Ubuntu Security Notice USN-7754-2 reports vulnerabilities in the Linux kernel (FIPS) affecting Ubuntu 20.04 LTS, which have been fixed by updating to specific package versions. A similar security issue was reported in USN-7754-1 for multiple other versions of Ubuntu and their derivatives. Separately, USN-7753-1 announces a vulnerability in the xmltodict Python library, affecting various Ubuntu releases from 16.04 LTS to 25.04, which can be fixed by updating to specific package versions. Additionally, USN-7752-1 reports vulnerabilities in libyang affecting Ubuntu 24.04 LTS, which can also be addressed through a standard system update.

[USN-7754-2] Linux kernel (FIPS) vulnerabilities
[USN-7754-1] Linux kernel vulnerabilities
[USN-7753-1] xmltodict vulnerability
[USN-7752-1] libyang vulnerabilities

[USN-7754-2] Linux kernel (FIPS) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7754-2
September 17, 2025

linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network traffic control;
(CVE-2025-38350, CVE-2025-37752, CVE-2024-57996)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1124-fips 5.4.0-1124.134
Available with Ubuntu Pro
linux-image-5.4.0-1150-aws-fips 5.4.0-1150.160+fips1
Available with Ubuntu Pro
linux-image-5.4.0-1153-gcp-fips 5.4.0-1153.162+fips1
Available with Ubuntu Pro
linux-image-aws-fips 5.4.0.1150.97
Available with Ubuntu Pro
linux-image-aws-fips-5.4 5.4.0.1150.97
Available with Ubuntu Pro
linux-image-fips 5.4.0.1124.121
Available with Ubuntu Pro
linux-image-fips-5.4 5.4.0.1124.121
Available with Ubuntu Pro
linux-image-gcp-fips 5.4.0.1153.95
Available with Ubuntu Pro
linux-image-gcp-fips-5.4 5.4.0.1153.95
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7754-2
https://ubuntu.com/security/notices/USN-7754-1
CVE-2024-57996, CVE-2025-37752, CVE-2025-38350

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/5.4.0-1150.160+fips1
https://launchpad.net/ubuntu/+source/linux-fips/5.4.0-1124.134
https://launchpad.net/ubuntu/+source/linux-gcp-fips/5.4.0-1153.162+fips1

[USN-7754-1] Linux kernel vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7754-1
September 17, 2025

linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp,
linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot,
linux-kvm, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-iot: Linux kernel for IoT platforms
- linux-kvm: Linux kernel for cloud environments
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-ibm-5.4: Linux kernel for IBM cloud systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network traffic control;
(CVE-2025-38350, CVE-2025-37752, CVE-2024-57996)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1054-iot 5.4.0-1054.57
Available with Ubuntu Pro
linux-image-5.4.0-1068-xilinx-zynqmp 5.4.0-1068.72
Available with Ubuntu Pro
linux-image-5.4.0-1096-ibm 5.4.0-1096.101
Available with Ubuntu Pro
linux-image-5.4.0-1109-bluefield 5.4.0-1109.116
Available with Ubuntu Pro
linux-image-5.4.0-1133-raspi 5.4.0-1133.146
Available with Ubuntu Pro
linux-image-5.4.0-1137-kvm 5.4.0-1137.146
Available with Ubuntu Pro
linux-image-5.4.0-1150-aws 5.4.0-1150.160
Available with Ubuntu Pro
linux-image-5.4.0-1153-gcp 5.4.0-1153.162
Available with Ubuntu Pro
linux-image-5.4.0-221-generic 5.4.0-221.241
Available with Ubuntu Pro
linux-image-5.4.0-221-generic-lpae 5.4.0-221.241
Available with Ubuntu Pro
linux-image-5.4.0-221-lowlatency 5.4.0-221.241
Available with Ubuntu Pro
linux-image-aws-5.4 5.4.0.1150.147
Available with Ubuntu Pro
linux-image-aws-lts-20.04 5.4.0.1150.147
Available with Ubuntu Pro
linux-image-bluefield 5.4.0.1109.105
Available with Ubuntu Pro
linux-image-bluefield-5.4 5.4.0.1109.105
Available with Ubuntu Pro
linux-image-gcp-5.4 5.4.0.1153.155
Available with Ubuntu Pro
linux-image-gcp-lts-20.04 5.4.0.1153.155
Available with Ubuntu Pro
linux-image-generic 5.4.0.221.213
Available with Ubuntu Pro
linux-image-generic-5.4 5.4.0.221.213
Available with Ubuntu Pro
linux-image-generic-lpae 5.4.0.221.213
Available with Ubuntu Pro
linux-image-generic-lpae-5.4 5.4.0.221.213
Available with Ubuntu Pro
linux-image-ibm-5.4 5.4.0.1096.125
Available with Ubuntu Pro
linux-image-ibm-lts-20.04 5.4.0.1096.125
Available with Ubuntu Pro
linux-image-kvm 5.4.0.1137.133
Available with Ubuntu Pro
linux-image-kvm-5.4 5.4.0.1137.133
Available with Ubuntu Pro
linux-image-lowlatency 5.4.0.221.213
Available with Ubuntu Pro
linux-image-lowlatency-5.4 5.4.0.221.213
Available with Ubuntu Pro
linux-image-oem 5.4.0.221.213
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.221.213
Available with Ubuntu Pro
linux-image-raspi 5.4.0.1133.164
Available with Ubuntu Pro
linux-image-raspi-5.4 5.4.0.1133.164
Available with Ubuntu Pro
linux-image-raspi2 5.4.0.1133.164
Available with Ubuntu Pro
linux-image-virtual 5.4.0.221.213
Available with Ubuntu Pro
linux-image-virtual-5.4 5.4.0.221.213
Available with Ubuntu Pro
linux-image-xilinx-zynqmp 5.4.0.1068.68
Available with Ubuntu Pro
linux-image-xilinx-zynqmp-5.4 5.4.0.1068.68
Available with Ubuntu Pro

