[USN-7795-3] Linux kernel (AWS FIPS) vulnerabilities
[USN-7811-1] Linux kernel (NVIDIA Tegra IGX) vulnerabilities
[USN-7810-1] Linux kernel (Azure) vulnerabilities
[USN-7793-5] Linux kernel (GKE) vulnerabilities
[USN-7809-1] Linux kernel (Azure, N-Series) vulnerabilities
[USN-7808-1] Linux kernel (Azure) vulnerabilities
[USN-7792-3] Linux kernel (AWS) vulnerabilities
[USN-7789-2] Linux kernel (Raspberry Pi) vulnerabilities
[LSN-0115-1] Linux kernel vulnerability
[USN-7813-1] FORT Validator vulnerabilities
[USN-7795-3] Linux kernel (AWS FIPS) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7795-3
October 08, 2025
linux-aws-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Ext4 file system;
- Network file system (NFS) server daemon;
- Packet sockets;
- Network traffic control;
- VMware vSockets driver;
(CVE-2025-38618, CVE-2025-21796, CVE-2025-37785, CVE-2025-38477,
CVE-2025-38617)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1151-aws-fips 5.4.0-1151.161+fips1
Available with Ubuntu Pro
linux-image-aws-fips 5.4.0.1151.98
Available with Ubuntu Pro
linux-image-aws-fips-5.4 5.4.0.1151.98
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7795-3
https://ubuntu.com/security/notices/USN-7795-2
https://ubuntu.com/security/notices/USN-7795-1
CVE-2025-21796, CVE-2025-37785, CVE-2025-38477, CVE-2025-38617,
CVE-2025-38618
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/5.4.0-1151.161+fips1
[USN-7811-1] Linux kernel (NVIDIA Tegra IGX) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7811-1
October 08, 2025
linux-nvidia-tegra-igx vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-nvidia-tegra-igx: Linux kernel for NVIDIA Tegra IGX systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Packet sockets;
- Network traffic control;
- VMware vSockets driver;
(CVE-2025-38618, CVE-2025-38477, CVE-2025-38617)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1035-nvidia-tegra-igx 5.15.0-1035.35
linux-image-5.15.0-1035-nvidia-tegra-igx-rt 5.15.0-1035.35
linux-image-nvidia-tegra-igx 5.15.0.1035.37
linux-image-nvidia-tegra-igx-5.15 5.15.0.1035.37
linux-image-nvidia-tegra-igx-rt 5.15.0.1035.37
linux-image-nvidia-tegra-igx-rt-5.15 5.15.0.1035.37
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7811-1
CVE-2025-38477, CVE-2025-38617, CVE-2025-38618
Package Information:
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra-igx/5.15.0-1035.35
[USN-7810-1] Linux kernel (Azure) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7810-1
October 08, 2025
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Packet sockets;
- Network traffic control;
- VMware vSockets driver;
(CVE-2025-38683, CVE-2025-38618, CVE-2025-38617, CVE-2025-38477)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1097-azure 5.15.0-1097.106
linux-image-azure-5.15 5.15.0.1097.95
linux-image-azure-lts-22.04 5.15.0.1097.95
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7810-1
CVE-2025-38477, CVE-2025-38617, CVE-2025-38618, CVE-2025-38683
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1097.106
[USN-7793-5] Linux kernel (GKE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7793-5
October 08, 2025
linux-gke vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Packet sockets;
- Network traffic control;
- VMware vSockets driver;
