Kernel and Poppler updates for Ubuntu

Ubuntu 6931 Published by

Ubuntu has released security updates to address several vulnerabilities in its operating system. The updates cover multiple Linux kernel vulnerabilities and a poppler vulnerability, which were identified as potential security risks.

[USN-7835-5] Linux kernel (Oracle) vulnerabilities
[USN-7862-1] Linux kernel vulnerability
[USN-7860-1] Linux kernel vulnerability
[USN-7863-1] Linux kernel vulnerabilities
[USN-7861-1] Linux kernel vulnerabilities
[USN-7858-1] poppler vulnerability
[USN-7860-2] Linux kernel (Real-time) vulnerability




[USN-7835-5] Linux kernel (Oracle) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7835-5
November 06, 2025

linux-oracle-6.8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-oracle-6.8: Linux kernel for Oracle Cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Ublk userspace block driver;
- Clock framework and drivers;
- GPU drivers;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- Remote Processor subsystem;
- Thermal drivers;
- Virtio Host (VHOST) subsystem;
- 9P distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Memory management;
- RDMA verbs API;
- Kernel fork() syscall;
- Tracing infrastructure;
- Watch queue notification mechanism;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- SoC Audio for Freescale CPUs drivers;
(CVE-2025-39728, CVE-2025-23136, CVE-2025-22062, CVE-2025-22035,
CVE-2025-22020, CVE-2025-22083, CVE-2025-22071, CVE-2025-22060,
CVE-2025-22073, CVE-2025-22044, CVE-2025-22063, CVE-2025-22079,
CVE-2025-22057, CVE-2025-22095, CVE-2025-39735, CVE-2025-39682,
CVE-2025-22058, CVE-2025-22021, CVE-2025-22018, CVE-2025-22056,
CVE-2025-22054, CVE-2025-22080, CVE-2025-22039, CVE-2025-22019,
CVE-2025-22038, CVE-2025-22028, CVE-2023-53034, CVE-2024-58092,
CVE-2025-38637, CVE-2025-22089, CVE-2025-40114, CVE-2025-22068,
CVE-2025-37937, CVE-2025-22070, CVE-2025-22072, CVE-2025-22086,
CVE-2025-22050, CVE-2025-22040, CVE-2025-22065, CVE-2025-38575,
CVE-2025-22064, CVE-2025-22033, CVE-2025-22041, CVE-2025-22090,
CVE-2025-22036, CVE-2025-23138, CVE-2025-22047, CVE-2025-38240,
CVE-2025-22066, CVE-2025-22042, CVE-2025-38152, CVE-2025-22055,
CVE-2025-22081, CVE-2025-22045, CVE-2025-22053, CVE-2025-22075,
CVE-2025-22027, CVE-2025-22025, CVE-2025-22097)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-6.8.0-1038-oracle 6.8.0-1038.39~22.04.1
linux-image-6.8.0-1038-oracle-64k 6.8.0-1038.39~22.04.1
linux-image-oracle 6.8.0-1038.39~22.04.1
linux-image-oracle-6.8 6.8.0-1038.39~22.04.1
linux-image-oracle-64k 6.8.0-1038.39~22.04.1
linux-image-oracle-64k-6.8 6.8.0-1038.39~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7835-5
https://ubuntu.com/security/notices/USN-7835-4
https://ubuntu.com/security/notices/USN-7835-3
https://ubuntu.com/security/notices/USN-7835-2
https://ubuntu.com/security/notices/USN-7835-1
CVE-2023-53034, CVE-2024-58092, CVE-2025-22018, CVE-2025-22019,
CVE-2025-22020, CVE-2025-22021, CVE-2025-22025, CVE-2025-22027,
CVE-2025-22028, CVE-2025-22033, CVE-2025-22035, CVE-2025-22036,
CVE-2025-22038, CVE-2025-22039, CVE-2025-22040, CVE-2025-22041,
CVE-2025-22042, CVE-2025-22044, CVE-2025-22045, CVE-2025-22047,
CVE-2025-22050, CVE-2025-22053, CVE-2025-22054, CVE-2025-22055,
CVE-2025-22056, CVE-2025-22057, CVE-2025-22058, CVE-2025-22060,
CVE-2025-22062, CVE-2025-22063, CVE-2025-22064, CVE-2025-22065,
CVE-2025-22066, CVE-2025-22068, CVE-2025-22070, CVE-2025-22071,
CVE-2025-22072, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079,
CVE-2025-22080, CVE-2025-22081, CVE-2025-22083, CVE-2025-22086,
CVE-2025-22089, CVE-2025-22090, CVE-2025-22095, CVE-2025-22097,
CVE-2025-23136, CVE-2025-23138, CVE-2025-37937, CVE-2025-38152,
CVE-2025-38240, CVE-2025-38575, CVE-2025-38637, CVE-2025-39682,
CVE-2025-39728, CVE-2025-39735, CVE-2025-40114

