Kernel, CUPS, MAME updates for Ubuntu

Ubuntu 6923 Published 2025-12-05 08:17 by Philipp Esselbach

News

Ubuntu Linux has released several security updates to address various vulnerabilities in its Linux kernel. These updates include fixes for FIPS-compliant versions of the kernel used by Google Cloud (USN-7907-4), Microsoft Azure (USN-7910-1), and generic FIPS (USN-7909-3). Additionally, other updates have been released to address vulnerabilities in the real-time Linux kernel (USN-7909-2) and IoT-focused versions of the kernel (USN-7874-3). Other software affected includes CUPS (with multiple advisories, USN-7912-1 and USN-7912-2), MAME (USN-7913-1), and various Linux kernel advisories.

[USN-7907-4] Linux kernel (GCP FIPS) vulnerabilities
[USN-7907-3] Linux kernel vulnerabilities
[USN-7911-1] Linux kernel vulnerabilities
[USN-7910-1] Linux kernel (Azure FIPS) vulnerabilities
[USN-7909-3] Linux kernel (FIPS) vulnerabilities
[USN-7909-2] Linux kernel (Real-time) vulnerabilities
[USN-7889-4] Linux kernel vulnerabilities
[USN-7879-4] Linux kernel vulnerabilities
[USN-7909-1] Linux kernel vulnerabilities
[USN-7912-2] CUPS vulnerability
[USN-7913-1] MAME vulnerabilities
[USN-7874-3] Linux kernel (IoT) vulnerabilities
[USN-7912-1] CUPS vulnerability

[USN-7907-4] Linux kernel (GCP FIPS) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7907-4
December 04, 2025

linux-gcp-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with FIPS

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- Hardware monitoring drivers;
- InfiniBand drivers;
- Mailbox framework;
- Network drivers;
- AFS file system;
- Ceph distributed file system;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- File systems infrastructure;
- KVM subsystem;
- L3 Master device support module;
- Tracing infrastructure;
- Memory management;
- Appletalk network protocol;
- Netfilter;
- Open vSwitch;
(CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935,
CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179,
CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083,
CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791,
CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-40018)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-2088-gcp-fips 4.15.0-2088.94
Available with Ubuntu Pro
linux-image-gcp-fips 4.15.0.2088.86
Available with Ubuntu Pro
linux-image-gcp-fips-4.15 4.15.0.2088.86
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7907-4
https://ubuntu.com/security/notices/USN-7907-3
https://ubuntu.com/security/notices/USN-7907-2
https://ubuntu.com/security/notices/USN-7907-1
CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935,
CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179,
CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083,
CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791,
CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-40018

Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp-fips/4.15.0-2088.94

[USN-7907-3] Linux kernel vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7907-3
December 04, 2025

linux-gcp, linux-gcp-4.15, linux-hwe vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- Hardware monitoring drivers;
- InfiniBand drivers;
- Mailbox framework;
- Network drivers;
- AFS file system;
- Ceph distributed file system;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- File systems infrastructure;
- KVM subsystem;
- L3 Master device support module;
- Tracing infrastructure;
- Memory management;
- Appletalk network protocol;
- Netfilter;
- Open vSwitch;
(CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935,
CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179,
CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083,
CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791,
CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-40018)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1180-gcp 4.15.0-1180.197
Available with Ubuntu Pro
linux-image-gcp-4.15 4.15.0.1180.193
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1180.193
Available with Ubuntu Pro

Ubuntu 16.04 LTS
linux-image-4.15.0-1180-gcp 4.15.0-1180.197~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-245-generic 4.15.0-245.257~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-245-lowlatency 4.15.0-245.257~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1180.197~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.245.257~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1180.197~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.245.257~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.245.257~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.245.257~16.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7907-3
https://ubuntu.com/security/notices/USN-7907-2
https://ubuntu.com/security/notices/USN-7907-1
CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935,
CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179,
CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083,
CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791,
CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-40018

[USN-7911-1] Linux kernel vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7911-1
December 04, 2025

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SCSI subsystem;
- JFS file system;
(CVE-2023-52975, CVE-2024-56596)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
linux-image-3.13.0-209-generic 3.13.0-209.260
Available with Ubuntu Pro
linux-image-3.13.0-209-lowlatency 3.13.0-209.260
Available with Ubuntu Pro
linux-image-generic 3.13.0.209.219
Available with Ubuntu Pro
linux-image-generic-lts-quantal 3.13.0.209.219
Available with Ubuntu Pro
linux-image-generic-lts-raring 3.13.0.209.219
Available with Ubuntu Pro
linux-image-generic-lts-saucy 3.13.0.209.219
Available with Ubuntu Pro
linux-image-generic-lts-trusty 3.13.0.209.219
Available with Ubuntu Pro
linux-image-lowlatency 3.13.0.209.219
Available with Ubuntu Pro
linux-image-server 3.13.0.209.219
Available with Ubuntu Pro
linux-image-virtual 3.13.0.209.219
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7911-1
CVE-2023-52975, CVE-2024-56596

[USN-7910-1] Linux kernel (Azure FIPS) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7910-1
December 04, 2025

