were assigned a final CVSS 3.1 score of <strong>9.1</strong> during coordinated disclosure.</p> <figure class="wp-block-table"><table><thead><tr><th><strong>Vulnerability</strong></th><th><strong>CWE / Class</strong></th><th><strong>Attacker gains</strong></th><th><strong>Why hard to find</strong></th></tr></thead><tbody><tr><td>Certificate type escalation (CVE-2026-34179)</td><td>CWE-915 (mass assignment)</td><td>Restricted certificate user to host root</td><td>A missing authorization check – no pattern marks what is not there</td></tr><tr><td>VM low-level option bypass (CVE-2026-34177)</td><td>CWE-184 (incomplete denylist)</td><td>Restricted project user to host root</td><td>An unlisted key is indistinguishable from an intentionally permitted one</td></tr><tr><td>Backup restore desync (CVE-2026-34178)</td><td>CWE-20 (improper input validation)</td><td>Restricted project user to host root</td><td>Two data flows from one input diverge across four files</td></tr></tbody></table></figure> <p>Each finding below shows what Redhound actually produced: the structured metadata, the title verbatim, and the concrete trace generated by the investigator agent.</p> <h3 class="wp-block-heading">Certificate type escalation (CVE-2026-34179)</h3> <p>This flaw resides in the certificate update logic where the system fails to validate the certificate “type”. A restricted certificate user can effectively grant themselves Cluster Admin privileges by bypassing type checks during a certificate update.</p> <p>Finding details:</p> <ul> <li><strong>Title</strong>: “Restricted user can change certificate type to ‘server’ via legacy API, escalating to ProtocolCluster admin”</li> <li><strong>Finding ID</strong>: thread-041</li> <li><strong>Severity</strong>: Critical (confidence: exploitable)</li> <li><strong>Privilege gain</strong>: 10/10</li> <li><strong>Ease of exploitation</strong>: 9/10</li> <li><strong>Prerequisite prevalence</strong>: 8/10</li> <li><strong>Attacker profile</strong>: ap-002 (Authenticated restricted user)</li> <li><strong>Source agent</strong>: thread-follower; survived the debunker</li> <li><strong>CVSS 3.1</strong>: 9.1 (assigned during disclosure)</li> </ul> <p>Exploitation trace on <a href="https://github.com/canonical/lxd/tree/lxd-6.7">LXD 6.7</a> (eight steps, generated by the investigator):</p> <ol> <li>certificates.go:49 – restricted TLS user sends PUT /1.0/certificates/&lt;own-fingerprint&gt; with type=’server’, keeping name / restricted / projects identical. Passes allowAuthenticated.</li> <li>certificates.go:960 – caller-supplied type converted to TypeServer.</li> <li>certificates.go:975 – EntitlementCanEdit check denies (user is restricted).</li> <li>certificates.go:992 – guard checks Restricted / Name / Projects against the original record.<strong> Type is not checked.</strong></li> <li>certificates.go:1003-1009 – rebuilds the struct with original Restricted / Name / Certificate, but uses caller-supplied reqDBType.</li> <li>certificates.go:1073 – UpdateCertificate writes Type=TypeServer to the database.</li> <li>certificates.go:1099 – identity cache refreshed via s.UpdateIdentityCache().</li> <li>daemon.go:587 – next handshake matches as ProtocolCluster, Trusted=true. The restricted user is now cluster admin.</li> </ol> <p>Also produced for this finding: full code-location evidence and a debunker review that found no defense.</p> <h3 class="wp-block-heading">VM low-level option bypass (CVE-2026-34177)</h3> <p>This bypass allows for arbitrary QEMU configuration injection by exploiting an incomplete blocklist in restricted projects. In combination with another finding, which identified that <code>raw.apparmor</code> is also not restricted, this allows a restricted user to escape to host root.</p> <p>Finding details:</p> <ul> <li><strong>Title</strong>: “raw.qemu.conf bypasses restricted.virtual-machines.lowlevel project restriction, allowing arbitrary QEMU config injection”</li> <li><strong>Finding ID</strong>: thread-009</li> <li><strong>Severity</strong>: High (confidence: exploitable)</li> <li><strong>Privilege gain</strong>: 8/10</li> <li><strong>Ease of exploitation</strong>: 8/10</li> <li><strong>Prerequisite prevalence</strong>: 8/10</li> <li><strong>Attacker profile</strong>: ap-002 (Authenticated restricted user with a VM in a restricted project)</li> <li><strong>Source agent</strong>: thread-follower; survived the debunker</li> <li><strong>CVSS 3.1</strong>: 9.1 (assigned during disclosure)</li> </ul> <p>Exploitation trace on <a href="https://github.com/canonical/lxd/tree/lxd-6.7">LXD 6.7</a> (four steps, generated by the investigator):</p> <ol> <li>lxd/project/limits/permissions.go:779 – restricted user in a restricted project (restricted.virtual-machines.lowlevel=block by default) sets raw.qemu.conf on a VM via PUT /1.0/instances/{name}. entityConfigChecker calls isVMLowLevelOptionForbidden(‘raw.qemu.conf’), which returns false because the key is not in the four-element blocklist.</li> <li>lxd/instance/instancetype/instance.go:1140 – config-key validation accepts the value (validate.IsAny).</li> <li>lxd/instance/drivers/driver_qemu.go:3905 – on VM start, generateQemuConfigFile calls qemuRawCfgOverride as the last config transformation; the attacker’s content is parsed and appended to the QEMU config file.</li> <li>lxd/instance/drivers/driver_qemu.go:1535 – QEMU is launched with -readconfig pointing at the modified file. The injected [chardev] and [mon] sections create a QEMU monitor socket on the host filesystem.</li> </ol> <p>Also produced for this finding: full code-location evidence and a debunker review that searched for a runtime guard on the unlisted key and found none.</p> <h3 class="wp-block-heading">Backup restore desynchronization (CVE-2026-34178)</h3> <p>This vulnerability exploits the discrepancy between how LXD validates a backup index and how it actually imports the internal backup configuration. This desynchronization allows an attacker to sneak forbidden security configurations past the project’s restriction checks.</p> <p>Finding details:</p> <ul> <li><strong>Title</strong>: “Backup restore config injection via index.yaml/backup.yaml desynchronization bypasses all project restriction checks”</li> <li><strong>Finding ID</strong>: thread-086</li> <li><strong>Severity</strong>: High (confidence: exploitable)</li> <li><strong>Privilege gain</strong>: 8/10</li> <li><strong>Ease of exploitation</strong>: 7/10</li> <li><strong>Prerequisite prevalence</strong>: 8/10</li> <li><strong>Attacker profile</strong>: ap-002 (Authenticated restricted user with CanCreateInstances in a restricted project)</li> <li><strong>Source agent</strong>: thread-follower; survived the debunker</li> <li><strong>CVSS</strong> <strong>3.1</strong>: 9.1 (assigned during disclosure)</li> </ul> <p>Exploitation trace on <a href="https://github.com/canonical/lxd/tree/lxd-6.7">LXD 6.7</a> (seven steps, generated by the investigator):</p> <ol> <li>instances_post.go:1170 – restricted user sends POST /1.0/instances with a crafted backup tar. index.yaml has Instance.Config={}; backup/container/backup.yaml has Instance.Config={‘security.privileged’: ‘true’, ‘raw.lxc’: ‘lxc.mount.auto.proc=rw:mixed’}.</li> <li>backup/backup_info.go:69 – GetInfo reads index.yaml from the tar and decodes into Info.Config. Clean configuration; no forbidden keys.</li> <li>instances_post.go:885 – limits.AllowInstanceCreation checks bInfo.Config.Instance.Writable() (from index.yaml) against project restrictions. Check passes.</li> <li>storage/drivers/generic_vfs.go:952 – CreateInstanceFromBackup extracts the tar, writing the tampered backup/container/backup.yaml to mountPath/backup.yaml.</li> <li>backup/backup_config_utils.go:236 – UpdateInstanceConfig reads backup.yaml, updates only Name and Project, writes back. security.privileged=true and raw.lxc survive.</li> <li>api_internal.go:784 – internalImportFromBackup reads backup.yaml from disk; backupConf.Instance.Config now holds the forbidden keys.</li> <li>api_internal.go:946 – instance.CreateInternal writes the instance to the database with security.privileged=true and raw.lxc. A privileged container exists inside a restricted project; UID 0 inside maps to UID 0 on the host.</li> </ol> <p>Also produced for this finding: full code-location evidence across four source files and a debunker review that searched for a missing reconciliation step and found none.</p> <p>None of these findings is exotic. Missing fields in allowlists, short denylists, divergent validation paths – these exist in every mature codebase. The difficulty has always been identifying where to focus across a few hundred thousand lines of code.</p> <h2 class="wp-block-heading">What this changes in practice</h2> <p>Redhound does not replace the tools we already run. SAST, fuzzing, dependency scanning, and human review keep doing what they do well, and Redhound feeds into the same review pipeline.</p> <p>What changes is what each review can reach. Audits begin from an attack-surface map, candidate findings with full exploitation traces, and a record of hypotheses already debunked. Logic bugs that have historically survived years of expert scrutiny become tractable, and reviewer judgment is spent where it matters most: assessing real-world impact, and engineering architectural fixes.</p> <h2 class="wp-block-heading">What’s next</h2> <p>Internally at Canonical, tools like Redhound are now becoming a part of how we work every day, not only as a single audit but introducing it as a recurring practice. Our goal is to incorporate agentic security auditing into our existing processes to elevate the security posture of Canonical’s products across the board.</p> <h2 class="wp-block-heading">Disclosure</h2> <p>All three findings were disclosed to the LXD team, fixed in coordinated releases, and assigned CVEs <a href="https://ubuntu.com/security/CVE-2026-34177">CVE-2026-34177</a>, <a href="https://ubuntu.com/security/CVE-2026-34178">CVE-2026-34178,</a> and <a href="https://ubuntu.com/security/CVE-2026-34179">CVE-2026-34179</a>. Thanks to the LXD team for triaging and patching all three.</p> Miha Purg (Miha Purg)AISecurityVulnerabilitiesFri, 15 May 2026 08:53:19 +0000https://ubuntu.com//blog/fragnesia-linux-vulnerability-fixes-available<p>A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on May 13, 2026. The vulnerability does not have a CVE ID published, but is referred to as “Fragnesia.”&nbsp; The vulnerability affects multiple Linux distributions, including all Ubuntu releases. The affected components are the Linux kernel modules that provide support for [&hellip;]</p> <p>A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on May 13, 2026. The vulnerability does not have a CVE ID published, but is referred to as “Fragnesia.”  The vulnerability affects multiple Linux distributions, including all Ubuntu releases. The affected components are the Linux kernel modules that provide support for ESP (Encapsulating Security Protocol), one of the protocols used for IPsec (Internet Protocol Security). These are the same Linux kernel modules that were affected by one of the Dirty Frag vulnerabilities. As such, the mitigations described <a href="https://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available">in the Dirty Frag vulnerability update</a> provide protection against Fragnesia as well, since they disable the impacted Linux kernel modules.</p> <p>The vulnerability does not have CVSS scores assigned in the <a href="https://www.cve.org/">CVE List</a> or <a href="https://nvd.nist.gov/">NVD</a>, but Canonical’s assessment indicates a CVSS 3.1 score of 7.8, corresponding to a severity of HIGH.</p> <p>This post describes mitigations that disable the affected modules. These mitigations can be applied until Linux kernel packages which implement the proposed patch will be released.</p> <h2 class="wp-block-heading">Impact</h2> <h3 class="wp-block-heading">Deployments without container workloads</h3> <p>On hosts that do not run container workloads, the vulnerability allows a local user to elevate privileges to the root user. The published exploit executes in this type of deployment.</p> <h3 class="wp-block-heading">Container deployments</h3> <p>In container deployments that may execute arbitrary third-party workloads, the vulnerability may additionally facilitate container escape scenarios, in addition to local privilege escalation on the host. A proof-of-concept exploit has not been published yet for container escape.</p> <h2 class="wp-block-heading">Mitigation regression risk</h2> <p>The mitigation disables the kernel modules that are used for IPsec ESP. Enabling the mitigation will affect functionality if the modules are in use by IPsec deployments. These are common with VPN implementations such as StrongSwan.</p> <h2 class="wp-block-heading">Affected releases</h2> <p>Once available, the vulnerability fix will be distributed through the Linux kernel image packages. In the interim, a mitigation which disables the affected modules can be applied according to the instructions below. The mitigation will not be necessary once the kernel is updated.</p> <p>Please note that if you have previously applied the mitigations described for <a href="https://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available">Dirty Frag</a>, your system is not affected by Fragnesia.</p> <figure class="wp-block-table"><table><tbody><tr><td><strong>Release</strong></td><td><strong>Package Name</strong></td><td><strong>Fixed Version</strong></td></tr><tr><td>Trusty Tahr (14.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Xenial Xerus (16.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Bionic Beaver (18.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Focal Fossa (20.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Jammy Jellyfish (22.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Noble Numbat (24.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Questing Quokka (25.10)</td><td>linux</td><td>Affected</td></tr><tr><td>Resolute Raccoon (26.04 LTS)</td><td>linux</td><td>Affected</td></tr></tbody></table></figure> <h2 class="wp-block-heading">How to check if you are impacted</h2> <p>All of the releases from the table above are impacted, unless the <a href="https://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available">Dirty Frag</a> mitigations have been previously applied.