Package Information:
https://launchpad.net/ubuntu/+source/linux-oracle-6.8/6.8.0-1038.39~22.04.1



[USN-7862-1] Linux kernel vulnerability


==========================================================================
Ubuntu Security Notice USN-7862-1
November 06, 2025

linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,
linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg,
linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15,
linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-intel-iotg: Linux kernel for Intel IoT platforms
- linux-lowlatency: Linux low latency kernel
- linux-nvidia: Linux kernel for NVIDIA systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.15: Linux hardware enablement (HWE) kernel
- linux-ibm-5.15: Linux kernel for IBM cloud systems
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms
- linux-lowlatency-hwe-5.15: Linux low latency kernel
- linux-oracle-5.15: Linux kernel for Oracle Cloud systems

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1079-gkeop 5.15.0-1079.87
linux-image-5.15.0-1090-ibm 5.15.0-1090.93
linux-image-5.15.0-1091-intel-iotg 5.15.0-1091.97
linux-image-5.15.0-1091-nvidia 5.15.0-1091.92
linux-image-5.15.0-1091-nvidia-lowlatency 5.15.0-1091.92
linux-image-5.15.0-1092-gke 5.15.0-1092.98
linux-image-5.15.0-1093-oracle 5.15.0-1093.99
linux-image-5.15.0-1096-aws 5.15.0-1096.103
linux-image-5.15.0-1096-aws-64k 5.15.0-1096.103
linux-image-5.15.0-1096-gcp 5.15.0-1096.105
linux-image-5.15.0-161-generic 5.15.0-161.171
linux-image-5.15.0-161-generic-64k 5.15.0-161.171
linux-image-5.15.0-161-generic-lpae 5.15.0-161.171
linux-image-5.15.0-161-lowlatency 5.15.0-161.171
linux-image-5.15.0-161-lowlatency-64k 5.15.0-161.171
linux-image-aws-5.15 5.15.0.1096.99
linux-image-aws-64k-5.15 5.15.0.1096.99
linux-image-aws-64k-lts-22.04 5.15.0.1096.99
linux-image-aws-lts-22.04 5.15.0.1096.99
linux-image-gcp-5.15 5.15.0.1096.92
linux-image-gcp-lts-22.04 5.15.0.1096.92
linux-image-generic 5.15.0.161.157
linux-image-generic-5.15 5.15.0.161.157
linux-image-generic-64k 5.15.0.161.157
linux-image-generic-64k-5.15 5.15.0.161.157
linux-image-generic-lpae 5.15.0.161.157
linux-image-generic-lpae-5.15 5.15.0.161.157
linux-image-gke 5.15.0.1092.91
linux-image-gke-5.15 5.15.0.1092.91
linux-image-gkeop 5.15.0.1079.78
linux-image-gkeop-5.15 5.15.0.1079.78
linux-image-ibm 5.15.0.1090.86
linux-image-ibm-5.15 5.15.0.1090.86
linux-image-intel-iotg 5.15.0.1091.91
linux-image-intel-iotg-5.15 5.15.0.1091.91
linux-image-lowlatency 5.15.0.161.139
linux-image-lowlatency-5.15 5.15.0.161.139
linux-image-lowlatency-64k 5.15.0.161.139
linux-image-lowlatency-64k-5.15 5.15.0.161.139
linux-image-nvidia 5.15.0.1091.91
linux-image-nvidia-5.15 5.15.0.1091.91
linux-image-nvidia-lowlatency 5.15.0.1091.91
linux-image-nvidia-lowlatency-5.15 5.15.0.1091.91
linux-image-oracle-5.15 5.15.0.1093.89
linux-image-oracle-lts-22.04 5.15.0.1093.89
linux-image-virtual 5.15.0.161.157
linux-image-virtual-5.15 5.15.0.161.157