linux-azure-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- ATM drivers;
- DRBD Distributed Replicated Block Device drivers;
- Bus devices;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- Device frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- ARM SCMI message protocol;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I2C subsystem;
- I3C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device core drivers;
- IOMMU subsystem;
- Media drivers;
- Network drivers;
- Mellanox network drivers;
- PCI subsystem;
- PCCARD (PCMCIA/CardBus) bus subsystem;
- PHY drivers;
- Power supply drivers;
- Voltage and Current Regulator drivers;
- SCSI subsystem;
- ASPEED SoC drivers;
- QCOM SoC drivers;
- small TFT LCD display modules;
- Trusted Execution Environment drivers;
- TTY drivers;
- UFS subsystem;
- USB core drivers;
- DesignWare USB3 driver;
- USB Gadget drivers;
- Framebuffer layer;
- BTRFS file system;
- File systems infrastructure;
- EFI Variable file system;
- Ext4 file system;
- F2FS file system;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- Asynchronous Transfer Mode (ATM) subsystem;
- BPF subsystem;
- NFS page cache wrapper;
- Memory management;
- Networking subsytem;
- UDP network protocol;
- Perf events;
- RCU subsystem;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Appletalk network protocol;
- Amateur Radio drivers;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- HSR network protocol;
- IPv4 networking;
- IPv6 networking;
- Multipath TCP;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- Wireless networking;
- SoC audio core drivers;
- USB sound devices;
(CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074,
CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968,
CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335,
CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473,
CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480,
CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487,
CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497,
CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528,
CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538,
CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553,
CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569,
CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577,
CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583,
CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608,
CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622,
CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634,
CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650,
CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666,
CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676,
CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681,
CVE-2025-38684, CVE-2025-38685, CVE-2025-38687, CVE-2025-38691,
CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38696,
CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700,
CVE-2025-38701, CVE-2025-38706, CVE-2025-38707, CVE-2025-38708,
CVE-2025-38711, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714,
CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724,
CVE-2025-38725, CVE-2025-38729, CVE-2025-38732, CVE-2025-39673,
CVE-2025-39675, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683,
CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39687,
CVE-2025-39689, CVE-2025-39691, CVE-2025-39693, CVE-2025-39697,
CVE-2025-39702, CVE-2025-39703, CVE-2025-39709, CVE-2025-39710,
CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730,
CVE-2025-39734, CVE-2025-39736, CVE-2025-39737, CVE-2025-39738,
CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752,
CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766,
CVE-2025-39772, CVE-2025-39773, CVE-2025-39776, CVE-2025-39782,
CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39790,
CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39801,
CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813,
CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39828,
CVE-2025-39835, CVE-2025-39839, CVE-2025-39841, CVE-2025-39844,
CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848,
CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865,
CVE-2025-39866, CVE-2025-39891, CVE-2025-39894, CVE-2025-39902,
CVE-2025-39920)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1101-azure-fips 5.15.0-1101.110+fips1
Available with Ubuntu Pro
linux-image-azure-fips 5.15.0.1101.86
Available with Ubuntu Pro
linux-image-azure-fips-5.15 5.15.0.1101.86
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7910-1
CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074,
CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968,
CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335,
CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473,
CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480,
CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487,
CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497,
CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528,
CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538,
CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553,
CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569,
CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577,
CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583,
CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608,
CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622,
CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634,
CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650,
CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666,
CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676,
CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681,
CVE-2025-38684, CVE-2025-38685, CVE-2025-38687, CVE-2025-38691,
CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38696,
CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700,
CVE-2025-38701, CVE-2025-38706, CVE-2025-38707, CVE-2025-38708,
CVE-2025-38711, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714,
CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724,
CVE-2025-38725, CVE-2025-38729, CVE-2025-38732, CVE-2025-39673,
CVE-2025-39675, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683,
CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39687,
CVE-2025-39689, CVE-2025-39691, CVE-2025-39693, CVE-2025-39697,
CVE-2025-39702, CVE-2025-39703, CVE-2025-39709, CVE-2025-39710,
CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730,
CVE-2025-39734, CVE-2025-39736, CVE-2025-39737, CVE-2025-39738,
CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752,
CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766,
CVE-2025-39772, CVE-2025-39773, CVE-2025-39776, CVE-2025-39782,
CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39790,
CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39801,
CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813,
CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39828,
CVE-2025-39835, CVE-2025-39839, CVE-2025-39841, CVE-2025-39844,
CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848,
CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865,
CVE-2025-39866, CVE-2025-39891, CVE-2025-39894, CVE-2025-39902,
CVE-2025-39920, CVE-2025-40300

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-fips/5.15.0-1101.110+fips1

[USN-7909-3] Linux kernel (FIPS) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7909-3
December 04, 2025

linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with FIPS

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- ATM drivers;
- DRBD Distributed Replicated Block Device drivers;
- Bus devices;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- Device frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- ARM SCMI message protocol;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I2C subsystem;
- I3C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device core drivers;
- IOMMU subsystem;
- Media drivers;
- Network drivers;
- Mellanox network drivers;
- PCI subsystem;
- PCCARD (PCMCIA/CardBus) bus subsystem;
- PHY drivers;
- Power supply drivers;
- Voltage and Current Regulator drivers;
- SCSI subsystem;
- ASPEED SoC drivers;
- QCOM SoC drivers;
- small TFT LCD display modules;
- Trusted Execution Environment drivers;
- TTY drivers;
- UFS subsystem;
- USB core drivers;
- DesignWare USB3 driver;
- USB Gadget drivers;
- Framebuffer layer;
- BTRFS file system;
- File systems infrastructure;
- EFI Variable file system;
- Ext4 file system;
- F2FS file system;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- Asynchronous Transfer Mode (ATM) subsystem;
- BPF subsystem;
- NFS page cache wrapper;
- Memory management;
- Networking subsytem;
- UDP network protocol;
- Perf events;
- RCU subsystem;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Appletalk network protocol;
- Amateur Radio drivers;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- HSR network protocol;
- IPv4 networking;
- IPv6 networking;
- Multipath TCP;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- Wireless networking;
- SoC audio core drivers;
- USB sound devices;
(CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074,
CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968,
CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335,
CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473,
CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480,
CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487,
CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497,
CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528,
CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538,
CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553,
CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569,
CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577,
CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583,
CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608,
CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622,
CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634,
CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650,
CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666,
CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676,
CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681,
CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687,
CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695,
CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699,
CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707,
CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713,
CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721,
CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732,
CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681,
CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686,
CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693,
CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709,
CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724,
CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737,
CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749,
CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760,
CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776,
CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788,
CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798,
CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812,
CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824,
CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841,
CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847,
CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864,
CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894,
CVE-2025-39902, CVE-2025-39920)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1097-aws-fips 5.15.0-1097.104+fips1
Available with Ubuntu Pro
linux-image-5.15.0-1097-gcp-fips 5.15.0-1097.106+fips1
Available with Ubuntu Pro
linux-image-5.15.0-163-fips 5.15.0-163.173+fips1
Available with Ubuntu Pro
linux-image-aws-fips 5.15.0.1097.93
Available with Ubuntu Pro
linux-image-aws-fips-5.15 5.15.0.1097.93
Available with Ubuntu Pro
linux-image-fips 5.15.0.163.94
Available with Ubuntu Pro
linux-image-fips-5.15 5.15.0.163.94
Available with Ubuntu Pro
linux-image-gcp-fips 5.15.0.1097.87
Available with Ubuntu Pro
linux-image-gcp-fips-5.15 5.15.0.1097.87
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7909-3
https://ubuntu.com/security/notices/USN-7909-2
https://ubuntu.com/security/notices/USN-7909-1
CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074,
CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968,
CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335,
CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473,
CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480,
CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487,
CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497,
CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528,
CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538,
CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553,
CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569,
CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577,
CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583,
CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608,
CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622,
CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634,
CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650,
CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666,
CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676,
CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681,
CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687,
CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695,
CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699,
CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707,
CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713,
CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721,
CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732,
CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681,
CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686,
CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693,
CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709,
CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724,
CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737,
CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749,
CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760,
CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776,
CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788,
CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798,
CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812,
CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824,
CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841,
CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847,
CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864,
CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894,
CVE-2025-39902, CVE-2025-39920

