[USN-7848-1] AMD Microcode vulnerabilities
[USN-7847-1] GNU binutils vulnerabilities
[USN-7843-1] Netty vulnerability
[USN-7844-1] YAML::Syck vulnerability
[USN-7852-1] libxml2 vulnerability
[USN-7853-2] Linux kernel (FIPS) vulnerabilities
[USN-7854-1] Linux kernel (KVM) vulnerabilities
[USN-7850-1] Linux kernel vulnerabilities
[USN-7853-1] Linux kernel vulnerabilities
[USN-7848-1] AMD Microcode vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7848-1
October 29, 2025
amd64-microcode vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
Summary:
Several security issues were fixed in AMD Microcode.
Software Description:
- amd64-microcode: Platform firmware and microcode for AMD CPUs and SoCs
Details:
Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores. A local attacker could possibly use
this issue to expose sensitive information. This update provides the
updated microcode mitigations required for the corresponding Linux kernel
update.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
amd64-microcode 3.20250708.0ubuntu0.25.04.2
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7848-1
CVE-2024-36350, CVE-2024-36357
Package Information:
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20250708.0ubuntu0.25.04.2
[USN-7847-1] GNU binutils vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7847-1
October 29, 2025
binutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in GNU binutils.
Software Description:
- binutils: GNU assembler, linker and binary utilities
Details:
It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. The attack is restricted to local execution.
(CVE-2025-11082)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2025-11083, CVE-2025-5244, CVE-2025-5245,
CVE-2025-7554)
It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause crash, execute
arbitrary code or expose sensitive information. (CVE-2025-1147)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2025-1148, CVE-2025-3198, CVE-2025-8225
It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash. This issue only
affected Ubuntu 25.04. (CVE-2025-1182)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 25.04 and Ubuntu 24.04 LTS.
(CVE-2025-7546)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
binutils 2.44-3ubuntu1.1
binutils-multiarch 2.44-3ubuntu1.1
Ubuntu 24.04 LTS
binutils 2.42-4ubuntu2.6
binutils-multiarch 2.42-4ubuntu2.6
Ubuntu 22.04 LTS
binutils 2.38-4ubuntu2.10
binutils-multiarch 2.38-4ubuntu2.10
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7847-1
CVE-2025-11082, CVE-2025-11083, CVE-2025-1147, CVE-2025-1148,
CVE-2025-1182, CVE-2025-3198, CVE-2025-5244, CVE-2025-5245,
CVE-2025-7545, CVE-2025-7546, CVE-2025-8225
Package Information:
https://launchpad.net/ubuntu/+source/binutils/2.44-3ubuntu1.1
https://launchpad.net/ubuntu/+source/binutils/2.42-4ubuntu2.6
https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.10
[USN-7843-1] Netty vulnerability
==========================================================================
Ubuntu Security Notice USN-7843-1
October 28, 2025
netty vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Netty could be made to send emails as your login if it received specially
crafted input.
Software Description:
- netty: Java NIO client/server socket framework
Details:
It was discovered that Netty did not properly handle user input. A remote
attacker could possibly use this issue to forge arbitrary emails from a
trusted server.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libnetty-java 1:4.1.48-10ubuntu0.25.10.1
Ubuntu 25.04
libnetty-java 1:4.1.48-10ubuntu0.25.04.1
Ubuntu 24.04 LTS
libnetty-java 1:4.1.48-9ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libnetty-java 1:4.1.48-4+deb11u2ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libnetty-java 1:4.1.45-1ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libnetty-java 1:4.1.7-4ubuntu0.1+esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7843-1
CVE-2025-59419
Package Information:
https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubuntu0.25.04.1
[USN-7844-1] YAML::Syck vulnerability
==========================================================================
Ubuntu Security Notice USN-7844-1
October 28, 2025
libyaml-syck-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
The system could be made to expose sensitive information.