Ubuntu 20.04 LTS
linux-image-5.15.0-1090-ibm 5.15.0-1090.93~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1091-intel-iotg 5.15.0-1091.97~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1093-oracle 5.15.0-1093.99~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1096-aws 5.15.0-1096.103~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1096-gcp 5.15.0-1096.105~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-161-generic 5.15.0-161.171~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-161-generic-64k 5.15.0-161.171~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-161-generic-lpae 5.15.0-161.171~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-161-lowlatency 5.15.0-161.171~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-161-lowlatency-64k 5.15.0-161.171~20.04.1
Available with Ubuntu Pro
linux-image-aws 5.15.0.1096.103~20.04.1
Available with Ubuntu Pro
linux-image-aws-5.15 5.15.0.1096.103~20.04.1
Available with Ubuntu Pro
linux-image-gcp 5.15.0.1096.105~20.04.1
Available with Ubuntu Pro
linux-image-gcp-5.15 5.15.0.1096.105~20.04.1
Available with Ubuntu Pro
linux-image-generic-5.15 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-generic-64k-5.15 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-generic-64k-hwe-20.04 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-20.04 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-generic-lpae-5.15 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-generic-lpae-hwe-20.04 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-ibm 5.15.0.1090.93~20.04.1
Available with Ubuntu Pro
linux-image-ibm-5.15 5.15.0.1090.93~20.04.1
Available with Ubuntu Pro
linux-image-intel 5.15.0.1091.97~20.04.1
Available with Ubuntu Pro
linux-image-intel-iotg 5.15.0.1091.97~20.04.1
Available with Ubuntu Pro
linux-image-intel-iotg-5.15 5.15.0.1091.97~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-5.15 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-64k-5.15 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-64k-hwe-20.04 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-20.04 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04b 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04c 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04d 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-oracle 5.15.0.1093.99~20.04.1
Available with Ubuntu Pro
linux-image-oracle-5.15 5.15.0.1093.99~20.04.1
Available with Ubuntu Pro
linux-image-virtual-5.15 5.15.0.161.171~20.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-20.04 5.15.0.161.171~20.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7862-1
CVE-2025-40300

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.15.0-161.171
https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1096.103
https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1096.105
https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1092.98
https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1079.87
https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1090.93
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1091.97
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-161.171
https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1091.92
https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1093.99



[USN-7860-1] Linux kernel vulnerability


==========================================================================
Ubuntu Security Notice USN-7860-1
November 06, 2025

linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14,
linux-oem-6.14, linux-oracle, linux-oracle-6.14, linux-raspi,
linux-realtime vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-realtime: Linux kernel for Real-time systems
- linux-aws-6.14: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-6.14: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oem-6.14: Linux kernel for OEM systems
- linux-oracle-6.14: Linux kernel for Oracle Cloud systems

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
linux-image-6.14.0-1015-realtime 6.14.0-1015.15
linux-image-6.14.0-1016-aws 6.14.0-1016.16
linux-image-6.14.0-1016-aws-64k 6.14.0-1016.16
linux-image-6.14.0-1016-oracle 6.14.0-1016.16
linux-image-6.14.0-1016-oracle-64k 6.14.0-1016.16
linux-image-6.14.0-1017-raspi 6.14.0-1017.17
linux-image-6.14.0-1019-gcp 6.14.0-1019.20
linux-image-6.14.0-1019-gcp-64k 6.14.0-1019.20
linux-image-6.14.0-35-generic 6.14.0-35.35
linux-image-6.14.0-35-generic-64k 6.14.0-35.35
linux-image-aws 6.14.0-1016.16
linux-image-aws-6.14 6.14.0-1016.16
linux-image-aws-64k 6.14.0-1016.16
linux-image-aws-64k-6.14 6.14.0-1016.16
linux-image-gcp 6.14.0-1019.20
linux-image-gcp-6.14 6.14.0-1019.20
linux-image-gcp-64k 6.14.0-1019.20
linux-image-gcp-64k-6.14 6.14.0-1019.20
linux-image-generic 6.14.0-35.35
linux-image-generic-6.14 6.14.0-35.35
linux-image-generic-64k 6.14.0-35.35
linux-image-generic-64k-6.14 6.14.0-35.35
linux-image-oracle 6.14.0-1016.16
linux-image-oracle-6.14 6.14.0-1016.16
linux-image-oracle-64k 6.14.0-1016.16
linux-image-oracle-64k-6.14 6.14.0-1016.16
linux-image-raspi 6.14.0-1017.17
linux-image-raspi-6.14 6.14.0-1017.17
linux-image-realtime 6.14.0-1015.15
linux-image-realtime-6.14 6.14.0-1015.15
linux-image-virtual 6.14.0-35.35
linux-image-virtual-6.14 6.14.0-35.35