(CVE-2025-38477, CVE-2025-38617, CVE-2025-38618)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1090-gke 5.15.0-1090.96
linux-image-gke 5.15.0.1090.89
linux-image-gke-5.15 5.15.0.1090.89
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7793-5
https://ubuntu.com/security/notices/USN-7793-4
https://ubuntu.com/security/notices/USN-7793-3
https://ubuntu.com/security/notices/USN-7793-2
https://ubuntu.com/security/notices/USN-7793-1
CVE-2025-38477, CVE-2025-38617, CVE-2025-38618
Package Information:
https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1090.96
[USN-7809-1] Linux kernel (Azure, N-Series) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7809-1
October 08, 2025
linux-azure-nvidia vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure-nvidia: Linux kernel for Microsoft Azure Cloud systems, N-Series
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- x86 architecture;
- Compute Acceleration Framework;
- Bus devices;
- AMD CDX bus driver;
- DPLL subsystem;
- EFI core;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Multiple devices driver;
- Network drivers;
- Mellanox network drivers;
- NVME drivers;
- Pin controllers subsystem;
- RapidIO drivers;
- Voltage and Current Regulator drivers;
- SCSI subsystem;
- SLIMbus drivers;
- QCOM SoC drivers;
- UFS subsystem;
- USB DSL drivers;
- Renesas USBHS Controller drivers;
- USB Type-C Connector System Software Interface driver;
- Framebuffer layer;
- ACRN Hypervisor Service Module driver;
- Ext4 file system;
- Network file system (NFS) client;
- Overlay file system;
- Proc file system;
- SMB network file system;
- Memory Management;
- Scheduler infrastructure;
- SoC audio core drivers;
- Perf events;
- Tracing infrastructure;
- Memory management;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- Devlink API;
- IPv4 networking;
- IPv6 networking;
- Logical Link layer;
- Management Component Transport Protocol (MCTP);
- Multipath TCP;
- Netfilter;
- Packet sockets;
- Network traffic control;
- Switch device API;
- TLS protocol;
- VMware vSockets driver;
- Wireless networking;
- eXpress Data Path;
- XFRM subsystem;
(CVE-2025-21976, CVE-2025-21890, CVE-2025-38617, CVE-2025-21945,
CVE-2025-21878, CVE-2025-21925, CVE-2025-21927, CVE-2025-21997,
CVE-2025-21919, CVE-2025-21979, CVE-2025-21899, CVE-2025-21955,
CVE-2025-21967, CVE-2024-57996, CVE-2025-22014, CVE-2025-21956,
CVE-2025-21887, CVE-2025-37785, CVE-2025-21935, CVE-2024-58090,
CVE-2025-21975, CVE-2025-21969, CVE-2025-21914, CVE-2025-21963,
CVE-2025-21934, CVE-2025-21872, CVE-2025-21961, CVE-2025-38244,
CVE-2025-21908, CVE-2025-21920, CVE-2025-21980, CVE-2025-21904,
CVE-2025-22008, CVE-2025-21911, CVE-2025-21880, CVE-2025-21928,
CVE-2025-21885, CVE-2025-21913, CVE-2025-37752, CVE-2025-22015,
CVE-2025-38500, CVE-2025-22013, CVE-2025-21970, CVE-2025-21877,
CVE-2025-21916, CVE-2025-21889, CVE-2025-21982, CVE-2025-22001,
CVE-2025-22007, CVE-2025-22016, CVE-2025-21981, CVE-2025-37756,
CVE-2025-21962, CVE-2025-21891, CVE-2025-21968, CVE-2025-21936,
CVE-2025-21995, CVE-2025-21922, CVE-2025-21930, CVE-2025-21894,
CVE-2025-38477, CVE-2025-22011, CVE-2025-21991, CVE-2025-38618,
CVE-2025-22003, CVE-2025-21903, CVE-2025-21986, CVE-2025-21941,
CVE-2025-21951, CVE-2025-22004, CVE-2025-21929, CVE-2025-21917,
CVE-2025-21915, CVE-2025-21977, CVE-2025-21875, CVE-2025-21959,
