Ubuntu 14.x — End of Life
EOL Actively exploitedUbuntu 14.x — All releases
| Version | Released | Active support | EOL date | Latest patch | Status |
|---|---|---|---|---|---|
| 14.10 | Oct 23, 2014 | Jul 23, 2015 | Jul 23, 2015 | 14.10 | EOL |
| 14.04LTS | Apr 17, 2014 | Apr 2, 2019 | Apr 2, 2019 | 14.04.6 | EOL |
CVEs affecting Ubuntu 14.x (18)
| CVE | Severity | CVSS | EPSS | KEV | Cycle | Description | Published |
|---|---|---|---|---|---|---|---|
| CVE-2026-31431 | HIGH | 7.8 | 96.27% | KEV | 14.10 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla… | Apr 22, 2026 |
| CVE-2026-31431 | HIGH | 7.8 | 96.27% | KEV | 14.04 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla… | Apr 22, 2026 |
| CVE-2022-0492 | HIGH | 7.8 | 5.53% | KEV | 14.04 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. Th… | Mar 3, 2022 |
| CVE-2020-29372 | MEDIUM | 4.7 | 0.39% | — | 14.04 | An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition betwee… | Nov 28, 2020 |
| CVE-2019-11135 | MEDIUM | 6.5 | 3.13% | — | 14.04 | TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potenti… | Nov 14, 2019 |
| CVE-2019-18197 | HIGH | 7.5 | 4.45% | — | 14.04 | In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the rel… | Oct 18, 2019 |
| CVE-2019-13118 | MEDIUM | 5.3 | 5.15% | — | 14.04 | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an in… | Jul 1, 2019 |
| CVE-2019-13117 | MEDIUM | 5.3 | 6.46% | — | 14.04 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumb… | Jul 1, 2019 |
| CVE-2019-11068 | CRITICAL | 9.8 | 5.09% | — | 14.04 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permi… | Apr 10, 2019 |
| CVE-2019-6109 | MEDIUM | 6.8 | 3.81% | — | 14.04 | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (o… | Jan 31, 2019 |
| CVE-2018-10902 | HIGH | 7.8 | 0.52% | — | 14.04 | It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc … | Aug 21, 2018 |
| CVE-2018-13785 | MEDIUM | 6.5 | 4.47% | — | 14.04 | In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an i… | Jul 9, 2018 |
| CVE-2018-3639 | MEDIUM | 5.5 | 60.63% | — | 14.04 | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres… | May 22, 2018 |
| CVE-2017-5753 | MEDIUM | 5.6 | 93.84% | — | 14.04 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of … | Jan 4, 2018 |
| CVE-2015-8325 | HIGH | 7.8 | 0.63% | — | 14.04 | The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is… | May 1, 2016 |
| CVE-2015-4000 | LOW | 3.7 | 99.86% | — | 14.04 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not pro… | May 21, 2015 |
| CVE-2015-4000 | LOW | 3.7 | 99.86% | — | 14.10 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not pro… | May 21, 2015 |
| CVE-2015-2808 | LOW | 3.7 | 73.85% | — | 14.04 | The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data duri… | Apr 1, 2015 |
Ubuntu 14.x is EOL — migrate to Ubuntu 15.x
Ubuntu 15.x is the next major release. Plan your upgrade before Ubuntu 14.x stops receiving security patches.
Frequently asked questions
Is Ubuntu 14 end of life?
Yes. All Ubuntu 14.x releases have reached end of life and no longer receive security patches. There are 18 known CVEs affecting Ubuntu 14.x, including 1 critical. Migrate to Ubuntu 15.x as soon as possible.
What CVEs affect Ubuntu 14?
There are 18 CVEs tracked for Ubuntu 14.x, including 1 critical severity issue and 3 listed in the CISA Known Exploited Vulnerabilities catalog. See the full list above with CVSS and EPSS scores.
What is the latest Ubuntu 14 version?
The latest Ubuntu 14.x patch release is 14.10, released on October 23, 2014. Always run the latest patch to benefit from all security fixes.
How to migrate from Ubuntu 14 to Ubuntu 15?
To migrate from Ubuntu 14 to Ubuntu 15: (1) review the official Ubuntu 15 migration guide for breaking changes, (2) update dependencies and configuration accordingly, (3) test thoroughly in a staging environment, (4) deploy with a rollback plan. Starting early gives you time to resolve compatibility issues before your current version reaches end of life.
Is it safe to run Ubuntu 14 in production?
No. Ubuntu 14 has reached end of life and security vulnerabilities are no longer patched. Critically, 3 CVEs affecting Ubuntu 14.x are in the CISA KEV catalog — meaning they are actively exploited in the wild. Upgrade to a supported version immediately.
Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA
