USN-7861-5

Details

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

HSI subsystem;
Bluetooth subsystem;
Timer subsystem; (CVE-2025-37838, CVE-2025-38118, CVE-2025-38352)

Affected Packages

Ubuntu:24.04:LTSlinux-raspi

Fixed in:

6.8.0-1042.46

Ubuntu:24.04:LTSlinux-xilinx

Fixed in:

6.8.0-1019.20

Ubuntu:Pro:24.04:LTS:Realtime:Kernellinux-raspi-realtime

Fixed in:

6.8.0-2033.34

References

REPORThttps://ubuntu.com/security/CVE-2025-37838 REPORThttps://ubuntu.com/security/CVE-2025-38118 REPORThttps://ubuntu.com/security/CVE-2025-38352 REPORThttps://ubuntu.com/security/CVE-2025-40300 ADVISORYhttps://ubuntu.com/security/notices/USN-7861-5

USN-7861-5

Details

Affected Packages

References

Upstream

Ecosystems

Timeline