CVE-2025-22017, CVE-2025-21881, CVE-2025-21937, CVE-2025-22009,
CVE-2025-38350, CVE-2025-21944, CVE-2025-21918, CVE-2025-21947,
CVE-2025-21883, CVE-2025-21892, CVE-2025-21966, CVE-2025-21950,
CVE-2025-21926, CVE-2025-37954, CVE-2025-21999, CVE-2025-21992,
CVE-2025-21948, CVE-2025-21960, CVE-2025-21924, CVE-2025-21873,
CVE-2025-21895, CVE-2025-21946, CVE-2025-37889, CVE-2025-21978,
CVE-2025-21905, CVE-2025-22010, CVE-2025-38683, CVE-2025-21898,
CVE-2025-21910, CVE-2025-21994, CVE-2025-21996, CVE-2025-21972,
CVE-2025-21912, CVE-2025-22005, CVE-2025-21909, CVE-2025-21957,
CVE-2025-21964)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-1025-azure-nvidia 6.8.0-1025.27
linux-image-azure-nvidia 6.8.0-1025.27
linux-image-azure-nvidia-6.8 6.8.0-1025.27
linux-image-azure-nvidia-lts-24.04 6.8.0-1025.27
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7809-1
CVE-2024-57996, CVE-2024-58090, CVE-2025-21872, CVE-2025-21873,
CVE-2025-21875, CVE-2025-21877, CVE-2025-21878, CVE-2025-21880,
CVE-2025-21881, CVE-2025-21883, CVE-2025-21885, CVE-2025-21887,
CVE-2025-21889, CVE-2025-21890, CVE-2025-21891, CVE-2025-21892,
CVE-2025-21894, CVE-2025-21895, CVE-2025-21898, CVE-2025-21899,
CVE-2025-21903, CVE-2025-21904, CVE-2025-21905, CVE-2025-21908,
CVE-2025-21909, CVE-2025-21910, CVE-2025-21911, CVE-2025-21912,
CVE-2025-21913, CVE-2025-21914, CVE-2025-21915, CVE-2025-21916,
CVE-2025-21917, CVE-2025-21918, CVE-2025-21919, CVE-2025-21920,
CVE-2025-21922, CVE-2025-21924, CVE-2025-21925, CVE-2025-21926,
CVE-2025-21927, CVE-2025-21928, CVE-2025-21929, CVE-2025-21930,
CVE-2025-21934, CVE-2025-21935, CVE-2025-21936, CVE-2025-21937,
CVE-2025-21941, CVE-2025-21944, CVE-2025-21945, CVE-2025-21946,
CVE-2025-21947, CVE-2025-21948, CVE-2025-21950, CVE-2025-21951,
CVE-2025-21955, CVE-2025-21956, CVE-2025-21957, CVE-2025-21959,
CVE-2025-21960, CVE-2025-21961, CVE-2025-21962, CVE-2025-21963,
CVE-2025-21964, CVE-2025-21966, CVE-2025-21967, CVE-2025-21968,
CVE-2025-21969, CVE-2025-21970, CVE-2025-21972, CVE-2025-21975,
CVE-2025-21976, CVE-2025-21977, CVE-2025-21978, CVE-2025-21979,
CVE-2025-21980, CVE-2025-21981, CVE-2025-21982, CVE-2025-21986,
CVE-2025-21991, CVE-2025-21992, CVE-2025-21994, CVE-2025-21995,
CVE-2025-21996, CVE-2025-21997, CVE-2025-21999, CVE-2025-22001,
CVE-2025-22003, CVE-2025-22004, CVE-2025-22005, CVE-2025-22007,
CVE-2025-22008, CVE-2025-22009, CVE-2025-22010, CVE-2025-22011,
CVE-2025-22013, CVE-2025-22014, CVE-2025-22015, CVE-2025-22016,
CVE-2025-22017, CVE-2025-37752, CVE-2025-37756, CVE-2025-37785,
CVE-2025-37889, CVE-2025-37954, CVE-2025-38244, CVE-2025-38350,
CVE-2025-38477, CVE-2025-38500, CVE-2025-38617, CVE-2025-38618,
CVE-2025-38683
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-nvidia/6.8.0-1025.27
[USN-7808-1] Linux kernel (Azure) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7808-1
October 08, 2025
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Ext4 file system;
- SMB network file system;
- Packet sockets;
- Network traffic control;
- TLS protocol;
- VMware vSockets driver;
- XFRM subsystem;
(CVE-2025-38617, CVE-2025-37785, CVE-2025-38244, CVE-2025-37756,
CVE-2025-38618, CVE-2025-38477, CVE-2025-38683, CVE-2025-38500)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-1040-azure 6.8.0-1040.46
linux-image-6.8.0-1040-azure-fde 6.8.0-1040.46