Software Description:
- libyaml-syck-perl: Perl module providing a fast, lightweight YAML loader and dumper
Details:
It was discovered that YAML::Syck did not properly handle parsing YAML
files. An attacker could possibly use this issue to expose sensitive
information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libyaml-syck-perl 1.34-3ubuntu0.1
Ubuntu 25.04
libyaml-syck-perl 1.34-2ubuntu0.25.04.1
Ubuntu 24.04 LTS
libyaml-syck-perl 1.34-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libyaml-syck-perl 1.34-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libyaml-syck-perl 1.31-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libyaml-syck-perl 1.29-1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libyaml-syck-perl 1.29-1ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7844-1
CVE-2025-11683
Package Information:
https://launchpad.net/ubuntu/+source/libyaml-syck-perl/1.34-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libyaml-syck-perl/1.34-2ubuntu0.25.04.1
[USN-7852-1] libxml2 vulnerability
==========================================================================
Ubuntu Security Notice USN-7852-1
October 30, 2025
libxml2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
libxml2 could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- libxml2: GNOME XML library
Details:
It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libxml2 2.12.7+dfsg+really2.9.14-0.4ubuntu0.4
python3-libxml2 2.12.7+dfsg+really2.9.14-0.4ubuntu0.4
Ubuntu 24.04 LTS
libxml2 2.9.14+dfsg-1.3ubuntu3.6
python3-libxml2 2.9.14+dfsg-1.3ubuntu3.6
Ubuntu 22.04 LTS
libxml2 2.9.13+dfsg-1ubuntu0.10
python3-libxml2 2.9.13+dfsg-1ubuntu0.10
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7852-1
CVE-2025-7425
Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.12.7+dfsg+really2.9.14-0.4ubuntu0.4
https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-1.3ubuntu3.6
https://launchpad.net/ubuntu/+source/libxml2/2.9.13+dfsg-1ubuntu0.10
[USN-7853-2] Linux kernel (FIPS) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7853-2
October 30, 2025
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- SCTP protocol;
- USB sound devices;
(CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1141-fips 4.15.0-1141.153
Available with Ubuntu Pro
linux-image-4.15.0-2087-gcp-fips 4.15.0-2087.93
Available with Ubuntu Pro
linux-image-4.15.0-2124-aws-fips 4.15.0-2124.130
Available with Ubuntu Pro
linux-image-aws-fips 4.15.0.2124.118
Available with Ubuntu Pro
linux-image-aws-fips-4.15 4.15.0.2124.118
Available with Ubuntu Pro
linux-image-fips 4.15.0.1141.138
Available with Ubuntu Pro
linux-image-gcp-fips 4.15.0.2087.85
Available with Ubuntu Pro
linux-image-gcp-fips-4.15 4.15.0.2087.85
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7853-2
https://ubuntu.com/security/notices/USN-7853-1
CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352, CVE-2025-40300
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/4.15.0-2124.130
https://launchpad.net/ubuntu/+source/linux-fips/4.15.0-1141.153
https://launchpad.net/ubuntu/+source/linux-gcp-fips/4.15.0-2087.93
[USN-7854-1] Linux kernel (KVM) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7854-1
October 30, 2025
linux-kvm vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-kvm: Linux kernel for cloud environments
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Framebuffer layer;
- BTRFS file system;
- Ext4 file system;
- Network file system (NFS) server daemon;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- Packet sockets;
- Network traffic control;
- SCTP protocol;
- VMware vSockets driver;
- USB sound devices;
(CVE-2023-52574, CVE-2023-52650, CVE-2024-35849, CVE-2024-41006,
CVE-2024-49924, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124,
CVE-2024-53150, CVE-2024-56767, CVE-2025-21796, CVE-2025-37785,
CVE-2025-37838, CVE-2025-38352, CVE-2025-38477, CVE-2025-38617,
CVE-2025-38618)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1168-kvm 4.15.0-1168.173
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1168.159
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7854-1
CVE-2023-52574, CVE-2023-52650, CVE-2024-35849, CVE-2024-41006,
CVE-2024-49924, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124,
CVE-2024-53150, CVE-2024-56767, CVE-2025-21796, CVE-2025-37785,
CVE-2025-37838, CVE-2025-38352, CVE-2025-38477, CVE-2025-38617,
CVE-2025-38618, CVE-2025-40300
[USN-7850-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7850-1
October 30, 2025
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
A security issues was discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
- USB sound devices;
(CVE-2024-53150)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
linux-image-3.13.0-208-generic 3.13.0-208.259
Available with Ubuntu Pro
linux-image-3.13.0-208-lowlatency 3.13.0-208.259
Available with Ubuntu Pro
linux-image-generic 3.13.0.208.218
Available with Ubuntu Pro
linux-image-generic-lts-trusty 3.13.0.208.218
Available with Ubuntu Pro
linux-image-lowlatency 3.13.0.208.218
Available with Ubuntu Pro
linux-image-server 3.13.0.208.218
Available with Ubuntu Pro
linux-image-virtual 3.13.0.208.218
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7850-1
CVE-2024-53150, CVE-2025-40300
[USN-7853-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7853-1
October 30, 2025
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- SCTP protocol;
- USB sound devices;
(CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1148-oracle 4.15.0-1148.159
Available with Ubuntu Pro
linux-image-4.15.0-1179-gcp 4.15.0-1179.196
Available with Ubuntu Pro
linux-image-4.15.0-1186-aws 4.15.0-1186.199
Available with Ubuntu Pro
linux-image-4.15.0-243-generic 4.15.0-243.255
Available with Ubuntu Pro
linux-image-4.15.0-243-lowlatency 4.15.0-243.255
Available with Ubuntu Pro
linux-image-aws-4.15 4.15.0.1186.184
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1186.184
Available with Ubuntu Pro
linux-image-gcp-4.15 4.15.0.1179.192
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1179.192
Available with Ubuntu Pro
linux-image-generic 4.15.0.243.227
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.243.227
Available with Ubuntu Pro
linux-image-oracle-4.15 4.15.0.1148.153
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1148.153
Available with Ubuntu Pro
linux-image-virtual 4.15.0.243.227
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1179-gcp 4.15.0-1179.196~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1186-aws 4.15.0-1186.199~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-243-generic 4.15.0-243.255~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-243-lowlatency 4.15.0-243.255~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1186.199~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1179.196~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1179.196~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7853-1
CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352, CVE-2025-40300