</p> <h2 class="wp-block-heading">Manual mitigation</h2> <p>The mitigations block the affected kernel modules from loading. This requires three steps:</p> <ol> <li>Prevent the modules from loading in the future.</li> <li>Unload the modules.</li> <li>Check whether step 2 was successful; if not, reboot the system.</li> </ol> <p>The same modules are blocked by the <a href="https://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available">Dirty Frag</a> mitigations. Applying both mitigations does not cause any issues, but is unnecessary. However, we recommend that you maintain the mitigations until Linux kernel security updates that address both vulnerabilities are available and installed.</p> <h3 class="wp-block-heading">Step 1 – block the modules:</h3> <p>Block the modules by creating a <code>/etc/modprobe.d/fragnesia.conf</code> file:</p> <pre class="wp-block-code"><code>echo "install esp4 /bin/false" | sudo tee /etc/modprobe.d/fragnesia.conf echo "install esp6 /bin/false" | sudo tee -a /etc/modprobe.d/fragnesia.conf</code></pre> <p>Regenerate the initramfs images, to prevent the modules from being loaded during early boot:</p> <pre class="wp-block-code"><code>sudo update-initramfs -u -k all</code></pre> <h3 class="wp-block-heading">Step 2 – unload modules:</h3> <p>Unload the modules, in case they are already loaded:</p> <pre class="wp-block-code"><code>sudo rmmod esp4 esp6 2&gt;/dev/null </code></pre> <h3 class="wp-block-heading">Step 3 – confirm the modules aren’t loaded:</h3> <p>Check whether the modules are still loaded:</p> <pre class="wp-block-code"><code>grep -qE '^(esp4|esp6) ' /proc/modules &amp;&amp; echo "Affected modules are loaded" || echo "Affected modules are NOT loaded"</code></pre> <p>If the previous action indicates that the modules are not loaded, no further action is required. However, unloading the modules may not be possible if they are in use by applications. In these instances, a system reboot will enforce their blocking, but will affect applications:</p> <pre class="wp-block-code"><code>sudo reboot</code></pre> <h1 class="wp-block-heading">Disabling the mitigation</h1> <p>Once kernel updates are available and installed, the mitigation can be removed:</p> <pre class="wp-block-code"><code>sudo rm /etc/modprobe.d/fragnesia.conf sudo update-initramfs -u -k all</code></pre> <p>Please note that in order to restore IPsec availability, ESP modules must be permitted to be loaded. This means that the mitigations for Fragnesia described here as well as the mitigations for Dirty Frag will need to be removed to restore IPsec availability.</p> Luci Stanescu (Luci Stanescu)SecurityVulnerabilitiesThu, 14 May 2026 19:07:38 +0000https://ubuntu.com//blog/rethinking-byod-security-protecting-data-without-trusting-devices<p>BYOD (bring your own device) has always looked better on paper than it does in real life. The promise is clear: let people use the gadgets they already own. Less friction, lower costs, and more freedom. But when security and privacy are non-negotiable, the conversation around BYOD usually ends quickly. Not because BYOD is a [&hellip;]</p> <p>BYOD (bring your own device) has always looked better on paper than it does in real life.</p> <p>The promise is clear: let people use the gadgets they already own. Less friction, lower costs, and more freedom. But when security and privacy are non-negotiable, the conversation around BYOD usually ends quickly. Not because BYOD is a bad idea, but because the model behind it doesn’t quite work. With BYOD, you’d be trying to secure something that isn’t meant to be trusted.</p> <p>By definition, a personal device is something you can’t control. It runs apps that you don’t know about, connects to networks that you don’t trust, and then gets lost, broken, or replaced. You can try to control it, limit it, or wrap it in rules, but in the end, your data has to be processed and often stored on it; within an environment you don’t fully control. And those issues never really go away.</p> <h2 class="wp-block-heading">Devices: the wrong place to fix the problem</h2> <p>The device is the main focus of most BYOD security plans. MDM (Mobile Device Management), dedicated partitions, policy enforcement, remote wipe, and so on. They all try to make the endpoint behave in different ways.</p> <p>For example, think about work partitions. In practice, this usually means making a separate “work” space on the device itself, where corporate apps and data can live without being mixed up with other things. It sounds good. There is a line, rules, and a clear boundary between personal and work use.</p> <p>But the important detail is easy to miss. That partition still runs on the device. The applications execute locally. The data is stored locally. It may be encrypted, restricted, and tightly controlled, but it is still on a personal device, which means you are still relying on a device you don’t fully control to do the right thing.</p> <p>And in a lot of cases, these protections aren’t even always used. Not all devices are managed, not all users set things up the same way, and not all environments enforce strict isolation.</p> <p>As such, the endpoint remains the weakest part of the system. It is where variability lives, and where assumptions break. And yet, it is also where sensitive data is allowed to exist. Instead of trying to make BYOD devices more secure, a more basic question comes up: why is that data even allowed to be on them? Is this really best practice BYOD security?</p> <h2 class="wp-block-heading">Moving the boundary</h2> <p>With remote mobile application streaming through platforms like <a href="https://canonical.com/anbox-cloud">Anbox Cloud</a>, which runs Android apps in the cloud and streams them to devices, you can make a fundamental, positive security shift.</p> <p>Rather than relying on the physical device to come through for you, you move as much as possible off of the physical device. You move the boundary of trust.</p> <p>Your applications run in the cloud, and your data stays in the cloud. All execution happens in an environment you control, with the device used simply to access a remote session. Nothing is installed locally, nothing is stored locally, and nothing persists beyond the session. The remote instance is streamed to the user’s device using a simple browser.</p> <p>It’s a simple move, but a significant change in posture.</p> <h2 class="wp-block-heading">What changes in practice?</h2> <p>Consider a simple scenario: a field operator in a defense context loses their personal phone during a deployment.</p> <p>In a traditional BYOD security model, this would immediately trigger a response: remote wipe, access revocation, and usually a lingering question about what might have been exposed. Even with strong controls, there is always some uncertainty: emails, documents, cached data, and credentials may have been exposed.</p> <p>With a remote instance using Anbox Cloud, the situation is different.The device contains no applications, no data, and no credentials tied to the organization. What was running was a remote session. The data itself lives in an entirely different location.