linux-image-azure-6.8 6.8.0-1040.46
linux-image-azure-fde-6.8 6.8.0-1040.46
linux-image-azure-fde-lts-24.04 6.8.0-1040.46
linux-image-azure-lts-24.04 6.8.0-1040.46
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7808-1
CVE-2025-37756, CVE-2025-37785, CVE-2025-38244, CVE-2025-38477,
CVE-2025-38500, CVE-2025-38617, CVE-2025-38618, CVE-2025-38683
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1040.46
[USN-7792-3] Linux kernel (AWS) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7792-3
October 08, 2025
linux-aws-6.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Ext4 file system;
- Packet sockets;
- Network traffic control;
- TLS protocol;
- VMware vSockets driver;
- XFRM subsystem;
(CVE-2025-38500, CVE-2025-37785, CVE-2025-38617, CVE-2025-37756,
CVE-2025-38477, CVE-2025-38618)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-6.8.0-1040-aws 6.8.0-1040.42~22.04.1
linux-image-6.8.0-1040-aws-64k 6.8.0-1040.42~22.04.1
linux-image-aws 6.8.0-1040.42~22.04.1
linux-image-aws-6.8 6.8.0-1040.42~22.04.1
linux-image-aws-64k 6.8.0-1040.42~22.04.1
linux-image-aws-64k-6.8 6.8.0-1040.42~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7792-3
https://ubuntu.com/security/notices/USN-7792-2
https://ubuntu.com/security/notices/USN-7792-1
CVE-2025-37756, CVE-2025-37785, CVE-2025-38477, CVE-2025-38500,
CVE-2025-38617, CVE-2025-38618
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1040.42~22.04.1
[USN-7789-2] Linux kernel (Raspberry Pi) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7789-2
October 08, 2025
linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Android drivers;
- Bluetooth drivers;
- Bus devices;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- Arm Firmware Framework for ARMv8-A(FFA);
- FPGA Framework;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- HW tracing;
- InfiniBand drivers;
- IOMMU subsystem;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- MTD block device drivers;
- Network drivers;
- Mellanox network drivers;
- STMicroelectronics network drivers;
- NVDIMM (Non-Volatile Memory Device) drivers;
- NVME drivers;
- NVMEM (Non Volatile Memory) drivers;
- PCI subsystem;
- Amlogic Meson DDR PMU;
- NI-700 PMU driver;
- PHY drivers;
- Pin controllers subsystem;
- x86 platform drivers;
- PTP clock framework;
- SCSI subsystem;
- ASPEED SoC drivers;
- SPI subsystem;
- TCM subsystem;
- Thunderbolt and USB4 drivers;
- TTY drivers;
- UFS subsystem;
- USB core drivers;
- USB Gadget drivers;
- Renesas USBHS Controller drivers;
- USB Type-C Port Controller Manager driver;
- VFIO drivers;
- Virtio Host (VHOST) subsystem;
- Backlight driver;
- Framebuffer layer;
- Virtio drivers;
- BTRFS file system;
- EROFS file system;
- F2FS file system;
- File systems infrastructure;
- Network file systems library;
- NTFS3 file system;
- SMB network file system;
- Codetag library;
- BPF subsystem;
- LZO compression library;
- Mellanox drivers;
- IPv4 networking;
- Bluetooth subsystem;
- Network sockets;
- XFRM subsystem;
- Digital Audio (PCM) driver;
- Tracing infrastructure;
- io_uring subsystem;
- Padata parallel execution mechanism;
- DVFS energy model driver;
- Restartable seuqences system call mechanism;
- Timer subsystem;
- Memory management;
- KASAN memory debugging framework;
- CAN network layer;
- Networking core;
- IPv6 networking;