Ubuntu 24.04 LTS
linux-image-6.14.0-1015-oem 6.14.0-1015.15
linux-image-6.14.0-1016-aws 6.14.0-1016.16~24.04.1
linux-image-6.14.0-1016-aws-64k 6.14.0-1016.16~24.04.1
linux-image-6.14.0-1016-oracle 6.14.0-1016.16~24.04.1
linux-image-6.14.0-1016-oracle-64k 6.14.0-1016.16~24.04.1
linux-image-6.14.0-1019-gcp 6.14.0-1019.20~24.04.1
linux-image-6.14.0-1019-gcp-64k 6.14.0-1019.20~24.04.1
linux-image-aws 6.14.0-1016.16~24.04.1
linux-image-aws-6.14 6.14.0-1016.16~24.04.1
linux-image-aws-64k 6.14.0-1016.16~24.04.1
linux-image-aws-64k-6.14 6.14.0-1016.16~24.04.1
linux-image-gcp 6.14.0-1019.20~24.04.1
linux-image-gcp-6.14 6.14.0-1019.20~24.04.1
linux-image-gcp-64k 6.14.0-1019.20~24.04.1
linux-image-gcp-64k-6.14 6.14.0-1019.20~24.04.1
linux-image-oem-24.04 6.14.0-1015.15
linux-image-oem-24.04a 6.14.0-1015.15
linux-image-oem-24.04b 6.14.0-1015.15
linux-image-oem-24.04c 6.14.0-1015.15
linux-image-oem-6.14 6.14.0-1015.15
linux-image-oracle 6.14.0-1016.16~24.04.1
linux-image-oracle-6.14 6.14.0-1016.16~24.04.1
linux-image-oracle-64k 6.14.0-1016.16~24.04.1
linux-image-oracle-64k-6.14 6.14.0-1016.16~24.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7860-1
CVE-2025-40300

Package Information:
https://launchpad.net/ubuntu/+source/linux/6.14.0-35.35
https://launchpad.net/ubuntu/+source/linux-aws/6.14.0-1016.16
https://launchpad.net/ubuntu/+source/linux-gcp/6.14.0-1019.20
https://launchpad.net/ubuntu/+source/linux-oracle/6.14.0-1016.16
https://launchpad.net/ubuntu/+source/linux-raspi/6.14.0-1017.17
https://launchpad.net/ubuntu/+source/linux-realtime/6.14.0-1015.15
https://launchpad.net/ubuntu/+source/linux-aws-6.14/6.14.0-1016.16~24.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-6.14/6.14.0-1019.20~24.04.1
https://launchpad.net/ubuntu/+source/linux-oem-6.14/6.14.0-1015.15

https://launchpad.net/ubuntu/+source/linux-oracle-6.14/6.14.0-1016.16~24.04.1



[USN-7863-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7863-1
November 06, 2025

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- TTY drivers;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- SCTP protocol;
- USB sound devices;
(CVE-2021-47294, CVE-2021-47330, CVE-2023-52574, CVE-2023-52650,
CVE-2024-50006, CVE-2024-50299, CVE-2024-53124, CVE-2024-53150,
CVE-2024-56767, CVE-2025-37838, CVE-2025-38352)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
linux-image-4.4.0-1150-kvm 4.4.0-1150.161
Available with Ubuntu Pro
linux-image-4.4.0-1187-aws 4.4.0-1187.202
Available with Ubuntu Pro
linux-image-4.4.0-274-generic 4.4.0-274.308
Available with Ubuntu Pro
linux-image-4.4.0-274-lowlatency 4.4.0-274.308
Available with Ubuntu Pro
linux-image-aws 4.4.0.1187.191
Available with Ubuntu Pro
linux-image-generic 4.4.0.274.280
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.274.280
Available with Ubuntu Pro
linux-image-kvm 4.4.0.1150.147
Available with Ubuntu Pro
linux-image-lowlatency 4.4.0.274.280
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.274.280
Available with Ubuntu Pro
linux-image-virtual 4.4.0.274.280
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.274.280
Available with Ubuntu Pro