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/5.15.0-1097.104+fips1
https://launchpad.net/ubuntu/+source/linux-fips/5.15.0-163.173+fips1
https://launchpad.net/ubuntu/+source/linux-gcp-fips/5.15.0-1097.106+fips1

[USN-7909-2] Linux kernel (Real-time) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7909-2
December 04, 2025

linux-intel-iot-realtime, linux-realtime vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-intel-iot-realtime: Linux kernel for Intel IoT Real-time platforms
- linux-realtime: Linux kernel for Real-time systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- ATM drivers;
- DRBD Distributed Replicated Block Device drivers;
- Bus devices;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- Device frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- ARM SCMI message protocol;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I2C subsystem;
- I3C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device core drivers;
- IOMMU subsystem;
- Media drivers;
- Network drivers;
- Mellanox network drivers;
- PCI subsystem;
- PCCARD (PCMCIA/CardBus) bus subsystem;
- PHY drivers;
- Power supply drivers;
- Voltage and Current Regulator drivers;
- SCSI subsystem;
- ASPEED SoC drivers;
- QCOM SoC drivers;
- small TFT LCD display modules;
- Trusted Execution Environment drivers;
- TTY drivers;
- UFS subsystem;
- USB core drivers;
- DesignWare USB3 driver;
- USB Gadget drivers;
- Framebuffer layer;
- BTRFS file system;
- File systems infrastructure;
- EFI Variable file system;
- Ext4 file system;
- F2FS file system;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- Asynchronous Transfer Mode (ATM) subsystem;
- BPF subsystem;
- NFS page cache wrapper;
- Memory management;
- Networking subsytem;
- UDP network protocol;
- Perf events;
- RCU subsystem;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Appletalk network protocol;
- Amateur Radio drivers;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- HSR network protocol;
- IPv4 networking;
- IPv6 networking;
- Multipath TCP;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- Wireless networking;
- SoC audio core drivers;
- USB sound devices;
(CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074,
CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968,
CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335,
CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473,
CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480,
CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487,
CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497,
CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528,
CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538,
CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553,
CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569,
CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577,
CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583,
CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608,
CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622,
CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634,
CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650,
CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666,
CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676,
CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681,
CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687,
CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695,
CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699,
CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707,
CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713,
CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721,
CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732,
CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681,
CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686,
CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693,
CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709,
CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724,
CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737,
CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749,
CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760,
CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776,
CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788,
CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798,
CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812,
CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824,
CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841,
CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847,
CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864,
CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894,
CVE-2025-39902, CVE-2025-39920)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1089-intel-iot-realtime 5.15.0-1089.91
Available with Ubuntu Pro
linux-image-5.15.0-1096-realtime 5.15.0-1096.105
Available with Ubuntu Pro
linux-image-intel-iot-realtime 5.15.0.1089.93
Available with Ubuntu Pro
linux-image-intel-iot-realtime-5.15 5.15.0.1089.93
Available with Ubuntu Pro
linux-image-realtime 5.15.0.1096.100
Available with Ubuntu Pro
linux-image-realtime-5.15 5.15.0.1096.100
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7909-2
https://ubuntu.com/security/notices/USN-7909-1
CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074,
CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968,
CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335,
CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473,
CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480,
CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487,
CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497,
CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528,
CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538,
CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553,
CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569,
CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577,
CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583,
CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608,
CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622,
CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634,
CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650,
CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666,
CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676,
CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681,
CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687,
CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695,
CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699,
CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707,
CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713,
CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721,
CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732,
CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681,
CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686,
CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693,
CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709,
CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724,
CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737,
CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749,
CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760,
CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776,
CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788,
CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798,
CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812,
CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824,
CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841,
CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847,
CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864,
CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894,
CVE-2025-39902, CVE-2025-39920

Package Information:
https://launchpad.net/ubuntu/+source/linux-intel-iot-realtime/5.15.0-1089.91
https://launchpad.net/ubuntu/+source/linux-realtime/5.15.0-1096.105

[USN-7889-4] Linux kernel vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7889-4
December 04, 2025

linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- Network drivers;
- Netfilter;
- TLS protocol;
(CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1027-gkeop 6.8.0-1027.30
linux-image-6.8.0-1040-gke 6.8.0-1040.45
linux-image-6.8.0-1040-gke-64k 6.8.0-1040.45
linux-image-6.8.0-1044-gcp 6.8.0-1044.47
linux-image-6.8.0-1044-gcp-64k 6.8.0-1044.47
linux-image-gcp-6.8 6.8.0-1044.47
linux-image-gcp-64k-6.8 6.8.0-1044.47
linux-image-gcp-64k-lts-24.04 6.8.0-1044.47
linux-image-gcp-lts-24.04 6.8.0-1044.47
linux-image-gke 6.8.0-1040.45
linux-image-gke-6.8 6.8.0-1040.45
linux-image-gke-64k 6.8.0-1040.45
linux-image-gke-64k-6.8 6.8.0-1040.45
linux-image-gkeop 6.8.0-1027.30
linux-image-gkeop-6.8 6.8.0-1027.30