- Netfilter;
- NetLabel subsystem;
- Open vSwitch;
- Network traffic control;
- TIPC protocol;
- TLS protocol;
- ALSA framework;
- sma1307 audio codecs;
- Intel ASoC drivers;
- MediaTek ASoC drivers;
- USB sound devices;
(CVE-2025-38081, CVE-2025-38142, CVE-2025-38157, CVE-2025-38174,
CVE-2025-38156, CVE-2025-38044, CVE-2025-38414, CVE-2025-38041,
CVE-2025-38124, CVE-2025-38122, CVE-2025-38285, CVE-2025-38317,
CVE-2025-38159, CVE-2025-38352, CVE-2025-38117, CVE-2025-38040,
CVE-2025-38292, CVE-2025-38301, CVE-2025-38149, CVE-2025-38299,
CVE-2025-38116, CVE-2025-38100, CVE-2025-38107, CVE-2025-38063,
CVE-2025-38069, CVE-2025-38130, CVE-2025-38032, CVE-2025-38113,
CVE-2025-38287, CVE-2025-38138, CVE-2025-38004, CVE-2025-38097,
CVE-2025-38270, CVE-2025-38311, CVE-2025-38499, CVE-2025-38050,
CVE-2025-38064, CVE-2025-38278, CVE-2025-38297, CVE-2025-38091,
CVE-2025-38065, CVE-2025-38114, CVE-2025-38048, CVE-2025-38096,
CVE-2025-38112, CVE-2025-38148, CVE-2025-38101, CVE-2025-38062,
CVE-2025-38057, CVE-2025-38029, CVE-2025-38105, CVE-2025-38277,
CVE-2025-38053, CVE-2025-38302, CVE-2025-38169, CVE-2025-38307,
CVE-2025-38153, CVE-2025-38106, CVE-2025-38293, CVE-2025-38267,
CVE-2025-38314, CVE-2025-38291, CVE-2025-38284, CVE-2025-38141,
CVE-2025-38052, CVE-2025-38079, CVE-2025-38088, CVE-2025-38164,
CVE-2025-38288, CVE-2025-38289, CVE-2025-38074, CVE-2025-38073,
CVE-2025-38274, CVE-2025-38167, CVE-2025-38129, CVE-2025-38082,
CVE-2025-38109, CVE-2025-38003, CVE-2025-38042, CVE-2025-38319,
CVE-2025-38165, CVE-2025-38102, CVE-2025-38045, CVE-2025-38154,
CVE-2025-38127, CVE-2025-38034, CVE-2025-38051, CVE-2025-38143,
CVE-2025-38061, CVE-2025-38119, CVE-2025-38077, CVE-2025-38115,
CVE-2025-38175, CVE-2025-38147, CVE-2025-38172, CVE-2025-38176,
CVE-2025-38269, CVE-2025-38126, CVE-2025-38131, CVE-2025-38296,
CVE-2025-38170, CVE-2025-38110, CVE-2025-38111, CVE-2025-38295,
CVE-2025-38072, CVE-2025-38168, CVE-2025-38098, CVE-2025-38160,
CVE-2025-38125, CVE-2025-38054, CVE-2025-38286, CVE-2025-38310,
CVE-2025-38162, CVE-2025-38135, CVE-2025-38161, CVE-2025-38055,
CVE-2025-38066, CVE-2025-38318, CVE-2025-38173, CVE-2025-38033,
CVE-2025-38281, CVE-2025-38140, CVE-2025-38146, CVE-2025-38305,
CVE-2025-38103, CVE-2025-38080, CVE-2025-38068, CVE-2025-38037,
CVE-2025-38043, CVE-2025-38272, CVE-2025-38137, CVE-2025-38279,
CVE-2025-38275, CVE-2025-38151, CVE-2025-38123, CVE-2025-38158,
CVE-2025-38268, CVE-2025-38136, CVE-2025-38132, CVE-2025-38120,
CVE-2025-38047, CVE-2025-38304, CVE-2025-38298, CVE-2025-38265,
CVE-2025-38134, CVE-2025-38128, CVE-2025-38118, CVE-2025-38058,
CVE-2025-38303, CVE-2025-38316, CVE-2025-38092, CVE-2025-38163,
CVE-2025-38155, CVE-2025-38145, CVE-2025-38280, CVE-2025-38076,
CVE-2025-38031, CVE-2025-38306, CVE-2025-38078, CVE-2025-38035,
CVE-2025-38315, CVE-2025-38300, CVE-2025-38283, CVE-2025-38059,
CVE-2025-38312, CVE-2025-38071, CVE-2025-38294, CVE-2025-38036,
CVE-2025-38498, CVE-2025-38099, CVE-2025-38070, CVE-2025-38166,
CVE-2025-38060, CVE-2025-38282, CVE-2025-38313, CVE-2025-38038,
CVE-2025-38290, CVE-2025-39890, CVE-2025-38415, CVE-2025-38039,
CVE-2025-38067, CVE-2025-38075, CVE-2025-38108, CVE-2025-38139)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
linux-image-6.14.0-1014-raspi 6.14.0-1014.14
linux-image-raspi 6.14.0-1014.14