Ubuntu 14.04 LTS
linux-image-4.4.0-1149-aws 4.4.0-1149.155
Available with Ubuntu Pro
linux-image-4.4.0-274-generic 4.4.0-274.308~14.04.1
Available with Ubuntu Pro
linux-image-4.4.0-274-lowlatency 4.4.0-274.308~14.04.1
Available with Ubuntu Pro
linux-image-aws 4.4.0.1149.146
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.274.308~14.04.1
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.274.308~14.04.1
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.274.308~14.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7863-1
CVE-2021-47294, CVE-2021-47330, CVE-2023-52574, CVE-2023-52650,
CVE-2024-50006, CVE-2024-50299, CVE-2024-53124, CVE-2024-53150,
CVE-2024-56767, CVE-2025-37838, CVE-2025-38352, CVE-2025-40300



[USN-7861-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7861-1
November 06, 2025

linux, linux-aws, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8,
linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia,
linux-nvidia-lowlatency vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-lowlatency: Linux low latency kernel
- linux-nvidia: Linux kernel for NVIDIA systems
- linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems
- linux-hwe-6.8: Linux hardware enablement (HWE) kernel
- linux-ibm-6.8: Linux kernel for IBM cloud systems
- linux-lowlatency-hwe-6.8: Linux low latency kernel

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HSI subsystem;
- Bluetooth subsystem;
- Timer subsystem;
(CVE-2025-37838, CVE-2025-38118, CVE-2025-38352)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1026-gkeop 6.8.0-1026.29
linux-image-6.8.0-1040-ibm 6.8.0-1040.40
linux-image-6.8.0-1042-aws 6.8.0-1042.44
linux-image-6.8.0-1042-aws-64k 6.8.0-1042.44
linux-image-6.8.0-1042-nvidia 6.8.0-1042.45+1
linux-image-6.8.0-1042-nvidia-64k 6.8.0-1042.45+1
linux-image-6.8.0-1042-nvidia-lowlatency 6.8.0-1042.45.1
linux-image-6.8.0-1042-nvidia-lowlatency-64k 6.8.0-1042.45.1
linux-image-6.8.0-87-generic 6.8.0-87.88
linux-image-6.8.0-87-generic-64k 6.8.0-87.88
linux-image-6.8.0-87-lowlatency 6.8.0-87.88.1
linux-image-6.8.0-87-lowlatency-64k 6.8.0-87.88.1
linux-image-aws-6.8 6.8.0-1042.44
linux-image-aws-64k-6.8 6.8.0-1042.44
linux-image-aws-64k-lts-24.04 6.8.0-1042.44
linux-image-aws-lts-24.04 6.8.0-1042.44
linux-image-generic 6.8.0-87.88
linux-image-generic-6.8 6.8.0-87.88
linux-image-generic-64k 6.8.0-87.88
linux-image-generic-64k-6.8 6.8.0-87.88
linux-image-generic-lpae 6.8.0-87.88
linux-image-gkeop 6.8.0-1026.29
linux-image-gkeop-6.8 6.8.0-1026.29
linux-image-ibm 6.8.0-1040.40
linux-image-ibm-6.8 6.8.0-1040.40
linux-image-ibm-classic 6.8.0-1040.40
linux-image-ibm-lts-24.04 6.8.0-1040.40
linux-image-kvm 6.8.0-87.88
linux-image-lowlatency 6.8.0-87.88.1
linux-image-lowlatency-6.8 6.8.0-87.88.1
linux-image-lowlatency-64k 6.8.0-87.88.1
linux-image-lowlatency-64k-6.8 6.8.0-87.88.1
linux-image-nvidia 6.8.0-1042.45
linux-image-nvidia-6.8 6.8.0-1042.45
linux-image-nvidia-64k 6.8.0-1042.45
linux-image-nvidia-64k-6.8 6.8.0-1042.45
linux-image-nvidia-lowlatency 6.8.0-1042.45.1
linux-image-nvidia-lowlatency-6.8 6.8.0-1042.45.1
linux-image-nvidia-lowlatency-64k 6.8.0-1042.45.1
linux-image-nvidia-lowlatency-64k-6.8 6.8.0-1042.45.1
linux-image-virtual 6.8.0-87.88
linux-image-virtual-6.8 6.8.0-87.88