</p> <p>If no session was active, then there is nothing to recover, and no action is required. If a session is active, access can be revoked centrally and the session terminated immediately. There is no data to recover because the device never contained any data in the first place.</p> <p>This doesn’t mean there is zero risk, but the risk is moved to the backend and significantly reduced. Instead of investigating what may have been exposed on a lost device, the focus is on controlling access from one single place.</p> <p>Now let’s look at another scenario. Let’s say the device was not lost; rather, it was hacked. Malware is installed, or the OS itself is no longer trustworthy. In a traditional setup, this is a harder problem. Even with separated spaces or partitioning, you are still depending on the integrity of the underlying system to enforce isolation. The conversation quickly turns into assessing how much you can still trust the device, and for how long. With remote mobile streaming, offered by solutions like Anbox Cloud, the impact is contained by design. The compromised device can still display a session to a bad actor, but it has no local access to applications or data. There is nothing stored to extract and no application logic to reverse-engineer: the session is streamed using WebRTC. </p> <p>Even if the device contains an open session, it will still require authentication (account, password, multi-factor authentication) to access apps and data, and sessions can be terminated centrally at any time.</p> <p>Overall, the device is untrusted, but that no longer changes the outcome. Once data and execution are removed from the device, a lot of situations that used to be complex become predictable.</p> <h2 class="wp-block-heading">BYOD, without compromise</h2> <p>What matters is where applications run, and where data lives. Through BYOD, organizations can simplify how they operate. The need to tightly control hardware starts to fade.</p> <p>In that sense, this isn’t replacing BYOD; it’s evolving it into something that is finally compatible with strict security requirements. This is where removing data and execution from the device changes the equation for BYOD, and it stops being a compromise.</p> <p>Rather than being something you tolerate for flexibility, it becomes a paradigm that can apply to both personal and corporate-managed devices. If the device holds no data and runs no sensitive logic, its security posture becomes far less critical. Whether it is corporate-managed or fully personal becomes a secondary concern.</p> <h2 class="wp-block-heading">A model aligned with high-security environments</h2> <p>In sectors like government or defense, the requirement is not just to reduce risk. It is to know, at all times, where data can exist.</p> <p>Traditional approaches try to enforce that through policies on devices that are, by nature, difficult to fully control. It works to a point, but it rarely provides absolute assurance.</p> <p>With remote access via Anbox Cloud, the model is explicit: data does not leave the controlled environment. Applications run in isolated instances; sessions are ephemeral, while access is centrally defined and auditable. You are not trying to contain data once it spreads. You are preventing it from spreading in the first place.</p> <h2 class="wp-block-heading">A familiar shift</h2> <p>We’ve seen this pattern before. Applications migrated from local machines to centralized environments – initially through virtual desktops, followed by cloud-native applications and containers – enhancing control, consistency, scalability, and security. Over time, the idea that a particular device should hold critical data became less relevant.</p> <p>Mobile is following the same path. Decoupling applications and data from the device is not a radical idea; it is a natural continuation of that shift.</p> <h2 class="wp-block-heading">Where to go from here</h2> <p>If you’re rethinking your BYOD security strategy, the question is not which controls to add to the device. It’s whether the device should be part of your security model at all.</p> <p>Start by identifying which applications and data truly need to be exposed to endpoints today and what would change if they didn’t.</p> <p>Anbox Cloud is one way to make that shift practical. If this resonates, it’s worth exploring what a fully remote, device-agnostic mobile workspace could look like in your environment.</p> <p><a href="https://documentation.ubuntu.com/anbox-cloud/#">Give Anbox a try</a>. If you have any questions, feedback, or need a helping hand along the way, our team is always happy to hear from you, <a href="https://canonical.com/anbox-cloud#get-in-touch">we are just a message away.</a> </p> <h1 class="wp-block-heading"><strong>Further reading</strong></h1> <ul> <li><a href="https://canonical.com/anbox-cloud">Learn more about Anbox Cloud or talk to our team </a></li> <li><a href="https://documentation.ubuntu.com/anbox-cloud/howto/install-appliance/install-on-github/">Install the Anbox Cloud Appliance</a></li> </ul> Bertrand Boisseau (Bertrand Boisseau)Anboxanbox cloudAnbox Cloud ApplianceWed, 13 May 2026 16:54:20 +0000https://ubuntu.com//blog/dirty-frag-linux-vulnerability-fixes-available<p>Two local privilege escalation (LPE) vulnerabilities affecting the Linux kernel have been publicly disclosed on May 7, 2026. The vulnerabilities have been assigned the IDs CVE-2026-43284 and CVE-2026-43500 and are referred to as “Dirty Frag.” The affected components are Linux kernel modules. The first vulnerability impacts the modules that provide support for ESP (Encapsulating Security [&hellip;]</p> <p>Two local privilege escalation (LPE) vulnerabilities affecting the Linux kernel have been publicly disclosed on May 7, 2026. The vulnerabilities have been assigned the IDs <a href="https://ubuntu.com/security/CVE-2026-43284">CVE-2026-43284</a> and <a href="https://ubuntu.com/security/CVE-2026-43500">CVE-2026-43500</a> and are referred to as “Dirty Frag.” The affected components are Linux kernel modules. The first vulnerability impacts the modules that provide support for ESP (Encapsulating Security Protocol), one of the protocols used for IPsec (Internet Protocol Security). The second vulnerability impacts the modules that provide support for RxRPC, a protocol used for AFS (Andrew File System), a distributed file system. The vulnerabilities affect multiple Linux distributions, including all Ubuntu releases.</p> <p>CVE-2026-43284 is assessed by the <a href="http://kernel.org">kernel.org</a> CNA to have a CVSS 3.1 score of 8.8 (HIGH). CVE-2026-43500 does not have CVSS scores assigned in the CVE List or NVD, but is assessed by Canonical to have a CVSS 3.1 score of 7.8, corresponding to a severity of HIGH.</p> <p>This post describes mitigations that disable the affected modules and can be applied when Linux kernel packages which implement the proposed patch will be released.</p> <h2 class="wp-block-heading">Impact</h2> <h3 class="wp-block-heading">Deployments without container workloads</h3> <p>On hosts that do not run container workloads, the vulnerability allows a local user to elevate privileges to the root user. The published exploit executes in this type of deployment.