Ubuntu 22.04 LTS
linux-image-6.8.0-1044-gcp 6.8.0-1044.47~22.04.1
linux-image-6.8.0-1044-gcp-64k 6.8.0-1044.47~22.04.1
linux-image-gcp 6.8.0-1044.47~22.04.1
linux-image-gcp-6.8 6.8.0-1044.47~22.04.1
linux-image-gcp-64k 6.8.0-1044.47~22.04.1
linux-image-gcp-64k-6.8 6.8.0-1044.47~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7889-4
https://ubuntu.com/security/notices/USN-7889-3
https://ubuntu.com/security/notices/USN-7889-2
https://ubuntu.com/security/notices/USN-7889-1
CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678

Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1044.47
https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1040.45
https://launchpad.net/ubuntu/+source/linux-gkeop/6.8.0-1027.30
https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1044.47~22.04.1

[USN-7879-4] Linux kernel vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7879-4
December 04, 2025

linux-gcp-6.14, linux-raspi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-gcp-6.14: Linux kernel for Google Cloud Platform (GCP) systems

Details:

It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- S390 architecture;
- x86 architecture;
- Network block device driver;
- Character device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- Device frequency scaling framework;
- DMA engine subsystem;
- EDAC drivers;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I2C subsystem;
- IIO subsystem;
- IIO ADC drivers;
- InfiniBand drivers;
- Input Device core drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- Mellanox network drivers;
- PCI subsystem;
- PHY drivers;
- Pin controllers subsystem;
- x86 platform drivers;
- Power supply drivers;
- Powercap sysfs driver;
- Voltage and Current Regulator drivers;
- S/390 drivers;
- ASPEED SoC drivers;
- SPI subsystem;
- small TFT LCD display modules;
- Media staging drivers;
- USB Gadget drivers;
- vDPA drivers;
- VFIO drivers;
- Framebuffer layer;
- Xen hypervisor drivers;
- BTRFS file system;
- Ceph distributed file system;
- EFI Variable file system;
- File systems infrastructure;
- F2FS file system;
- GFS2 file system;
- Network file systems library;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- NTFS3 file system;
- Proc file system;
- SMB network file system;
- DRM display driver;
- io_uring subsystem;
- Internal shared memory driver;
- padata parallel execution mechanism;
- Networking subsytem;
- Bluetooth subsystem;
- Netfilter;
- UDP network protocol;
- Tracing infrastructure;
- BPF subsystem;
- Perf events;
- Padata parallel execution mechanism;
- Codetag library;
- KASAN memory debugging framework;
- Memory management;
- 802.1Q VLAN protocol;
- Appletalk network protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Multipath TCP;
- Netlink;
- RxRPC session sockets;
- Network traffic control;
- SMC sockets;
- Sun RPC protocol;
- TIPC protocol;
- TLS protocol;
- VMware vSockets driver;
- Wireless networking;
- XFRM subsystem;
- ADI SoundPort AD1816A based soundcard drivers;
- MediaTek ASoC drivers;
- SOF drivers;
- USB sound devices;
- KVM subsystem;
(CVE-2025-38335, CVE-2025-38349, CVE-2025-38351, CVE-2025-38437,
CVE-2025-38438, CVE-2025-38439, CVE-2025-38440, CVE-2025-38441,
CVE-2025-38443, CVE-2025-38444, CVE-2025-38445, CVE-2025-38446,
CVE-2025-38448, CVE-2025-38449, CVE-2025-38450, CVE-2025-38451,
CVE-2025-38452, CVE-2025-38453, CVE-2025-38454, CVE-2025-38455,
CVE-2025-38456, CVE-2025-38457, CVE-2025-38458, CVE-2025-38459,
CVE-2025-38460, CVE-2025-38461, CVE-2025-38462, CVE-2025-38463,
CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467,
CVE-2025-38468, CVE-2025-38469, CVE-2025-38470, CVE-2025-38471,
CVE-2025-38472, CVE-2025-38473, CVE-2025-38474, CVE-2025-38475,
CVE-2025-38476, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481,
CVE-2025-38482, CVE-2025-38483, CVE-2025-38484, CVE-2025-38485,
CVE-2025-38487, CVE-2025-38488, CVE-2025-38489, CVE-2025-38490,
CVE-2025-38491, CVE-2025-38492, CVE-2025-38493, CVE-2025-38494,
CVE-2025-38495, CVE-2025-38496, CVE-2025-38497, CVE-2025-38501,
CVE-2025-38503, CVE-2025-38505, CVE-2025-38506, CVE-2025-38507,
CVE-2025-38508, CVE-2025-38509, CVE-2025-38510, CVE-2025-38511,
CVE-2025-38512, CVE-2025-38513, CVE-2025-38514, CVE-2025-38515,
CVE-2025-38516, CVE-2025-38517, CVE-2025-38520, CVE-2025-38521,
CVE-2025-38524, CVE-2025-38525, CVE-2025-38526, CVE-2025-38527,
CVE-2025-38528, CVE-2025-38529, CVE-2025-38530, CVE-2025-38531,
CVE-2025-38532, CVE-2025-38533, CVE-2025-38534, CVE-2025-38535,
CVE-2025-38537, CVE-2025-38538, CVE-2025-38539, CVE-2025-38540,
CVE-2025-38542, CVE-2025-38543, CVE-2025-38544, CVE-2025-38545,
CVE-2025-38546, CVE-2025-38547, CVE-2025-38548, CVE-2025-38549,
CVE-2025-38550, CVE-2025-38551, CVE-2025-38552, CVE-2025-38553,
CVE-2025-38555, CVE-2025-38556, CVE-2025-38557, CVE-2025-38558,
CVE-2025-38559, CVE-2025-38560, CVE-2025-38561, CVE-2025-38562,
CVE-2025-38563, CVE-2025-38565, CVE-2025-38566, CVE-2025-38567,
CVE-2025-38568, CVE-2025-38569, CVE-2025-38570, CVE-2025-38571,
CVE-2025-38572, CVE-2025-38573, CVE-2025-38574, CVE-2025-38576,
CVE-2025-38577, CVE-2025-38578, CVE-2025-38579, CVE-2025-38581,
CVE-2025-38582, CVE-2025-38583, CVE-2025-38584, CVE-2025-38585,
CVE-2025-38586, CVE-2025-38587, CVE-2025-38588, CVE-2025-38589,
CVE-2025-38590, CVE-2025-38593, CVE-2025-38595, CVE-2025-38601,
CVE-2025-38602, CVE-2025-38604, CVE-2025-38605, CVE-2025-38606,
CVE-2025-38608, CVE-2025-38609, CVE-2025-38610, CVE-2025-38612,
CVE-2025-38615, CVE-2025-38616, CVE-2025-38619, CVE-2025-38622,
CVE-2025-38623, CVE-2025-38624, CVE-2025-38625, CVE-2025-38626,
CVE-2025-38628, CVE-2025-38629, CVE-2025-38630, CVE-2025-38631,
CVE-2025-38632, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639,
CVE-2025-38640, CVE-2025-38642, CVE-2025-38643, CVE-2025-38644,
CVE-2025-38645, CVE-2025-38646, CVE-2025-38648, CVE-2025-38649,
CVE-2025-38650, CVE-2025-38652, CVE-2025-38653, CVE-2025-38654,
CVE-2025-38655, CVE-2025-38659, CVE-2025-38660, CVE-2025-38662,
CVE-2025-38663, CVE-2025-38664, CVE-2025-38665, CVE-2025-38666,
CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38675,
CVE-2025-38678, CVE-2025-39725, CVE-2025-39726, CVE-2025-39727,
CVE-2025-39730, CVE-2025-39731, CVE-2025-39732, CVE-2025-39734,
CVE-2025-39809, CVE-2025-39818, CVE-2025-40157)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
linux-image-6.14.0-1018-raspi 6.14.0-1018.18
linux-image-raspi 6.14.0-1018.18
linux-image-raspi-6.14 6.14.0-1018.18

