USN-7853-1

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

• DMA engine subsystem;
• GPU drivers;
• HSI subsystem;
• Ethernet team driver;
• Ext4 file system;
• Timer subsystem;
• DCCP (Datagram Congestion Control Protocol);
• IPv6 networking;
• NET/ROM layer;
• SCTP protocol;
• USB sound devices; (CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767, CVE-2025-37838, CVE-2025-38352)