</p> <h3 class="wp-block-heading">Container deployments</h3> <p>In container deployments that may execute arbitrary third-party workloads, the vulnerability may additionally facilitate container escape scenarios, in addition to local privilege escalation on the host. A proof-of-concept exploit has not been published yet for container escape.</p> <h2 class="wp-block-heading">Mitigation regression risk</h2> <p>The mitigations disable the kernel modules that are used for IPsec ESP and RxRPC, respectively. The mitigations will affect functionality if these are in use by either:</p> <ul> <li>IPsec deployments. These are common with VPN implementations such as StrongSwan.</li> <li>AFS (Andrew File System) or another application of RxRPC.</li> </ul> <p>As the vulnerabilities are independent, disabling only the <code>esp4</code>/<code>esp6</code> modules or only the <code>rxrpc</code> modules would leave the remaining ones exploitable.</p> <h2 class="wp-block-heading">Affected releases</h2> <p>The vulnerability fix will be distributed through the Linux kernel image packages. A mitigation which disables the affected modules can be applied according to the instructions below. The mitigation will not be necessary once the kernel is updated.</p> <figure class="wp-block-table"><table><tbody><tr><td><strong>Release</strong></td><td><strong>Package Name</strong></td><td><strong>Fixed Version</strong></td></tr><tr><td>Trusty Tahr (14.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Xenial Xerus (16.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Bionic Beaver (18.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Focal Fossa (20.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Jammy Jellyfish (22.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Noble Numbat (24.04 LTS)</td><td>linux</td><td>Affected</td></tr><tr><td>Questing Quokka (25.10)</td><td>linux</td><td>Affected</td></tr><tr><td>Resolute Raccoon (26.04 LTS)</td><td>linux</td><td>Affected</td></tr></tbody></table></figure> <h2 class="wp-block-heading">How to check if you are impacted</h2> <p>All of the releases from the table above are impacted.</p> <h2 class="wp-block-heading">Manual mitigation</h2> <p>The mitigations block the affected kernel modules from loading. This requires three steps:</p> <ol> <li>Prevent the modules from loading in the future.</li> <li>Unload the modules.</li> <li>Check whether step 2 was successful; if not, reboot the system.</li> </ol> <h3 class="wp-block-heading">Step 1 – block the modules:</h3> <p>Block the modules by creating a <code>/etc/modprobe.d/dirty-frag.conf</code> file:</p> <pre class="wp-block-code"><code>echo "install esp4 /bin/false" | sudo tee /etc/modprobe.d/dirty-frag.conf echo "install esp6 /bin/false" | sudo tee -a /etc/modprobe.d/dirty-frag.conf echo "install rxrpc /bin/false" | sudo tee -a /etc/modprobe.d/dirty-frag.conf</code></pre> <p>Regenerate the initramfs images, to prevent the modules from being loaded during early boot:</p> <pre class="wp-block-code"><code>sudo update-initramfs -u -k all</code></pre> <h3 class="wp-block-heading">Step 2 – unload modules:</h3> <p>Unload the modules, in case they are already loaded:</p> <blockquote class="wp-block-quote"> <pre class="wp-block-code"><code>sudo rmmod esp4 esp6 rxrpc 2&gt;/dev/null </code></pre> </blockquote> <h3 class="wp-block-heading">Step 3 – confirm the modules aren’t loaded:</h3> <p>Check whether the modules are still loaded:</p> <pre class="wp-block-code"><code>grep -qE '^(esp4|esp6|rxrpc) ' /proc/modules &amp;&amp; echo "Affected modules are loaded" || echo "Affected modules are NOT loaded"</code></pre> <p>If the previous action indicates that the modules are not loaded, no further action is required. However, unloading the modules may not be possible if they are in use by applications. In these instances, a system reboot will enforce their blocking, but will affect applications:</p> <pre class="wp-block-code"><code>sudo reboot</code></pre> <h2 class="wp-block-heading">Disabling the mitigation</h2> <p>Once kernel updates are available and installed, the mitigation can be removed:</p> <pre class="wp-block-code"><code>sudo rm /etc/modprobe.d/dirty-frag.conf sudo update-initramfs -u -k all</code></pre> Luci Stanescu (Luci Stanescu)SecurityVulnerabilitiesFri, 08 May 2026 11:57:24 +0000https://ubuntu.com//blog/three-weeks-to-go-a-sneak-peek-of-the-ubuntu-summit-26-04-experience<p>The countdown to the Ubuntu Summit is officially on! We are just three weeks away from Ubuntu Summit 26.04, and the orange energy levels in our community channels are peaking. We’ve been reviewing the talk submissions, and have been blown away by the passion and creativity of our circle of friends. Once again, the schedule [&hellip;]</p> <figure class="wp-block-image size-full"><img alt="" height="2160" loading="lazy" sizes="(min-width: 3840px) 3840px, 100vw" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_3840/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F5a5b%2FUbuntuSummit2026_3840x2160.png" srcset="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_460/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F5a5b%2FUbuntuSummit2026_3840x2160.png 460w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_620/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F5a5b%2FUbuntuSummit2026_3840x2160.png 620w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1036/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F5a5b%2FUbuntuSummit2026_3840x2160.png 1036w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1681/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F5a5b%2FUbuntuSummit2026_3840x2160.png 1681w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1920/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F5a5b%2FUbuntuSummit2026_3840x2160.png 1920w" width="3840"/></figure> <p>The countdown to the Ubuntu Summit is officially on! We are just three weeks away from Ubuntu Summit 26.04, and the orange energy levels in our community channels are peaking. We’ve been reviewing the talk submissions, and have been blown away by the passion and creativity of our circle of friends. Once again, the schedule is packed with sessions that prove open source technology is truly everywhere.</p> <div class="wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-layout-1 wp-block-buttons-is-layout-flex"> <div class="wp-block-button"><a class="wp-block-button__link wp-element-button" href="https://discourse.ubuntu.com/t/register-for-ubuntu-summit/65270" rel="noreferrer noopener" target="_blank">Register for the Ubuntu Summit</a></div> </div> <h2 class="wp-block-heading">A taste of the schedule</h2> <p>Seeing the final lineup of all the upcoming Summit talks has made us realize just how beautifully geeky this event is going to be. <a href="https://discourse.ubuntu.com/t/ubuntu-summit-26-04-timetable/81507" rel="noreferrer noopener" target="_blank">This timetable</a> is a true hacker paradise! We are incredibly excited to give you a quick sneak peek at a few sessions we cannot wait to attend.</p> <p><a href="https://discourse.ubuntu.com/t/building-the-internet-computer/79577" rel="noreferrer noopener" target="_blank">Nariman Jelveh</a> challenges us with the thought provoking question: “What if your entire computer lived in the browser, and the whole stack was open source?”