linux-image-raspi-6.14 6.14.0-1014.14
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7789-2
https://ubuntu.com/security/notices/USN-7789-1
CVE-2025-38003, CVE-2025-38004, CVE-2025-38029, CVE-2025-38031,
CVE-2025-38032, CVE-2025-38033, CVE-2025-38034, CVE-2025-38035,
CVE-2025-38036, CVE-2025-38037, CVE-2025-38038, CVE-2025-38039,
CVE-2025-38040, CVE-2025-38041, CVE-2025-38042, CVE-2025-38043,
CVE-2025-38044, CVE-2025-38045, CVE-2025-38047, CVE-2025-38048,
CVE-2025-38050, CVE-2025-38051, CVE-2025-38052, CVE-2025-38053,
CVE-2025-38054, CVE-2025-38055, CVE-2025-38057, CVE-2025-38058,
CVE-2025-38059, CVE-2025-38060, CVE-2025-38061, CVE-2025-38062,
CVE-2025-38063, CVE-2025-38064, CVE-2025-38065, CVE-2025-38066,
CVE-2025-38067, CVE-2025-38068, CVE-2025-38069, CVE-2025-38070,
CVE-2025-38071, CVE-2025-38072, CVE-2025-38073, CVE-2025-38074,
CVE-2025-38075, CVE-2025-38076, CVE-2025-38077, CVE-2025-38078,
CVE-2025-38079, CVE-2025-38080, CVE-2025-38081, CVE-2025-38082,
CVE-2025-38088, CVE-2025-38091, CVE-2025-38092, CVE-2025-38096,
CVE-2025-38097, CVE-2025-38098, CVE-2025-38099, CVE-2025-38100,
CVE-2025-38101, CVE-2025-38102, CVE-2025-38103, CVE-2025-38105,
CVE-2025-38106, CVE-2025-38107, CVE-2025-38108, CVE-2025-38109,
CVE-2025-38110, CVE-2025-38111, CVE-2025-38112, CVE-2025-38113,
CVE-2025-38114, CVE-2025-38115, CVE-2025-38116, CVE-2025-38117,
CVE-2025-38118, CVE-2025-38119, CVE-2025-38120, CVE-2025-38122,
CVE-2025-38123, CVE-2025-38124, CVE-2025-38125, CVE-2025-38126,
CVE-2025-38127, CVE-2025-38128, CVE-2025-38129, CVE-2025-38130,
CVE-2025-38131, CVE-2025-38132, CVE-2025-38134, CVE-2025-38135,
CVE-2025-38136, CVE-2025-38137, CVE-2025-38138, CVE-2025-38139,
CVE-2025-38140, CVE-2025-38141, CVE-2025-38142, CVE-2025-38143,
CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38148,
CVE-2025-38149, CVE-2025-38151, CVE-2025-38153, CVE-2025-38154,
CVE-2025-38155, CVE-2025-38156, CVE-2025-38157, CVE-2025-38158,
CVE-2025-38159, CVE-2025-38160, CVE-2025-38161, CVE-2025-38162,
CVE-2025-38163, CVE-2025-38164, CVE-2025-38165, CVE-2025-38166,
CVE-2025-38167, CVE-2025-38168, CVE-2025-38169, CVE-2025-38170,
CVE-2025-38172, CVE-2025-38173, CVE-2025-38174, CVE-2025-38175,
CVE-2025-38176, CVE-2025-38265, CVE-2025-38267, CVE-2025-38268,
CVE-2025-38269, CVE-2025-38270, CVE-2025-38272, CVE-2025-38274,
CVE-2025-38275, CVE-2025-38277, CVE-2025-38278, CVE-2025-38279,
CVE-2025-38280, CVE-2025-38281, CVE-2025-38282, CVE-2025-38283,
CVE-2025-38284, CVE-2025-38285, CVE-2025-38286, CVE-2025-38287,
CVE-2025-38288, CVE-2025-38289, CVE-2025-38290, CVE-2025-38291,
CVE-2025-38292, CVE-2025-38293, CVE-2025-38294, CVE-2025-38295,
CVE-2025-38296, CVE-2025-38297, CVE-2025-38298, CVE-2025-38299,
CVE-2025-38300, CVE-2025-38301, CVE-2025-38302, CVE-2025-38303,
CVE-2025-38304, CVE-2025-38305, CVE-2025-38306, CVE-2025-38307,
CVE-2025-38310, CVE-2025-38311, CVE-2025-38312, CVE-2025-38313,
CVE-2025-38314, CVE-2025-38315, CVE-2025-38316, CVE-2025-38317,
CVE-2025-38318, CVE-2025-38319, CVE-2025-38352, CVE-2025-38414,
CVE-2025-38415, CVE-2025-38498, CVE-2025-38499, CVE-2025-39890
Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/6.14.0-1014.14
[LSN-0115-1] Linux kernel vulnerability
Linux kernel vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 14.04 LTS
Summary
Several security issues were fixed in the kernel.
Software Description
- linux - Linux kernel
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-azure - Linux kernel for Microsoft Azure Cloud systems
- linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke - Linux kernel for Google Container Engine (GKE) systems
- linux-ibm - Linux kernel for IBM cloud systems
- linux-oracle - Linux kernel for Oracle Cloud systems
Details
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fixed overflow check in mi_enum_attr(). (CVE-2024-27407)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot
reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on
the four reserved tcp bits (th->res1) Use skb_put_zero() to clear the
whole TCP header, as done in nf_reject_ip_tcphdr_put() BUG: KMSAN:
uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0
net/ipv6/netfilter/nf_reject_ipv6.c:255
nf_reject_ip6_tcphdr_put+0x688/0x6c0
net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_send_reset6+0xd84/0x15b0
net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880
net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval
net/netfilter/nf_tables_core.c:240 . (CVE-2024-47685)
In the Linux kernel, the following vulnerability has been resolved: smb:
client: fix UAF in async decryption Doing an async decryption (large
read) crashes with a slab-use-after-free way down in the crypto API.
(CVE-2024-50047)
In the Linux kernel, the following vulnerability has been resolved: ovl:
fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The
issue was caused by dput(upper) being called before
ovl_dentry_update_reval(), while upper->d_flags was still accessed in
ovl_dentry_remote(). (CVE-2025-21887)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the
erdma_cep_put(new_cep) being called, new_cep will be freed, and the
following dereference will cause a UAF problem. (CVE-2025-22088)
Update instructions
The problem can be corrected by updating your kernel livepatch to the
following versions:
Ubuntu 20.04 LTS
aws - 115.1
azure - 115.1
gcp - 115.1
generic - 115.1
ibm - 115.1
lowlatency - 115.1
oracle - 115.1
Ubuntu 18.04 LTS
aws - 115.1
azure - 115.1
gcp - 115.1
generic - 115.1
lowlatency - 115.1
oracle - 115.1
Ubuntu 24.04 LTS
aws - 115.1
azure - 115.1
gcp - 115.1
generic - 115.1
ibm - 115.1
oracle - 115.1
Ubuntu 16.04 LTS
aws - 115.1
azure - 115.1
gcp - 115.1
generic - 115.1
lowlatency - 115.1
Ubuntu 22.04 LTS
aws - 115.1
azure - 115.1
gcp - 115.1
generic - 115.1
gke - 115.1
ibm - 115.1
oracle - 115.1
Ubuntu 14.04 LTS
generic - 115.1
lowlatency - 115.1
Support Information
Livepatches for supported LTS kernels will receive upgrades for a period
of up to 13 months after the build date of the kernel.
Livepatches for supported HWE kernels which are not based on an LTS
kernel version will receive upgrades for a period of up to 9 months
after the build date of the kernel, or until the end of support for that
kernel’s non-LTS distro release version, whichever is sooner.
References
- CVE-2024-27407
- CVE-2024-47685
- CVE-2024-50047
- CVE-2025-21887
- CVE-2025-22088
[USN-7813-1] FORT Validator vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7813-1
October 08, 2025
fort-validator vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in FORT Validator.
Software Description:
- fort-validator: RPKI validator and RTR server
Details:
Niklas Vogel and Haya Schulmann discovered that FORT Validator did not
perform proper input validation when parsing certain RPKI repository data.
A remote attacker could possibly use this issue to cause FORT Validator to
crash, resulting in a denial of service. (CVE-2024-45234, CVE-2024-45235,
CVE-2024-45236, CVE-2024-45238, CVE-2024-45239)
Niklas Vogel and Haya Schulmann discovered that FORT Validator did not
perform proper input validation when parsing resource certificates. A
remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2024-45237)
Koen van Hove discovered that FORT Validator did not limit the duration of
data transfers when fetching RPKI repository data. A remote attacker could
possibly use this issue to cause FORT Validator to consume excessive
resources, resulting in a denial of service. (CVE-2024-48943)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
fort-validator 1.6.1-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
fort-validator 1.5.3-1ubuntu0.1
Ubuntu 20.04 LTS
fort-validator 1.2.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
After a standard system update you need to restart FORT Validator to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7813-1
CVE-2024-45234, CVE-2024-45235, CVE-2024-45236, CVE-2024-45237,
CVE-2024-45238, CVE-2024-45239, CVE-2024-48943
Package Information:
https://launchpad.net/ubuntu/+source/fort-validator/1.5.3-1ubuntu0.1
