Critical Mbed TLS Vulnerabilities Affect Multiple Ubuntu Releases

Severity: High (Score: 72.0)

Sources: Ubuntu, Linuxsecurity

Summary

Multiple vulnerabilities have been identified in Mbed TLS, impacting Ubuntu 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS. The vulnerabilities include improper handling of memory allocation failures (CVE-2021-44732), crafted inputs leading to denial of service (CVE-2024-23775), and issues with the TLS handshake (CVE-2025-27810). These flaws could allow remote attackers to crash applications or compromise TLS security guarantees. The vulnerabilities were disclosed on March 25, 2026, and patches are available for affected systems. Users are advised to update their systems to mitigate risks associated with these vulnerabilities. The issues were discovered by researchers including Jonathan Winzig, Linh Le, and Ngan Nguyen. The vulnerabilities are critical due to their potential impact on security and service availability. Key Points: • Mbed TLS vulnerabilities affect Ubuntu 18.04, 20.04, 22.04, and 24.04 LTS. • Critical issues include denial of service and TLS handshake vulnerabilities. • Patches are available; users should update their systems immediately.

Key Entities

• DDoS (attack_type)
• CVE-2021-44732 (cve)
• CVE-2024-23775 (cve)
• CVE-2025-27810 (cve)
• CVE-2025-47917 (cve)
• CVE-2025-48965 (cve)
• Mbed TLS (platform)
• Ubuntu (company)