As announced in a previous Discourse post (Ubuntu Kernel 4/2 SRU Cycle Announcement), the Canonical Kernel Team runs regular Stable Release Update (SRU) and security cycles. The regular cycles typically span four weeks and include overlapping two-week “s” security cycles to ensure critical and high CVE fixes are released promptly. The full cycle schedule is available on our website: https://kernel.ubuntu.com.
The Kernel Team is expediting the upcoming s2026.04.13 security release to address the newly discovered “Copy Fail” Linux kernel vulnerability (CVE-2026-31431), which enables local privilege escalation. The cycle started earlier, on May 3, 2026, and kernels will be released as soon as building, testing, and verification are complete to ensure quick delivery with a minimal risk of regression.
In the interim, the Ubuntu Security Team has issued mitigations via the kmod package that disable the compromised Linux kernel module to address this vulnerability. To discover more about the vulnerability and its mitigation, please check “Fixes available for CVE-2026-31431 (Copy Fail) Linux Kernel Local Privilege Escalation Vulnerability | Ubuntu”.