. Are you sold? We certainly are and can’t wait to see what he will show us. </p> <p><a href="https://discourse.ubuntu.com/t/hands-on-meshtastic/79497" rel="noreferrer noopener" target="_blank">Jonathan Bennett</a> will give us a glimpse into the amazing world of Meshtastic, and then take us on a breathtaking adventure with a live demo. </p> <p><a href="https://discourse.ubuntu.com/t/gleam-and-the-value-of-small/80331" rel="noreferrer noopener" target="_blank">Giacomo Cavalieri</a> will take us on a journey with his talk “Gleam, and the value of small”. This incredible open source project has taken the world of open source by storm… by keeping things small, focused, and precise.</p> <h2 class="wp-block-heading">The hallway track is local</h2> <p>As we get closer to the event, we want to remind you that the best seat of the Ubuntu Summit might just be right in your own city.</p> <p>Communities around the world are organizing local meetups to watch the stream together, debate the talks, and build local connections. The Ubuntu Summit Extended events are multiplying, so check the <a href="https://discourse.ubuntu.com/c/community/events/11" rel="noreferrer noopener" target="_blank">Ubuntu Discourse</a> to find an Extended event near you. If there is not one yet, you still have time to invite a few friends over and <a href="https://ubu.link/ubuntusummit-extended" rel="noreferrer noopener" target="_blank">create your own summit experience</a>!</p> <h2 class="wp-block-heading">Join the conversation</h2> <p>Make sure you are registered on the<a href="https://ubuntu.com/summit"> Ubuntu Summit website</a> to get all the latest updates and streaming links. If you want to see exactly what makes this event so special, now is the perfect time to catch up on the incredible sessions from last year. Dive into the magic and watch the full collection of previous talks right now on the <a href="https://www.youtube.com/playlist?list=PLwFSk464RMxmyKN2yob1dcIbrUuJupDQQ">Ubuntu Summit 25.10 YouTube playlist</a>.</p> ilvipero (ilvipero)UbuntuUbuntu SummitWed, 06 May 2026 10:26:53 +0000https://ubuntu.com//blog/how-to-use-ubuntu-on-windows<p>Why run Ubuntu on Windows? It’s about getting the best of both worlds.</p> <p>Why run Ubuntu on Windows? It’s about getting the best of both worlds. Many organizations rely on Windows applications, enterprise software, and policy configurations; but for developers and system administrators, Ubuntu’s native command-line tools, package managers, and server environments are invaluable. Likewise, with its broad ecosystem of machine learning tools and libraries, and silicon optimizations, Ubuntu is ideally suited for AI workloads.</p> <figure class="wp-block-image size-full"><img alt="" height="720" loading="lazy" sizes="(min-width: 1280px) 1280px, 100vw" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1280/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F33d7%2FBlog-How-to-use-Ubuntu-on-Windows.png" srcset="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_460/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F33d7%2FBlog-How-to-use-Ubuntu-on-Windows.png 460w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_620/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F33d7%2FBlog-How-to-use-Ubuntu-on-Windows.png 620w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1036/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F33d7%2FBlog-How-to-use-Ubuntu-on-Windows.png 1036w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1681/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F33d7%2FBlog-How-to-use-Ubuntu-on-Windows.png 1681w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1920/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F33d7%2FBlog-How-to-use-Ubuntu-on-Windows.png 1920w, https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1280/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F33d7%2FBlog-How-to-use-Ubuntu-on-Windows.png 1280w" width="1280"/></figure> <p>To drill down into a more specific example: for developers in regulated industries with tightly brokered elevated privileges, building applications with Node.js, Python, and other toolchains can lead to development hurdles on Windows. Navigating privilege and access control discrepancies requires specialized skillsets, and may change development timelines. By installing Ubuntu within Windows, organizations can avoid this complexity. Microsoft and Canonical’s management tooling complement one another, providing a comprehensive suite of turnkey compliance, auditing, hardening, and security capabilities.</p> <p>The beauty of this ecosystem is that there is no single “right” way to do it, because different users have different needs: from simple script execution to locally simulating production environments, there are multiple ways to bridge Windows and Ubuntu. Each virtualization solution for Ubuntu in Windows comes with varying degrees of centralized management, and risk mitigation capabilities. In this article, I will explore the best ways to run Ubuntu on Windows, breaking down how each method works, so you can choose the exact right setup for your workflow.</p> <h2 class="wp-block-heading">Building reproducible environments</h2> <p>Manually reconfiguring a new virtual machine is time consuming: run commands to install packages, wait for the packages to install, and then configure them when the installation completes. Virtual machines used for development purposes need additional configurations, such as SSH keys for interacting with git repositories and access to other Linux environments, configuring AI assistants, and setting up workspaces where coding and prototyping happens. All of these time consuming activities can be automated through <a href="https://cloud-init.io/">cloud-init</a>, which is supported by all the virtualization solutions mentioned in this article. Building reproducible environments with cloud-init is the industry standard practice for configuring virtual machines. Multipass and Ubuntu on WSL support cloud-init natively, and Hyper-V and VirtualBox support cloud-init through the <a href="https://docs.cloud-init.io/en/latest/reference/datasources/nocloud.html">NoCloud</a> method.</p> <p>The NoCloud method entails creating an ISO which includes cloud-init configuration files. Follow these steps to generate a NoCloud ISO image if you are on Ubuntu:</p> <ol> <li>Create two <a href="https://docs.cloud-init.io/en/latest/reference/datasources/nocloud.html#runtime-configurations">runtime configuration</a> files: <code>user-data</code> and <code>meta-data</code>. The contents of the user-data file must be valid cloud-init YAML. The <code>meta-data</code> file can be empty.