USN-8170-1 Unknown

USN-8170-1: Corosync vulnerabilities

Canonical (Ubuntu) Released: April 13, 2026 Updated: April 15, 2026 Restart Required

Description

It was discovered that Corosync incorrectly handled the membership commit token validity check. A remote attacker could use this issue to cause Corosync to crash, resulting in a denial of service, or to possibly obtain a small quantity of sensitive information. (CVE-2026-35091) It was discovered that Corosync incorrectly handled join message validation. A remote attacker could possibly use this issue to cause Corosync to crash, resulting in a denial of service. (CVE-2026-35092)

Fixed Vulnerabilities 2

CVE-2026-35091 N/A 0.0 ⚠️ KEV fixed

Apr 01, 2026

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check…

CVE-2026-35092 N/A 0.0 ⚠️ KEV fixed

Apr 01, 2026

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User…

Quick Info

Patch ID: USN-8170-1

Vendor: Canonical (Ubuntu)

Severity: Unknown

CVEs Fixed: 2

Restart: Required

Vendor

Canonical (Ubuntu)

Additional Info

action:

usn id: USN-8170-1

summary: Several security issues were fixed in Corosync.

usn number: 8170-1

instructions: After a standard system update you need to restart Corosync to make all the necessary changes.

CVE Vulnerabilities

Posts & Pages