Ubuntu 24.04 LTS
linux-image-6.14.0-1020-gcp 6.14.0-1020.21~24.04.1
linux-image-6.14.0-1020-gcp-64k 6.14.0-1020.21~24.04.1
linux-image-gcp 6.14.0-1020.21~24.04.1
linux-image-gcp-6.14 6.14.0-1020.21~24.04.1
linux-image-gcp-64k 6.14.0-1020.21~24.04.1
linux-image-gcp-64k-6.14 6.14.0-1020.21~24.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7879-4
https://ubuntu.com/security/notices/USN-7879-3
https://ubuntu.com/security/notices/USN-7879-2
https://ubuntu.com/security/notices/USN-7879-1
CVE-2024-36331, CVE-2025-38335, CVE-2025-38349, CVE-2025-38351,
CVE-2025-38437, CVE-2025-38438, CVE-2025-38439, CVE-2025-38440,
CVE-2025-38441, CVE-2025-38443, CVE-2025-38444, CVE-2025-38445,
CVE-2025-38446, CVE-2025-38448, CVE-2025-38449, CVE-2025-38450,
CVE-2025-38451, CVE-2025-38452, CVE-2025-38453, CVE-2025-38454,
CVE-2025-38455, CVE-2025-38456, CVE-2025-38457, CVE-2025-38458,
CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462,
CVE-2025-38463, CVE-2025-38464, CVE-2025-38465, CVE-2025-38466,
CVE-2025-38467, CVE-2025-38468, CVE-2025-38469, CVE-2025-38470,
CVE-2025-38471, CVE-2025-38472, CVE-2025-38473, CVE-2025-38474,
CVE-2025-38475, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480,
CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38484,
CVE-2025-38485, CVE-2025-38487, CVE-2025-38488, CVE-2025-38489,
CVE-2025-38490, CVE-2025-38491, CVE-2025-38492, CVE-2025-38493,
CVE-2025-38494, CVE-2025-38495, CVE-2025-38496, CVE-2025-38497,
CVE-2025-38501, CVE-2025-38503, CVE-2025-38505, CVE-2025-38506,
CVE-2025-38507, CVE-2025-38508, CVE-2025-38509, CVE-2025-38510,
CVE-2025-38511, CVE-2025-38512, CVE-2025-38513, CVE-2025-38514,
CVE-2025-38515, CVE-2025-38516, CVE-2025-38517, CVE-2025-38520,
CVE-2025-38521, CVE-2025-38524, CVE-2025-38525, CVE-2025-38526,
CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530,
CVE-2025-38531, CVE-2025-38532, CVE-2025-38533, CVE-2025-38534,
CVE-2025-38535, CVE-2025-38537, CVE-2025-38538, CVE-2025-38539,
CVE-2025-38540, CVE-2025-38542, CVE-2025-38543, CVE-2025-38544,
CVE-2025-38545, CVE-2025-38546, CVE-2025-38547, CVE-2025-38548,
CVE-2025-38549, CVE-2025-38550, CVE-2025-38551, CVE-2025-38552,
CVE-2025-38553, CVE-2025-38555, CVE-2025-38556, CVE-2025-38557,
CVE-2025-38558, CVE-2025-38559, CVE-2025-38560, CVE-2025-38561,
CVE-2025-38562, CVE-2025-38563, CVE-2025-38565, CVE-2025-38566,
CVE-2025-38567, CVE-2025-38568, CVE-2025-38569, CVE-2025-38570,
CVE-2025-38571, CVE-2025-38572, CVE-2025-38573, CVE-2025-38574,
CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579,
CVE-2025-38581, CVE-2025-38582, CVE-2025-38583, CVE-2025-38584,
CVE-2025-38585, CVE-2025-38586, CVE-2025-38587, CVE-2025-38588,
CVE-2025-38589, CVE-2025-38590, CVE-2025-38593, CVE-2025-38595,
CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38605,
CVE-2025-38606, CVE-2025-38608, CVE-2025-38609, CVE-2025-38610,
CVE-2025-38612, CVE-2025-38615, CVE-2025-38616, CVE-2025-38619,
CVE-2025-38622, CVE-2025-38623, CVE-2025-38624, CVE-2025-38625,
CVE-2025-38626, CVE-2025-38628, CVE-2025-38629, CVE-2025-38630,
CVE-2025-38631, CVE-2025-38632, CVE-2025-38634, CVE-2025-38635,
CVE-2025-38639, CVE-2025-38640, CVE-2025-38642, CVE-2025-38643,
CVE-2025-38644, CVE-2025-38645, CVE-2025-38646, CVE-2025-38648,
CVE-2025-38649, CVE-2025-38650, CVE-2025-38652, CVE-2025-38653,
CVE-2025-38654, CVE-2025-38655, CVE-2025-38659, CVE-2025-38660,
CVE-2025-38662, CVE-2025-38663, CVE-2025-38664, CVE-2025-38665,
CVE-2025-38666, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671,
CVE-2025-38675, CVE-2025-38678, CVE-2025-39725, CVE-2025-39726,
CVE-2025-39727, CVE-2025-39730, CVE-2025-39731, CVE-2025-39732,
CVE-2025-39734, CVE-2025-39809, CVE-2025-39818, CVE-2025-40157

Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/6.14.0-1018.18
https://launchpad.net/ubuntu/+source/linux-gcp-6.14/6.14.0-1020.21~24.04.1

[USN-7909-1] Linux kernel vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7909-1
December 04, 2025

linux, linux-aws, linux-aws-5.15, linux-gcp-5.15, linux-hwe-5.15,
linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15,
linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia,
linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx,
linux-oracle, linux-oracle-5.15, linux-xilinx-zynqmp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-intel-iotg: Linux kernel for Intel IoT platforms
- linux-lowlatency: Linux low latency kernel
- linux-nvidia: Linux kernel for NVIDIA systems
- linux-nvidia-tegra: Linux kernel for NVIDIA Tegra systems
- linux-nvidia-tegra-igx: Linux kernel for NVIDIA Tegra IGX systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.15: Linux hardware enablement (HWE) kernel
- linux-ibm-5.15: Linux kernel for IBM cloud systems
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms
- linux-lowlatency-hwe-5.15: Linux low latency kernel
- linux-nvidia-tegra-5.15: Linux kernel for NVIDIA Tegra systems
- linux-oracle-5.15: Linux kernel for Oracle Cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- ATM drivers;
- DRBD Distributed Replicated Block Device drivers;
- Bus devices;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- Device frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- ARM SCMI message protocol;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I2C subsystem;
- I3C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device core drivers;
- IOMMU subsystem;
- Media drivers;
- Network drivers;
- Mellanox network drivers;
- PCI subsystem;
- PCCARD (PCMCIA/CardBus) bus subsystem;
- PHY drivers;
- Power supply drivers;
- Voltage and Current Regulator drivers;
- SCSI subsystem;
- ASPEED SoC drivers;
- QCOM SoC drivers;
- small TFT LCD display modules;
- Trusted Execution Environment drivers;
- TTY drivers;
- UFS subsystem;
- USB core drivers;
- DesignWare USB3 driver;
- USB Gadget drivers;
- Framebuffer layer;
- BTRFS file system;
- File systems infrastructure;
- EFI Variable file system;
- Ext4 file system;
- F2FS file system;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- Asynchronous Transfer Mode (ATM) subsystem;
- BPF subsystem;
- NFS page cache wrapper;
- Memory management;
- Networking subsytem;
- UDP network protocol;
- Perf events;
- RCU subsystem;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Appletalk network protocol;
- Amateur Radio drivers;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- HSR network protocol;
- IPv4 networking;
- IPv6 networking;
- Multipath TCP;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- Wireless networking;
- SoC audio core drivers;
- USB sound devices;
(CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074,
CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968,
CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335,
CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473,
CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480,
CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487,
CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497,
CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528,
CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538,
CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553,
CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569,
CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577,
CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583,
CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608,
CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622,
CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634,
CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650,
CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666,
CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676,
CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681,
CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687,
CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695,
CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699,
CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707,
CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713,
CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721,
CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732,
CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681,
CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686,
CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693,
CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709,
CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724,
CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737,
CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749,
CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760,
CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776,
CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788,
CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798,
CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812,
CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824,
CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841,
CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847,
CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864,
CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894,
CVE-2025-39902, CVE-2025-39920)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1038-nvidia-tegra-igx 5.15.0-1038.38
linux-image-5.15.0-1038-nvidia-tegra-igx-rt 5.15.0-1038.38
linux-image-5.15.0-1049-nvidia-tegra 5.15.0-1049.49
linux-image-5.15.0-1049-nvidia-tegra-rt 5.15.0-1049.49
linux-image-5.15.0-1061-xilinx-zynqmp 5.15.0-1061.65
linux-image-5.15.0-1091-ibm 5.15.0-1091.94
linux-image-5.15.0-1092-intel-iotg 5.15.0-1092.98
linux-image-5.15.0-1092-nvidia 5.15.0-1092.93
linux-image-5.15.0-1092-nvidia-lowlatency 5.15.0-1092.93
linux-image-5.15.0-1094-oracle 5.15.0-1094.100
linux-image-5.15.0-1097-aws 5.15.0-1097.104
linux-image-5.15.0-1097-aws-64k 5.15.0-1097.104
linux-image-5.15.0-163-generic 5.15.0-163.173
linux-image-5.15.0-163-generic-64k 5.15.0-163.173
linux-image-5.15.0-163-generic-lpae 5.15.0-163.173
linux-image-5.15.0-163-lowlatency 5.15.0-163.173
linux-image-5.15.0-163-lowlatency-64k 5.15.0-163.173
linux-image-aws-5.15 5.15.0.1097.100
linux-image-aws-64k-5.15 5.15.0.1097.100
linux-image-aws-64k-lts-22.04 5.15.0.1097.100
linux-image-aws-lts-22.04 5.15.0.1097.100
linux-image-generic 5.15.0.163.158
linux-image-generic-5.15 5.15.0.163.158
linux-image-generic-64k 5.15.0.163.158
linux-image-generic-64k-5.15 5.15.0.163.158
linux-image-generic-lpae 5.15.0.163.158
linux-image-generic-lpae-5.15 5.15.0.163.158
linux-image-ibm 5.15.0.1091.87
linux-image-ibm-5.15 5.15.0.1091.87
linux-image-intel-iotg 5.15.0.1092.92
linux-image-intel-iotg-5.15 5.15.0.1092.92
linux-image-lowlatency 5.15.0.163.140
linux-image-lowlatency-5.15 5.15.0.163.140
linux-image-lowlatency-64k 5.15.0.163.140
linux-image-lowlatency-64k-5.15 5.15.0.163.140
linux-image-nvidia 5.15.0.1092.92
linux-image-nvidia-5.15 5.15.0.1092.92
linux-image-nvidia-lowlatency 5.15.0.1092.92
linux-image-nvidia-lowlatency-5.15 5.15.0.1092.92
linux-image-nvidia-tegra 5.15.0.1049.49
linux-image-nvidia-tegra-5.15 5.15.0.1049.49
linux-image-nvidia-tegra-igx 5.15.0.1038.40
linux-image-nvidia-tegra-igx-5.15 5.15.0.1038.40
linux-image-nvidia-tegra-igx-rt 5.15.0.1038.40
linux-image-nvidia-tegra-igx-rt-5.15 5.15.0.1038.40
linux-image-nvidia-tegra-rt 5.15.0.1049.49
linux-image-nvidia-tegra-rt-5.15 5.15.0.1049.49
linux-image-oracle-5.15 5.15.0.1094.90
linux-image-oracle-lts-22.04 5.15.0.1094.90
linux-image-virtual 5.15.0.163.158
linux-image-virtual-5.15 5.15.0.163.158
linux-image-xilinx-zynqmp 5.15.0.1061.64
linux-image-xilinx-zynqmp-5.15 5.15.0.1061.64