</li> <li>In Ubuntu on WSL install the genoisoimage package:<br/><code>apt install genoisoimage</code></li> <li>Create a small ISO file (labeled <code>cidata</code>) containing the <code>user-data</code> and <code>meta-data</code> runtime configuration files:<br/><code>mkisofs -output seed.iso -volid cidata -joliet -rock user-data meta-data</code></li> </ol> <h2 class="wp-block-heading">Ubuntu on Hyper-V</h2> <p>Hyper-V is Microsoft’s native hypervisor technology that enables hardware virtualization, enabling you to create and manage multiple virtual machines (VMs) on a single Windows physical host. It is a Type 1 hypervisor – meaning that it runs directly on bare metal hardware – commonly used for server virtualization in data centers and running isolated virtual environments on Windows 10 or 11. Hyper-V is included in Windows Pro and Enterprise editions. </p> <p>If you need deep separation between the Linux environment and the Windows file system, and also want to run Canonical’s Ubuntu kernels in your virtual machines, Hyper-V is the native Windows solution. Virtual machines can be <a href="https://ubuntu.com/server/docs/how-to/virtualisation/ubuntu-on-hyper-v/">installed on Hyper-V from an Ubuntu ISO</a>. Alternatively, a vhdx disk image can be used, and Ubuntu can be configured with cloud-init:</p> <ol> <li>Go to Canonical’s official repository: <a href="https://cloud-images.ubuntu.com/">cloud-images.ubuntu.com</a> and download the file ending in .img for your architecture (e.g., <a href="https://cloud-images.ubuntu.com/releases/resolute/release/ubuntu-26.04-server-cloudimg-amd64.vmdk">ubuntu-26.04-server-cloudimg-amd64.vmdk</a>).</li> <li>In Ubuntu install the <a href="https://manpages.ubuntu.com/manpages/resolute/man1/qemu-img.1.html">qemu-utils</a> package:<br/><code>apt install qemu-utils</code></li> <li>Use qemu-utils to convert the vmdk image to the vhdx format, for Hyper-V:<br/><code>qemu-img convert -f vmdk -O vhdx ubuntu-26.04-server-cloudimg-amd64.vmdk ubuntu-26.04-server-cloudimg-amd64.vhdx</code></li> <li>Create a new virtual machine in Hyper-V and choose the resulting vhdx file under “Connect a Virtual Disk”.</li> <li>Attach this ISO to the VM’s virtual DVD drive before the first boot.</li> <li>The Ubuntu virtual machine in Hyper-V will detect the ISO file in the virtual DVD drive as it turns on, and will run your configuration.</li> </ol> <h2 class="wp-block-heading">Ubuntu on VirtualBox</h2> <p>Oracle VirtualBox is a general-purpose full virtualization software which works on computers powered by x86_64 and arm chips. It’s commonly used in laptops, desktops, and servers. VirtualBox is an application that runs on top of Windows, which makes it a Type 2 hypervisor. It relies on Windows to manage hardware resources like the CPU, RAM, and networking. VirtualBox provides passthrough USB support, but can have limited performance for disk I/O or CPU-bound tasks, and has no high performance GPU capabilities. This means that VirtualBox is not optimized for AI workloads. There is a feature called PCI passthrough which allows a VirtualBox VM to assume complete control of a physical GPU, but the GPU access would then be limited to a single virtual machine.</p> <p>Virtual machines can be installed on VirtualBox from an Ubuntu ISO. Alternatively, a vmdk disk image can be used, and Ubuntu can be configured with cloud-init using the NoCloud method, and the <code>seed.iso</code> as described above.</p> <p><strong>While it is possible to use either Hyper-V or VirtualBox as standalone solutions for running Ubuntu on Windows, you can also use WSL or Canonical’s Multipass to make virtualized instances more accessible and manageable.</strong></p> <h2 class="wp-block-heading">Multipass</h2> <p>Multipass is a mini-cloud for your Windows, macOS, or Linux workstation. On Windows, it can use either VirtualBox or Hyper-V behind the scenes. You can manage everything through a simple Multipass CLI and UI, making it the fastest way to spin up ephemeral or long-running Ubuntu instances that can run as background services. The Multipass daemon (<a href="https://documentation.ubuntu.com/multipass/stable/explanation/service/">multipassd</a>) is set to start automatically at system boot and will restore persistent Ubuntu instances after a restart. This happens at the service/daemon level, not requiring a user login.</p> <p>When launching a Multipass VM, <a href="https://docs.cloud-init.io/en/latest/howto/launch_multipass.html">user-data can be passed by adding the <code>--cloud-init</code> flag</a> with an appropriate YAML file containing the user-data. Multipass supports cloud-init natively, and does not require the NoCloud method.</p> <h2 class="wp-block-heading">Ubuntu on WSL</h2> <p>All Windows editions (except Windows 10 and 11 S Mode or certain legacy IoT builds) include WSL, which utilizes a specialized Hyper-V subset to host a high-performance Linux VM.</p> <p>WSL is a feature of the Windows operating system that enables you to run a Linux file system, along with Linux command-line tools and GUI apps, directly on Windows, alongside your traditional Windows desktop and apps. WSL uses the Virtual Machine Platform component in Hyper-V to run the Linux kernel. It provides full Linux system call compatibility, with high performance. A system call (syscall) is the way a program asks the operating system’s kernel to do something, like opening a file or starting a network connection. This means your Linux binaries no longer rely on a translation layer to talk to Windows; it’s the difference between using a translator and speaking the native language. With the Linux kernel available inside a lightweight utility VM, when an app makes a syscall, it’s talking to a real Linux engine, resulting in near 100% compatibility with Linux software. Because the Linux kernel manages its own virtual hard disk (ext4), operations like git clone, npm install, or compiling large codebases happen at speeds comparable to a native Linux machine.</p> <p>WSL uses a technology called GPU Paravirtualization (vGPU). Instead of the Linux kernel competing with Windows for control of the graphics card, Windows shares the GPU. The dxgkrnl driver projects a virtual abstraction of the GPU into the WSL instance. For tasks using NVIDIA CUDA, performance on WSL2 can be comparable to native Linux (<a href="https://developer.nvidia.com/blog/leveling-up-cuda-performance-on-wsl2-with-new-enhancements/#:~:text=For%20the%20Blender%20benchmark%2C%20WSL2,on%20any%20of%20those%20benchmarks">within 1%</a>) for large, long-running workloads. This compatibility enables you to run Linux GUI apps via Windows Subsystem for Linux GUI (WSLg) with hardware acceleration, meaning they feel smooth rather than laggy. While GPU access is excellent, direct hardware access to things like proprietary USB devices or specialized serial ports may require troubleshooting compared to native Linux.</p> <p><a href="https://ubuntu.com/wsl">Ubuntu on WSL</a> supports cloud-init natively:</p> <ol> <li>Create a directory at <code>%USERPROFILE%\.cloud-init\</code></li> <li>Create a file named <code>&lt;DistroName&gt;.user-data</code> (e.g., <code>Ubuntu-26.04.user-data</code>).</li> </ol> <p>When you first run <code>wsl --install Ubuntu-26.04</code>, WSL will pick up this file and automate your setup.