USN-7860-1

Details

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS.

Affected Packages

linux-aws-6.14

Ubuntu 24.04 LTS

Fixed in:

6.14.0-1016.16~24.04.1

linux-gcp-6.14

Ubuntu 24.04 LTS

Fixed in:

6.14.0-1019.20~24.04.1

linux-oem-6.14

Ubuntu 24.04 LTS

Fixed in:

6.14.0-1015.15

linux-oracle-6.14

Ubuntu 24.04 LTS

Fixed in:

6.14.0-1016.16~24.04.1

linux

Ubuntu 25.04

Fixed in:

6.14.0-35.35

linux-aws

Ubuntu 25.04

Fixed in:

6.14.0-1016.16

linux-gcp

Ubuntu 25.04

Fixed in:

6.14.0-1019.20

linux-oracle

Ubuntu 25.04

Fixed in:

6.14.0-1016.16

linux-raspi

Ubuntu 25.04

Fixed in:

6.14.0-1017.17

linux-realtime

Ubuntu 25.04

Fixed in:

6.14.0-1015.15

References

REPORThttps://ubuntu.com/security/CVE-2025-40300 ADVISORYhttps://ubuntu.com/security/notices/USN-7860-1

USN-7860-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline