diff -Nru isc-dhcp-4.4.1/debian/apparmor/sbin.dhclient isc-dhcp-4.4.1/debian/apparmor/sbin.dhclient
--- isc-dhcp-4.4.1/debian/apparmor/sbin.dhclient	2022-06-21 10:44:40.000000000 +0000
+++ isc-dhcp-4.4.1/debian/apparmor/sbin.dhclient	2023-01-26 16:48:41.000000000 +0000
@@ -22,6 +22,9 @@
   # see LP: #1918410
   owner @{PROC}/@{pid}/task/[0-9]*/comm rw,
 
+  # LP: #1926139
+  @{PROC}/cmdline r,
+
   /{,usr/}sbin/dhclient mr,
   # LP: #1197484 and LP: #1202203 - why is this needed? :(
   /{,usr/}bin/bash mr,
diff -Nru isc-dhcp-4.4.1/debian/apparmor/usr.sbin.dhcpd isc-dhcp-4.4.1/debian/apparmor/usr.sbin.dhcpd
--- isc-dhcp-4.4.1/debian/apparmor/usr.sbin.dhcpd	2022-05-05 08:18:04.000000000 +0000
+++ isc-dhcp-4.4.1/debian/apparmor/usr.sbin.dhcpd	2023-01-26 16:48:41.000000000 +0000
@@ -24,6 +24,9 @@
   owner @{PROC}/@{pid}/comm rw,
   owner @{PROC}/@{pid}/task/[0-9]*/comm rw,
 
+  # LP: #1926139
+  @{PROC}/cmdline r,
+
   /etc/hosts.allow r,
   /etc/hosts.deny r,
 
diff -Nru isc-dhcp-4.4.1/debian/changelog isc-dhcp-4.4.1/debian/changelog
--- isc-dhcp-4.4.1/debian/changelog	2022-10-04 12:36:23.000000000 +0000
+++ isc-dhcp-4.4.1/debian/changelog	2023-01-26 16:48:41.000000000 +0000
@@ -1,3 +1,14 @@
+isc-dhcp (4.4.1-2.1ubuntu5.20.04.4+lp1926139.2) focal; urgency=medium
+
+  * Work around race condition that might ignore DHCP offers
+    under DHCP traffic noise.  It can be turned off with the
+    'DHCP_FD_FLAGS_POKE=0' environment variable or with the
+    'dhcp.fd_flags_poke=0' kernel cmdline option. (LP: #1926139)
+    - d/p/lp1926139.patch
+    - d/apparmor/sbin.dhclient,usr.sbin.dhcpd: /proc/cmdline read.
+
+ -- Mauricio Faria de Oliveira <mfo@canonical.com>  Thu, 26 Jan 2023 13:48:41 -0300
+
 isc-dhcp (4.4.1-2.1ubuntu5.20.04.4) focal-security; urgency=medium
 
   * SECURITY UPDATE: option refcount overflow
diff -Nru isc-dhcp-4.4.1/debian/patches/lp1926139.patch isc-dhcp-4.4.1/debian/patches/lp1926139.patch
--- isc-dhcp-4.4.1/debian/patches/lp1926139.patch	1970-01-01 00:00:00.000000000 +0000
+++ isc-dhcp-4.4.1/debian/patches/lp1926139.patch	2023-01-26 16:48:41.000000000 +0000
@@ -0,0 +1,97 @@
+Description: Work around race condition that might ignore DHCP offers
+Author: Mauricio Faria de Oliveira <mfo@canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1926139
+Forwarded: no
+Last-Update: 2023-01-26
+
+Index: isc-dhcp-4.4.1/omapip/dispatch.c
+===================================================================
+--- isc-dhcp-4.4.1.orig/omapip/dispatch.c
++++ isc-dhcp-4.4.1/omapip/dispatch.c
+@@ -193,6 +193,41 @@ omapi_iscsock_cb(isc_task_t   *task,
+ 	return (0);
+ }
+ 
++/* Check for environment variable DHCP_FD_FLAGS_POKE=0. */
++static int check_envvar(void) {
++	char *value;
++	return ((value = getenv("DHCP_FD_FLAGS_POKE")) &&
++		!strncmp(value, "0", sizeof("0")));
++}
++
++/*
++ * Check for kernel cmdline option dhcp.fd_flags_poke=0.
++ * Source: casper-md5check.c
++ */
++static int check_cmdline(void) {
++	FILE *cmdline = fopen("/proc/cmdline", "r");
++	char buf[1024];
++	char *bufp = buf, *token;
++	int found = 0;
++
++	if (!cmdline)
++		return 0;
++
++	memset(buf, '\0', 1024);
++	fread(buf, 1023, 1, cmdline);
++
++	while ((token = strsep(&bufp, " \n")) != NULL && bufp != NULL) {
++		if (strncmp(token, "dhcp.fd_flags_poke=0",
++			    sizeof("dhcp.fd_flags_poke=0")) == 0) {
++			found = 1;
++			break;
++		}
++	}
++
++	fclose(cmdline);
++	return found;
++}
++
+ /* Register an I/O handle so that we can do asynchronous I/O on it. */
+ 
+ isc_result_t omapi_register_io_object (omapi_object_t *h,
+@@ -209,6 +244,24 @@ isc_result_t omapi_register_io_object (o
+ 	omapi_io_object_t *obj, *p;
+ 	int fd_flags = 0, fd = 0;
+ 
++	/*
++	 * (LP: #1926139)
++	 * Prevent race condition with the socket's callback omapi_iscsock_cb()
++	 * being called in between isc_socket_fdwatchcreate() and function end
++	 * (ie, with potentially inconsistent omapi_io_states list and object).
++	 *
++	 * Let's poke the socket manager to watch the socket fd only _after_
++	 * list/object are done, instead of within isc_socket_fdwatchcreate().
++	 *
++	 * Init-time switches for original (racy) behavior:
++	 * - DHCP_FD_FLAGS_POKE=0 as environment variable.
++	 * - dhcp.fd_flags_poke=0 as kernel cmdline option.
++	 */
++	static int fd_flags_poke = 1;
++
++	if (!omapi_io_states.refcnt && (check_envvar() || check_cmdline()))
++		fd_flags_poke = 0;
++
+ 	/* omapi_io_states is a static object.   If its reference count
+ 	   is zero, this is the first I/O handle to be registered, so
+ 	   we need to initialize it.   Because there is no inner or outer
+@@ -257,7 +310,8 @@ isc_result_t omapi_register_io_object (o
+ 
+ 	if (fd_flags != 0) {
+ 		status = isc_socket_fdwatchcreate(dhcp_gbl_ctx.socketmgr,
+-						  fd, fd_flags,
++						  fd,
++						  (fd_flags_poke ? 0 : fd_flags),
+ 						  omapi_iscsock_cb,
+ 						  obj,
+ 						  dhcp_gbl_ctx.task,
+@@ -290,6 +344,9 @@ isc_result_t omapi_register_io_object (o
+ 	obj -> writer = writer;
+ 	obj -> reaper = reaper;
+ 
++	if (fd_flags_poke)
++		isc_socket_fdwatchpoke(obj->fd, fd_flags);
++
+ 	omapi_io_dereference(&obj, MDL);
+ 	return ISC_R_SUCCESS;
+ }
diff -Nru isc-dhcp-4.4.1/debian/patches/series isc-dhcp-4.4.1/debian/patches/series
--- isc-dhcp-4.4.1/debian/patches/series	2022-10-04 12:36:19.000000000 +0000
+++ isc-dhcp-4.4.1/debian/patches/series	2023-01-25 20:53:54.000000000 +0000
@@ -33,3 +33,4 @@
 CVE-2021-25217.patch
 CVE-2022-2928.patch
 CVE-2022-2929.patch
+lp1926139.patch