</p> <h2 class="wp-block-heading">Enable Ubuntu Pro for WSL with Microsoft Intune</h2> <p>Microsoft Intune is a cloud-based endpoint management solution that can manage configurations of Windows computers. Microsoft Intune can execute commands within a WSL instance by leveraging PowerShell scripts that interact with the wsl.exe executable. You can enable and manage WSL using Microsoft Intune by using the “Settings Catalog” to configure settings or by deploying the WSL MSI app. </p> <div class="p-card" style="background-color: #E5E5E5;"> <h4 class="p-card__title">Pair Canonical Landscape and Microsoft Intune</h4> <p><a href="https://ubuntu.com/landscape">Canonical Landscape</a> goes beyond arbitrary command execution in WSL instances, and provides enterprise features for configuration, compliance, hardening, auditing, patching, reporting, and inventory of users and software. Pairing Microsoft Intune with Ubuntu, and using Landscape for managing WSL at scale enables developers to accelerate their workflows in even the most tightly regulated environments.</p> <a href="https://ubuntu.com/landscape#get-in-touch"><p class="p-button--positive">Contact Us</p></a> </div> <p>Ubuntu Pro for WSL is Windows software that provides turnkey security maintenance and enterprise support for Ubuntu 24.04 LTS and Ubuntu 26.04 LTS WSL instances in Windows. The Ubuntu Pro for WSL Windows software works with free and paid Ubuntu Pro subscriptions. Installing Ubuntu Pro for WSL ensures that anyone using Ubuntu on WSL is always security maintained, in addition to enabling comprehensive management and insights through <a href="https://ubuntu.com/landscape">Landscape</a>, Canonical’s systems management solution for Ubuntu.</p> <p>The Ubuntu Pro for WSL software is packaged as an MSI application. Installing and configuring MSI packages is natively supported by Microsoft Intune and Active Directory. The simplest method for installing Ubuntu Pro for WSL using Microsoft Intune is to deploy it as a line-of-business (LOB) app. In a regulated environment where WSL is enabled, the Ubuntu Pro for WSL .msi file should be chosen as a Required (automatically installed) package in Microsoft Intune. The most secure location to store the Ubuntu Pro for WSL agent configurations is the Windows Registry. Remediation scripts can be used in Microsoft Intune, where a detection script checks for the necessary keys and values, and a remediation script can set missing or deviated values, ensuring continuous compliance.</p> <figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper"> <iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen="" frameborder="0" height="304" loading="lazy" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube.com/embed/I2Wl467pHrQ?feature=oembed" title="Landscape Demo: Register Windows workstations" width="540"></iframe> </div><figcaption class="wp-element-caption">This video shows how the Ubuntu Pro for WSL software can be installed on a Windows machine</figcaption></figure> <p>Navigate to your Microsoft Intune admin center portal, and then select: <strong>Devices</strong> &gt; <strong>Configuration Profiles</strong> &gt; <strong>Create</strong> &gt; <strong>New Policy</strong> &gt; <strong>Windows 10 and later</strong> &gt; <strong>Settings Catalog</strong>. Create a name for the new policy and search for “Windows Subsystem for Linux” to see and add the full list of available settings. Important WSL-specific settings include:</p> <ul> <li><strong>Allow the Inbox version of the Windows Subsystem for Linux</strong>: <strong>Enabled</strong> if you want to self-host the WSL images internally, instead of downloading them from the Microsoft Store.</li> <li><strong>Allow WSL1</strong>: <strong>Disabled</strong> because Landscape’s enterprise management capabilities for WSL are only available in WSL2.</li> </ul> <h2 class="wp-block-heading">Ubuntu Pro for WSL in controlled environments</h2> <p>Ubuntu Pro for Windows contains the user configurations that define root (sudo and su) privileges in cloud-init.yaml. Microsoft recently built native <a href="https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/desktop-mobile/linux-dotnet-sdk-wsl?tabs=ubuntudep">Entra ID integration directly into WSL</a> to secure the launching of WSL instances, and this integration is managed via Microsoft Intune. This combination provides control over who can use Ubuntu on WSL, and if root privileges are granted in Ubuntu on WSL. When you use the Entra ID login for Linux VMs extension in Azure, Entra ID controls who can launch Ubuntu on WSL. It does this via Azure Role-Based Access Control (RBAC). Entra ID’s sign-in logs will tell you when a user authenticated to the Linux machine, but it stops there. It will not log the commands they type after a successful session begins.</p> <p>The actual tracking of sudo and su is done by the Linux operating system itself. Whenever a user escalates privileges, Ubuntu logs this activity to its local system logs at <code>/var/log/auth.log</code>. To track this activity centrally, you need to bridge the gap between the local Linux logs and your cloud environment. Install the Azure Monitor Agent (AMA), configure a Data Collection Rule (DCR) in Azure to instruct the AMA to collect the authpriv syslog facility (which contains the sudo and su events and send these logs to an Azure Log Analytics Workspace. Connect your Log Analytics Workspace to Microsoft Sentinel (Microsoft’s SIEM). You can now write KQL (Kusto Query Language) queries to alert your security team every time someone successfully or unsuccessfully executes sudo or su.</p> <p>Between the controls available in Microsoft Intune and Landscape, it is possible to centrally provision WSL instances for users. Users are able to self-service the creation of new, compliant instances, and administrators are able to survey a Windows estate for compliance within the WSL instances. Ubuntu Pro for WSL ensures <a href="https://ubuntu.com/security/esm">Expanded Security Maintenance (ESM)</a> is enabled, providing CVE security updates that can be applied subject to administrative policy. Canonical provides up to 15 years of CVE security patching for software packaged and published through Ubuntu’s repositories. Ubuntu Pro subscriptions also cover security maintenance for popular toolchains on WSL, such as Python, Go, Rust, and more. This turnkey solution ensures security vulnerabilities are patched quickly and reliably, making WSL a viable, compliant option for enterprise environments.</p> <figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper"> <iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen="" frameborder="0" height="304" loading="lazy" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube.com/embed/oIu7kSeiQh4?feature=oembed" title="Landscape Demo: set up WSL profiles" width="540"></iframe> </div><figcaption class="wp-element-caption">This video shows how you can use Landscape to provision and manage WSL instances on Windows workstations</figcaption></figure> <h2 class="wp-block-heading">Next steps</h2> <ol> <li>Watch the webinar: <a href="https://ubuntu.com/engage/ubuntu-on-wsl-enterprise">Ubuntu on WSL in the enterprise</a></li> <li><a href="https://ubuntu.com/download/wsl">Download Ubuntu Pro for WSL</a></li> <li><a href="https://documentation.ubuntu.com/wsl/stable/">Read the Ubuntu Pro for WSL documentation</a></li> </ol> Rajan Patel (Rajan Patel)LandscapeMultipassVirtual MachinesWSLMon, 04 May 2026 00:00:00 +0000