USN-7853-2

Details

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

DMA engine subsystem;
GPU drivers;
HSI subsystem;
Ethernet team driver;
Ext4 file system;
Timer subsystem;
DCCP (Datagram Congestion Control Protocol);
IPv6 networking;
NET/ROM layer;
SCTP protocol;
USB sound devices; (CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767, CVE-2025-37838, CVE-2025-38352)

Affected Packages

Ubuntu:Pro:FIPS-updates:18.04:LTSlinux-aws-fips

Fixed in:

4.15.0-2124.130

Ubuntu:Pro:FIPS-updates:18.04:LTSlinux-fips

Fixed in:

4.15.0-1141.153

Ubuntu:Pro:FIPS-updates:18.04:LTSlinux-gcp-fips

Fixed in:

4.15.0-2087.93

References

USN-7853-2

Details

Affected Packages

References

Upstream

Ecosystems

Timeline