Ubuntu 18.04 LTS
linux-image-5.4.0-1096-ibm 5.4.0-1096.101~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1133-raspi 5.4.0-1133.146~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1150-aws 5.4.0-1150.160~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1153-gcp 5.4.0-1153.162~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-221-generic 5.4.0-221.241~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-221-lowlatency 5.4.0-221.241~18.04.1
Available with Ubuntu Pro
linux-image-aws 5.4.0.1150.160~18.04.1
Available with Ubuntu Pro
linux-image-aws-5.4 5.4.0.1150.160~18.04.1
Available with Ubuntu Pro
linux-image-gcp 5.4.0.1153.162~18.04.1
Available with Ubuntu Pro
linux-image-gcp-5.4 5.4.0.1153.162~18.04.1
Available with Ubuntu Pro
linux-image-generic-5.4 5.4.0.221.241~18.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-18.04 5.4.0.221.241~18.04.1
Available with Ubuntu Pro
linux-image-ibm 5.4.0.1096.101~18.04.1
Available with Ubuntu Pro
linux-image-ibm-5.4 5.4.0.1096.101~18.04.1
Available with Ubuntu Pro
linux-image-lowlatency-5.4 5.4.0.221.241~18.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-18.04 5.4.0.221.241~18.04.1
Available with Ubuntu Pro
linux-image-oem 5.4.0.221.241~18.04.1
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.221.241~18.04.1
Available with Ubuntu Pro
linux-image-raspi-5.4 5.4.0.1133.146~18.04.1
Available with Ubuntu Pro
linux-image-raspi-hwe-18.04 5.4.0.1133.146~18.04.1
Available with Ubuntu Pro
linux-image-snapdragon-5.4 5.4.0.221.241~18.04.1
Available with Ubuntu Pro
linux-image-snapdragon-hwe-18.04 5.4.0.221.241~18.04.1
Available with Ubuntu Pro
linux-image-virtual-5.4 5.4.0.221.241~18.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-18.04 5.4.0.221.241~18.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7754-1
CVE-2024-57996, CVE-2025-37752, CVE-2025-38350

[USN-7753-1] xmltodict vulnerability

==========================================================================
Ubuntu Security Notice USN-7753-1
September 16, 2025

python-xmltodict vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

xmltodict could be made to crash or run programs if it received specially
crafted input.

Software Description:
- python-xmltodict: Makes working with XML feel like you are working with JSON

Details:

Camilo Vera discovered that xmltodict parsed maliciously crafted XML input,
contrary to expectations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
python3-xmltodict 0.13.0-1ubuntu0.25.04.1

Ubuntu 24.04 LTS
python3-xmltodict 0.13.0-1ubuntu0.24.04.1

Ubuntu 22.04 LTS
python3-xmltodict 0.12.0-2ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
python-xmltodict 0.12.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-xmltodict 0.12.0-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
python-xmltodict 0.11.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-xmltodict 0.11.0-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
python-xmltodict 0.9.2-3ubuntu0.1~esm1
Available with Ubuntu Pro
python3-xmltodict 0.9.2-3ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7753-1
CVE-2025-9375

Package Information:
https://launchpad.net/ubuntu/+source/python-xmltodict/0.13.0-1ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/python-xmltodict/0.13.0-1ubuntu0.24.04.1

[USN-7752-1] libyang vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7752-1
September 16, 2025

libyang2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

libyang could be made to crash if it received specially crafted input.

Software Description:
- libyang2: parser toolkit for IETF YANG data modeling

Details:

It was discovered that libyang incorrectly handled certain memory
operations when parsing YANG strings. An attacker could possibly use this
issue to cause libyang to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libyang2t64 2.1.30-2.1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7752-1
CVE-2023-26916, CVE-2023-26917

Package Information:
https://launchpad.net/ubuntu/+source/libyang2/2.1.30-2.1ubuntu0.1