-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmlBcuIFAwAAAAAACgkQZ0GeRcM5nt2s
dwgAjCkUt3gyeTUhqFNxmd87mKOq4sQ7mB/fFA8YWQ/nVrVmE48RIKZJUzuQS8lhy/kfLhP/eV6L
NEquoQsAN4L/jgamOygWO9e4EkG7y6duRsEMoep/h0mr5aCTuJwqOlnPg0bLAxBgFZy0w869gODW
oItpaxj9hP3LXufUiJ/y4Ln27Akk/bv0TQIIcynjl1EPGz+qTNBEHgcFw6CYu0P6c/4e7rqE3/Mj
S7eqC1qqHec3vXvedaKyYJDIwAz0qeQgNcXWeoiZBSINhrOfxraw5wTcFv9Plgxa3eFT1WEnRgZN
hodsQmgnh5LbuH2plZ0YAItCP+QV/JK2GAVOHkWpzg==
=DSFY
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7938-1
December 16, 2025
linux-azure-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- ATM drivers;
- DRBD Distributed Replicated Block Device drivers;
- Bus devices;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- Device frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- ARM SCMI message protocol;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I2C subsystem;
- I3C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device core drivers;
- IOMMU subsystem;
- Media drivers;
- Network drivers;
- Mellanox network drivers;
- PCI subsystem;
- PCCARD (PCMCIA/CardBus) bus subsystem;
- PHY drivers;
- Power supply drivers;
- Voltage and Current Regulator drivers;
- SCSI subsystem;
- ASPEED SoC drivers;
- QCOM SoC drivers;
- small TFT LCD display modules;
- Trusted Execution Environment drivers;
- TTY drivers;
- UFS subsystem;
- USB core drivers;
- DesignWare USB3 driver;
- USB Gadget drivers;
- Framebuffer layer;
- AFS file system;
- BTRFS file system;
- File systems infrastructure;
- EFI Variable file system;
- Ext4 file system;
- F2FS file system;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- Asynchronous Transfer Mode (ATM) subsystem;
- BPF subsystem;
- NFS page cache wrapper;
- Memory management;
- Networking subsytem;
- UDP network protocol;
- Perf events;
- RCU subsystem;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Appletalk network protocol;
- Amateur Radio drivers;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- HSR network protocol;
- IPv4 networking;
- IPv6 networking;
- Multipath TCP;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- Wireless networking;
- SoC audio core drivers;
- USB sound devices;
(CVE-2022-49390, CVE-2022-50070, CVE-2022-50327, CVE-2023-52935,
CVE-2023-53074, CVE-2024-47691, CVE-2024-50061, CVE-2024-50067,
CVE-2024-53068, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855,
CVE-2025-37925, CVE-2025-37968, CVE-2025-38095, CVE-2025-38148,
CVE-2025-38165, CVE-2025-38335, CVE-2025-38347, CVE-2025-38468,
CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476,
CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482,
CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494,
CVE-2025-38495, CVE-2025-38497, CVE-2025-38499, CVE-2025-38502,
CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530,
CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38548,
CVE-2025-38550, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563,
CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574,
CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579,
CVE-2025-38581, CVE-2025-38583, CVE-2025-38601, CVE-2025-38602,
CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38612,
CVE-2025-38614, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624,
CVE-2025-38630, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639,
CVE-2025-38645, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663,
CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670,
CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38678,
CVE-2025-38680, CVE-2025-38681, CVE-2025-38684, CVE-2025-38685,
CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694,
CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698,
CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706,
CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712,
CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718,
CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38729,
CVE-2025-38732, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676,
CVE-2025-39681, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685,
CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691,
CVE-2025-39693, CVE-2025-39697, CVE-2025-39702, CVE-2025-39703,
CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714,
CVE-2025-39724, CVE-2025-39730, CVE-2025-39734, CVE-2025-39736,
CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743,
CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757,
CVE-2025-39760, CVE-2025-39766, CVE-2025-39772, CVE-2025-39773,
CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787,
CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795,
CVE-2025-39798, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808,
CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823,
CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839,
CVE-2025-39841, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846,
CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860,
CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39891,
CVE-2025-39894, CVE-2025-39902, CVE-2025-39920, CVE-2025-39964,
CVE-2025-39993, CVE-2025-40018)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.15.0-1102-azure 5.15.0-1102.111~20.04.1
Available with Ubuntu Pro
linux-image-azure 5.15.0.1102.111~20.04.1
Available with Ubuntu Pro
linux-image-azure-5.15 5.15.0.1102.111~20.04.1
Available with Ubuntu Pro
linux-image-azure-cvm 5.15.0.1102.111~20.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7938-1
CVE-2022-49390, CVE-2022-50070, CVE-2022-50327, CVE-2023-52935,
CVE-2023-53074, CVE-2024-47691, CVE-2024-50061, CVE-2024-50067,
CVE-2024-53068, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855,
CVE-2025-37925, CVE-2025-37968, CVE-2025-38095, CVE-2025-38148,
CVE-2025-38165, CVE-2025-38335, CVE-2025-38347, CVE-2025-38468,
CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476,
CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482,
CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494,
CVE-2025-38495, CVE-2025-38497, CVE-2025-38499, CVE-2025-38502,
CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530,
CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38548,
CVE-2025-38550, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563,
CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574,
CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579,
CVE-2025-38581, CVE-2025-38583, CVE-2025-38601, CVE-2025-38602,
CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38612,
CVE-2025-38614, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624,
CVE-2025-38630, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639,
CVE-2025-38645, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663,
CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670,
CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38678,
CVE-2025-38680, CVE-2025-38681, CVE-2025-38684, CVE-2025-38685,
CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694,
CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698,
CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706,
CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712,
CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718,
CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38729,
CVE-2025-38732, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676,
CVE-2025-39681, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685,
CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691,
CVE-2025-39693, CVE-2025-39697, CVE-2025-39702, CVE-2025-39703,
CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714,
CVE-2025-39724, CVE-2025-39730, CVE-2025-39734, CVE-2025-39736,
CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743,
CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757,
CVE-2025-39760, CVE-2025-39766, CVE-2025-39772, CVE-2025-39773,
CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787,
CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795,
CVE-2025-39798, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808,
CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823,
CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839,
CVE-2025-39841, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846,
CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860,
CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39891,
CVE-2025-39894, CVE-2025-39902, CVE-2025-39920, CVE-2025-39964,
CVE-2025-39993, CVE-2025-40018, CVE-2025-40300
No comments:
Post a Comment