12 hours 45 minutes ago
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- ATM drivers;
- DRBD Distributed Replicated Block Device drivers;
- Bus devices;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- Device frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- ARM SCMI message protocol;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I2C subsystem;
- I3C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device core drivers;
- IOMMU subsystem;
- Media drivers;
- Network drivers;
- Mellanox network drivers;
- PCI subsystem;
- PCCARD (PCMCIA/CardBus) bus subsystem;
- PHY drivers;
- Power supply drivers;
- Voltage and Current Regulator drivers;
- SCSI subsystem;
- ASPEED SoC drivers;
- QCOM SoC drivers;
- small TFT LCD display modules;
- Trusted Execution Environment drivers;
- TTY drivers;
- UFS subsystem;
- USB core drivers;
- DesignWare USB3 driver;
- USB Gadget drivers;
- Framebuffer layer;
- AFS file system;
- BTRFS file system;
- File systems infrastructure;
- EFI Variable file system;
- Ext4 file system;
- F2FS file system;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- Asynchronous Transfer Mode (ATM) subsystem;
- BPF subsystem;
- NFS page cache wrapper;
- Memory management;
- Networking subsytem;
- UDP network protocol;
- Perf events;
- RCU subsystem;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Appletalk network protocol;
- Amateur Radio drivers;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- HSR network protocol;
- IPv4 networking;
- IPv6 networking;
- Multipath TCP;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- Wireless networking;
- SoC audio core drivers;
- USB sound devices;
(CVE-2022-49390, CVE-2022-50070, CVE-2022-50327, CVE-2023-52935,
CVE-2023-53074, CVE-2024-47691, CVE-2024-50061, CVE-2024-50067,
CVE-2024-53068, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855,
CVE-2025-37925, CVE-2025-37968, CVE-2025-38095, CVE-2025-38148,
CVE-2025-38165, CVE-2025-38335, CVE-2025-38347, CVE-2025-38468,
CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476,
CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482,
CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494,
CVE-2025-38495, CVE-2025-38497, CVE-2025-38499, CVE-2025-38502,
CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530,
CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38548,
CVE-2025-38550, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563,
CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574,
CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579,
CVE-2025-38581, CVE-2025-38583, CVE-2025-38601, CVE-2025-38602,
CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38612,
CVE-2025-38614, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624,
CVE-2025-38630, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639,
CVE-2025-38645, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663,
CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670,
CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38678,
CVE-2025-38680, CVE-2025-38681, CVE-2025-38684, CVE-2025-38685,
CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694,
CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698,
CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706,
CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712,
CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718,
CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38729,
CVE-2025-38732, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676,
CVE-2025-39681, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685,
CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691,
CVE-2025-39693, CVE-2025-39697, CVE-2025-39702, CVE-2025-39703,
CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714,
CVE-2025-39724, CVE-2025-39730, CVE-2025-39734, CVE-2025-39736,
CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743,
CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757,
CVE-2025-39760, CVE-2025-39766, CVE-2025-39772, CVE-2025-39773,
CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787,
CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795,
CVE-2025-39798, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808,
CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823,
CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839,
CVE-2025-39841, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846,
CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860,
CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39891,
CVE-2025-39894, CVE-2025-39902, CVE-2025-39920, CVE-2025-39964,
CVE-2025-39993, CVE-2025-40018)
1 day 3 hours ago
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Hardware monitoring drivers;
- InfiniBand drivers;
- Mailbox framework;
- Network drivers;
- Ethernet team driver;
- AFS file system;
- Ceph distributed file system;
- Ext4 file system;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- File systems infrastructure;
- KVM subsystem;
- L3 Master device support module;
- Timer subsystem;
- Tracing infrastructure;
- Memory management;
- Appletalk network protocol;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- Netfilter;
- NET/ROM layer;
- Open vSwitch;
- SCTP protocol;
- USB sound devices;
(CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2023-52574,
CVE-2023-52650, CVE-2024-41006, CVE-2024-49935, CVE-2024-49963,
CVE-2024-50006, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179,
CVE-2024-50299, CVE-2024-53090, CVE-2024-53112, CVE-2024-53124,
CVE-2024-53150, CVE-2024-53217, CVE-2024-56767, CVE-2024-58083,
CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791,
CVE-2025-21811, CVE-2025-21855, CVE-2025-37838, CVE-2025-37958,
CVE-2025-38352, CVE-2025-38666, CVE-2025-39964, CVE-2025-40018)