Ubuntu 22.04 LTS
linux-image-6.8.0-1040-ibm 6.8.0-1040.40~22.04.1
linux-image-6.8.0-87-generic 6.8.0-87.88~22.04.1
linux-image-6.8.0-87-lowlatency 6.8.0-87.88.1~22.04.1
linux-image-6.8.0-87-lowlatency-64k 6.8.0-87.88.1~22.04.1
linux-image-generic-6.8 6.8.0-87.88~22.04.1
linux-image-generic-64k-6.8 6.8.0-87.88~22.04.1
linux-image-generic-64k-hwe-22.04 6.8.0-87.88~22.04.1
linux-image-generic-hwe-22.04 6.8.0-87.88~22.04.1
linux-image-ibm-6.8 6.8.0-1040.40~22.04.1
linux-image-lowlatency-6.8 6.8.0-87.88.1~22.04.1
linux-image-lowlatency-64k-6.8 6.8.0-87.88.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 6.8.0-87.88.1~22.04.1
linux-image-lowlatency-hwe-22.04 6.8.0-87.88.1~22.04.1
linux-image-oem-22.04 6.8.0-87.88~22.04.1
linux-image-oem-22.04a 6.8.0-87.88~22.04.1
linux-image-oem-22.04b 6.8.0-87.88~22.04.1
linux-image-oem-22.04c 6.8.0-87.88~22.04.1
linux-image-oem-22.04d 6.8.0-87.88~22.04.1
linux-image-virtual-6.8 6.8.0-87.88~22.04.1
linux-image-virtual-hwe-22.04 6.8.0-87.88~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7861-1
CVE-2025-37838, CVE-2025-38118, CVE-2025-38352, CVE-2025-40300

Package Information:
https://launchpad.net/ubuntu/+source/linux/6.8.0-87.88
https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1042.44
https://launchpad.net/ubuntu/+source/linux-gkeop/6.8.0-1026.29
https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1040.40
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-87.88.1
https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1042.45
https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1042.45.1
https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-87.88~22.04.1
https://launchpad.net/ubuntu/+source/linux-ibm-6.8/6.8.0-1040.40~22.04.1

https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.8/6.8.0-87.88.1~22.04.1



[USN-7858-1] poppler vulnerability


==========================================================================
Ubuntu Security Notice USN-7858-1
November 05, 2025

poppler vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

poppler could be made to crash if it opened a specially crafted file.

Software Description:
- poppler: PDF rendering library

Details:

It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a crash.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libpoppler147 25.03.0-10ubuntu0.1
poppler-utils 25.03.0-10ubuntu0.1

Ubuntu 25.04
libpoppler147 25.03.0-3ubuntu1.4
poppler-utils 25.03.0-3ubuntu1.4

Ubuntu 24.04 LTS
libpoppler134 24.02.0-1ubuntu9.8
poppler-utils 24.02.0-1ubuntu9.8

Ubuntu 22.04 LTS
libpoppler118 22.02.0-2ubuntu0.12
poppler-utils 22.02.0-2ubuntu0.12

Ubuntu 20.04 LTS
libpoppler97 0.86.1-0ubuntu1.7+esm3
Available with Ubuntu Pro
poppler-utils 0.86.1-0ubuntu1.7+esm3
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7858-1
CVE-2025-52885

Package Information:
https://launchpad.net/ubuntu/+source/poppler/25.03.0-10ubuntu0.1
https://launchpad.net/ubuntu/+source/poppler/25.03.0-3ubuntu1.4
https://launchpad.net/ubuntu/+source/poppler/24.02.0-1ubuntu9.8
https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.12



[USN-7860-2] Linux kernel (Real-time) vulnerability


==========================================================================
Ubuntu Security Notice USN-7860-2
November 06, 2025

linux-realtime-6.14 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
- linux-realtime-6.14: Linux kernel for Real-time systems

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.14.0-1015-realtime 6.14.0-1015.15~24.04.1
Available with Ubuntu Pro
linux-image-realtime-6.14 6.14.0-1015.15~24.04.1
Available with Ubuntu Pro
linux-image-realtime-hwe-24.04 6.14.0-1015.15~24.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7860-2
https://ubuntu.com/security/notices/USN-7860-1
CVE-2025-40300

Package Information:

https://launchpad.net/ubuntu/+source/linux-realtime-6.14/6.14.0-1015.15~24.04.1


Java, RunC, Kernel, ImageMagick, Python-Django updates for SUSE

Unbound update for Debian ELTS

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...