Three Ubuntu Security Notices were issued: USN-7990-6 for Linux kernel (Raspberry Pi) vulnerabilities, USN-8062-2 for curl vulnerabilities, and USN-8068-1 for an Intel Microcode vulnerability. The notices affect various versions of Ubuntu, including Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and others. To address the vulnerabilities, users need to update their systems to specific package versions, which can be found in the security notices, and then reboot their computers. Additionally, third-party kernel modules may require recompilation and reinstalling after the updates.

[USN-7990-6] Linux kernel (Raspberry Pi) vulnerabilities
[USN-8062-2] curl vulnerabilities
[USN-8068-1] Intel Microcode vulnerability

[USN-7990-6] Linux kernel (Raspberry Pi) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7990-6
March 03, 2026

linux-raspi, linux-raspi-5.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Padata parallel execution mechanism;
- Netfilter;
(CVE-2022-49698, CVE-2025-21726, CVE-2025-40019)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1137-raspi 5.4.0-1137.150
Available with Ubuntu Pro
linux-image-raspi 5.4.0.1137.168
Available with Ubuntu Pro
linux-image-raspi-5.4 5.4.0.1137.168
Available with Ubuntu Pro
linux-image-raspi2 5.4.0.1137.168
Available with Ubuntu Pro

Ubuntu 18.04 LTS
linux-image-5.4.0-1137-raspi 5.4.0-1137.150~18.04.1
Available with Ubuntu Pro
linux-image-raspi-5.4 5.4.0.1137.150~18.04.1
Available with Ubuntu Pro
linux-image-raspi-hwe-18.04 5.4.0.1137.150~18.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7990-6
https://ubuntu.com/security/notices/USN-7990-5
https://ubuntu.com/security/notices/USN-7990-4
https://ubuntu.com/security/notices/USN-7990-3
https://ubuntu.com/security/notices/USN-7990-2
https://ubuntu.com/security/notices/USN-7990-1
CVE-2022-49698, CVE-2025-21726, CVE-2025-40019

[USN-8062-2] curl vulnerabilities

==========================================================================
Ubuntu Security Notice USN-8062-2
March 03, 2026

curl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in curl.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-8062-1 fixed vulnerabilities in curl. This update provides the
corresponding update for CVE-2025-14017, CVE-2025-15079, and CVE-2025-15224
for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04
LTS.

Original advisory details:

It was discovered that curl incorrectly handled cookies when redirected
from secure to insecure connections. An attacker could possibly use this
issue to cause a denial of service, or obtain sensitive information.
This issue only affected Ubuntu 25.10. (CVE-2025-9086)

Calvin Ruocco discovered that curl did not properly handle WebSocket
communications under certain circumstances. A malicious server could
possibly use this issue to poison proxy caches with malicious content.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-10148)

Stanislav Fort discovered that wcurl did not properly handle URLs with
certain encoded characters. If a user were tricked into processing
a specially crafted URL, an attacker could possibly use this issue to
write files outside the intended directory. This issue only affected
Ubuntu 25.10. (CVE-2025-11563)

Stanislav Fort discovered that curl did not properly validate pinned
public keys under certain circumstances. A remote attacker could
possibly use this issue to perform a machine-in-the-middle attack. This
issue only affected Ubuntu 25.10.(CVE-2025-13034)

Stanislav Fort discovered that curl did not properly manage TLS options
when performing LDAP over TLS transfers in multi-threaded environments.
Under certain circumstances, certificate verification could be
unintentionally and unknowingly disabled. (CVE-2025-14017)

It was discovered that curl incorrectly handled Oauth2 bearer tokens
when following redirects. A remote attacker could possibly use this
issue to obtain authentication credentials. (CVE-2025-14524)

Stanislav Fort discovered that curl did not properly validate TLS
certificates when reusing connections. A remote attacker could possibly
use this issue to bypass expected certificate verification. This issue
only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-14819)

Harry Sintonen discovered that curl did not properly validate SSH host
keys when performing SSH-based file transfers. This issue could lead to
unintended bypass of custom known_hosts file. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15079)

Harry Sintonen discovered that curl built with libssh did not properly
handle authentication when performing SSH-based file transfers. This
could result in unintended authentication operations. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15224)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
curl 7.68.0-1ubuntu2.25+esm2
Available with Ubuntu Pro
libcurl4 7.68.0-1ubuntu2.25+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
curl 7.58.0-2ubuntu3.24+esm7
Available with Ubuntu Pro
libcurl4 7.58.0-2ubuntu3.24+esm7
Available with Ubuntu Pro

Ubuntu 16.04 LTS
curl 7.47.0-1ubuntu2.19+esm15
Available with Ubuntu Pro
libcurl3 7.47.0-1ubuntu2.19+esm15
Available with Ubuntu Pro

Ubuntu 14.04 LTS
curl 7.35.0-1ubuntu2.20+esm19
Available with Ubuntu Pro
libcurl3 7.35.0-1ubuntu2.20+esm19
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8062-2
https://ubuntu.com/security/notices/USN-8062-1
CVE-2025-14017, CVE-2025-15079, CVE-2025-15224

[USN-8068-1] Intel Microcode vulnerability

==========================================================================
Ubuntu Security Notice USN-8068-1
March 03, 2026

intel-microcode vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

The system could be made to run programs as an administrator.

Software Description:
- intel-microcode: Processor microcode for Intel CPUs

Details:

Sergiu Ghetie discovered that some Intel processors did not properly
handle values in the microcode flow. A local authenticated user could
potentially use this issue to escalate their privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
intel-microcode 3.20260210.0ubuntu0.25.10.1

Ubuntu 24.04 LTS
intel-microcode 3.20260210.0ubuntu0.24.04.1

Ubuntu 22.04 LTS
intel-microcode 3.20260210.0ubuntu0.22.04.1

Ubuntu 20.04 LTS
intel-microcode 3.20260210.0ubuntu0.20.04.1+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
intel-microcode 3.20260210.0ubuntu0.18.04.1+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
intel-microcode 3.20260210.0ubuntu0.16.04.1+esm1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8068-1
CVE-2025-31648

Package Information:
https://launchpad.net/ubuntu/+source/intel-microcode/3.20260210.0ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/intel-microcode/3.20260210.0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/intel-microcode/3.20260210.0ubuntu0.22.04.1