Ubuntu 20.04 LTS
linux-image-5.15.0-1049-nvidia-tegra 5.15.0-1049.49~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1049-nvidia-tegra-rt 5.15.0-1049.49~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1091-ibm 5.15.0-1091.94~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1092-intel-iotg 5.15.0-1092.98~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1094-oracle 5.15.0-1094.100~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1097-aws 5.15.0-1097.104~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1097-gcp 5.15.0-1097.106~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-163-generic 5.15.0-163.173~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-163-generic-64k 5.15.0-163.173~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-163-generic-lpae 5.15.0-163.173~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-163-lowlatency 5.15.0-163.173~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-163-lowlatency-64k 5.15.0-163.173~20.04.1
Available with Ubuntu Pro
linux-image-aws 5.15.0.1097.104~20.04.1
Available with Ubuntu Pro
linux-image-aws-5.15 5.15.0.1097.104~20.04.1
Available with Ubuntu Pro
linux-image-gcp 5.15.0.1097.106~20.04.1
Available with Ubuntu Pro
linux-image-gcp-5.15 5.15.0.1097.106~20.04.1
Available with Ubuntu Pro
linux-image-generic-5.15 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-generic-64k-5.15 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-generic-64k-hwe-20.04 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-20.04 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-generic-lpae-5.15 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-generic-lpae-hwe-20.04 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-ibm 5.15.0.1091.94~20.04.1
Available with Ubuntu Pro
linux-image-ibm-5.15 5.15.0.1091.94~20.04.1
Available with Ubuntu Pro
linux-image-intel 5.15.0.1092.98~20.04.1
Available with Ubuntu Pro
linux-image-intel-iotg 5.15.0.1092.98~20.04.1
Available with Ubuntu Pro
linux-image-intel-iotg-5.15 5.15.0.1092.98~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-5.15 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-64k-5.15 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-64k-hwe-20.04 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-20.04 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra 5.15.0.1049.49~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra-5.15 5.15.0.1049.49~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra-rt 5.15.0.1049.49~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra-rt-5.15 5.15.0.1049.49~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04b 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04c 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-oem-20.04d 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-oracle 5.15.0.1094.100~20.04.1
Available with Ubuntu Pro
linux-image-oracle-5.15 5.15.0.1094.100~20.04.1
Available with Ubuntu Pro
linux-image-virtual-5.15 5.15.0.163.173~20.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-20.04 5.15.0.163.173~20.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7909-1
CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074,
CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968,
CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335,
CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473,
CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480,
CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487,
CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497,
CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528,
CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538,
CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553,
CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569,
CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577,
CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583,
CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608,
CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622,
CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634,
CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650,
CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666,
CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676,
CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681,
CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687,
CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695,
CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699,
CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707,
CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713,
CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721,
CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732,
CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681,
CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686,
CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693,
CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709,
CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724,
CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737,
CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749,
CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760,
CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776,
CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788,
CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798,
CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812,
CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824,
CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841,
CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847,
CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864,
CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894,
CVE-2025-39902, CVE-2025-39920

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.15.0-163.173
https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1097.104
https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1091.94
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1092.98
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-163.173
https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1092.93
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra/5.15.0-1049.49
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra-igx/5.15.0-1038.38
https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1094.100
https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.15.0-1061.65

[USN-7912-2] CUPS vulnerability

==========================================================================
Ubuntu Security Notice USN-7912-2
December 04, 2025

cups vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

CUPS could be made to stop responding if it received specially crafted
network traffic.

Software Description:
- cups: Common UNIX Printing System(tm)

Details:

USN-7912-1 fixed vulnerabilities in CUPS. This update provides the
corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu
20.04 LTS.

Original advisory details:

Johannes Meixner and Paul Zirnik discovered that CUPS incorrectly handled
clients that send messages slowly. A remote attacker could possibly use
this issue to cause CUPS to stop responding, resulting in a denial of
service. (CVE-2025-58436)

In addition, this update fixes a regression introduced in USN-7897-1 which
resulted in certain invalid configuration file directives to cause the
CUPS daemon to fail to start.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
cups 2.3.1-9ubuntu1.9+esm4
Available with Ubuntu Pro
cups-daemon 2.3.1-9ubuntu1.9+esm4
Available with Ubuntu Pro

Ubuntu 18.04 LTS
cups 2.2.7-1ubuntu2.10+esm10
Available with Ubuntu Pro
cups-daemon 2.2.7-1ubuntu2.10+esm10
Available with Ubuntu Pro

Ubuntu 16.04 LTS
cups 2.1.3-4ubuntu0.11+esm12
Available with Ubuntu Pro
cups-daemon 2.1.3-4ubuntu0.11+esm12
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7912-2
https://ubuntu.com/security/notices/USN-7912-1
CVE-2025-58436, https://launchpad.net/bugs/2133207

[USN-7913-1] MAME vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7913-1
December 04, 2025

mame vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in MAME.

Software Description:
- mame: MAME is a multi-purpose emulation framework

Details:

It was discovered that the stb library, included in MAME, had a heap-based
buffer overflow. An attacker could possibly use this issue to crash the
program or execute arbitrary code. (CVE-2018-16981)

It was discovered that the tinyexr library, included in MAME, had a heap-
based buffer over-read in the function DecodePixelData. An attacker could
possibly use this issue to expose sensitive information or crash the
program. (CVE-2022-34300)

It was discovered that the expat library, included in MAME, had an
integer-overflow in the function doProlog. An attacker could possibly use
this issue to crash the program or execute arbitrary code.
(CVE-2021-46143)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
mame 0.277+dfsg.1-4ubuntu0.1
mame-data 0.277+dfsg.1-4ubuntu0.1
mame-tools 0.277+dfsg.1-4ubuntu0.1

Ubuntu 25.04
mame 0.275+dfsg.1-3ubuntu0.1
mame-data 0.275+dfsg.1-3ubuntu0.1
mame-tools 0.275+dfsg.1-3ubuntu0.1

Ubuntu 24.04 LTS
mame 0.264+dfsg.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
mame-data 0.264+dfsg.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
mame-tools 0.264+dfsg.1-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
mame 0.242+dfsg.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
mame-data 0.242+dfsg.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
mame-tools 0.242+dfsg.1-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
mame 0.220+dfsg.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
mame-data 0.220+dfsg.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
mame-tools 0.220+dfsg.1-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
mame 0.195+dfsg.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
mame-data 0.195+dfsg.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
mame-tools 0.195+dfsg.1-2ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7913-1
CVE-2018-16981, CVE-2021-46143, CVE-2022-34300

Package Information:
https://launchpad.net/ubuntu/+source/mame/0.277+dfsg.1-4ubuntu0.1
https://launchpad.net/ubuntu/+source/mame/0.275+dfsg.1-3ubuntu0.1

[USN-7874-3] Linux kernel (IoT) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7874-3
December 04, 2025

linux-iot vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-iot: Linux kernel for IoT platforms

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HSI subsystem;
- I3C subsystem;
- SMB network file system;
- Padata parallel execution mechanism;
- Timer subsystem;
- Networking core;
(CVE-2023-52854, CVE-2024-35867, CVE-2024-50061, CVE-2024-56664,
CVE-2025-21727, CVE-2025-37838, CVE-2025-38352)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1056-iot 5.4.0-1056.59
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7874-3
https://ubuntu.com/security/notices/USN-7874-2
https://ubuntu.com/security/notices/USN-7874-1
CVE-2023-52854, CVE-2024-35867, CVE-2024-50061, CVE-2024-56664,
CVE-2025-21727, CVE-2025-37838, CVE-2025-38352, CVE-2025-40300

[USN-7912-1] CUPS vulnerability

==========================================================================
Ubuntu Security Notice USN-7912-1
December 04, 2025

cups vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

CUPS could be made to stop responding if it received specially crafted
network traffic.

Software Description:
- cups: Common UNIX Printing System(tm)

Details:

Johannes Meixner and Paul Zirnik discovered that CUPS incorrectly handled
clients that send messages slowly. A remote attacker could possibly use
this issue to cause CUPS to stop responding, resulting in a denial of
service. (CVE-2025-58436)

In addition, this update fixes a regression introduced in USN-7897-1 which
resulted in certain invalid configuration file directives to cause the CUPS
daemon to fail to start.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
cups 2.4.12-0ubuntu3.5
cups-daemon 2.4.12-0ubuntu3.5

Ubuntu 25.04
cups 2.4.12-0ubuntu1.6
cups-daemon 2.4.12-0ubuntu1.6

Ubuntu 24.04 LTS
cups 2.4.7-1.2ubuntu7.9
cups-daemon 2.4.7-1.2ubuntu7.9

Ubuntu 22.04 LTS
cups 2.4.1op1-1ubuntu4.16
cups-daemon 2.4.1op1-1ubuntu4.16

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7912-1
CVE-2025-58436, https://launchpad.net/bugs/2133207

Package Information:
https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu3.5
https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu1.6
https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.9
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.16

Chromium, MozJS, ChromeDriver, Kernel, Python-Mistralclient updates for SUSE

Libhtp, Webkit2GTK, Chromium, Unbound updates for Debian

Kernel, CUPS, MAME updates for Ubuntu

[USN-7907-4] Linux kernel (GCP FIPS) vulnerabilities

[USN-7907-3] Linux kernel vulnerabilities

[USN-7911-1] Linux kernel vulnerabilities

[USN-7910-1] Linux kernel (Azure FIPS) vulnerabilities

[USN-7909-3] Linux kernel (FIPS) vulnerabilities

[USN-7909-2] Linux kernel (Real-time) vulnerabilities

[USN-7889-4] Linux kernel vulnerabilities

[USN-7879-4] Linux kernel vulnerabilities

[USN-7909-1] Linux kernel vulnerabilities

[USN-7912-2] CUPS vulnerability

[USN-7913-1] MAME vulnerabilities

[USN-7874-3] Linux kernel (IoT) vulnerabilities

[USN-7912-1] CUPS vulnerability

Windows

Linux

macOS

Community