Ubuntu Security Advisories

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - ATM drivers; - DRBD Distributed Replicated Block Device drivers; - Bus devices; - Clock framework and drivers; - Data acquisition framework and drivers; - Hardware crypto device drivers; - Device frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - IOMMU subsystem; - Media drivers; - Network drivers; - Mellanox network drivers; - PCI subsystem; - PCCARD (PCMCIA/CardBus) bus subsystem; - PHY drivers; - Power supply drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - ASPEED SoC drivers; - QCOM SoC drivers; - small TFT LCD display modules; - Trusted Execution Environment drivers; - TTY drivers; - UFS subsystem; - USB core drivers; - DesignWare USB3 driver; - USB Gadget drivers; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - EFI Variable file system; - Ext4 file system; - F2FS file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - NTFS3 file system; - SMB network file system; - Asynchronous Transfer Mode (ATM) subsystem; - BPF subsystem; - NFS page cache wrapper; - Memory management; - Networking subsytem; - UDP network protocol; - Perf events; - RCU subsystem; - Tracing infrastructure; - 802.1Q VLAN protocol; - Appletalk network protocol; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - HSR network protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Netfilter; - Network traffic control; - SCTP protocol; - TLS protocol; - Wireless networking; - SoC audio core drivers; - USB sound devices; (CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074, CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968, CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335, CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693, CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894, CVE-2025-39902, CVE-2025-39920)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - ATM drivers; - DRBD Distributed Replicated Block Device drivers; - Bus devices; - Clock framework and drivers; - Data acquisition framework and drivers; - Hardware crypto device drivers; - Device frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - IOMMU subsystem; - Media drivers; - Network drivers; - Mellanox network drivers; - PCI subsystem; - PCCARD (PCMCIA/CardBus) bus subsystem; - PHY drivers; - Power supply drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - ASPEED SoC drivers; - QCOM SoC drivers; - small TFT LCD display modules; - Trusted Execution Environment drivers; - TTY drivers; - UFS subsystem; - USB core drivers; - DesignWare USB3 driver; - USB Gadget drivers; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - EFI Variable file system; - Ext4 file system; - F2FS file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - NTFS3 file system; - SMB network file system; - Asynchronous Transfer Mode (ATM) subsystem; - BPF subsystem; - NFS page cache wrapper; - Memory management; - Networking subsytem; - UDP network protocol; - Perf events; - RCU subsystem; - Tracing infrastructure; - 802.1Q VLAN protocol; - Appletalk network protocol; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - HSR network protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Netfilter; - Network traffic control; - SCTP protocol; - TLS protocol; - Wireless networking; - SoC audio core drivers; - USB sound devices; (CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074, CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968, CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335, CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681, CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693, CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894, CVE-2025-39902, CVE-2025-39920)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - Network drivers; - Netfilter; - TLS protocol; (CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - Cryptographic API; - Android drivers; - TTY drivers; - F2FS file system; - 9P file system network protocol; (CVE-2025-40025, CVE-2025-40026, CVE-2025-40027, CVE-2025-40028, CVE-2025-40108, CVE-2025-40109)

USN-7912-1 fixed vulnerabilities in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Johannes Meixner and Paul Zirnik discovered that CUPS incorrectly handled clients that send messages slowly. A remote attacker could possibly use this issue to cause CUPS to stop responding, resulting in a denial of service. (CVE-2025-58436) In addition, this update fixes a regression introduced in USN-7897-1 which resulted in certain invalid configuration file directives to cause the CUPS daemon to fail to start.

It was discovered that the stb library, included in MAME, had a heap-based buffer overflow. An attacker could possibly use this issue to crash the program or execute arbitrary code. (CVE-2018-16981) It was discovered that the tinyexr library, included in MAME, had a heap- based buffer over-read in the function DecodePixelData. An attacker could possibly use this issue to expose sensitive information or crash the program. (CVE-2022-34300) It was discovered that the expat library, included in MAME, had an integer-overflow in the function doProlog. An attacker could possibly use this issue to crash the program or execute arbitrary code. (CVE-2021-46143)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - HSI subsystem; - I3C subsystem; - SMB network file system; - Padata parallel execution mechanism; - Timer subsystem; - Networking core; (CVE-2023-52854, CVE-2024-35867, CVE-2024-50061, CVE-2024-56664, CVE-2025-21727, CVE-2025-37838, CVE-2025-38352)

Johannes Meixner and Paul Zirnik discovered that CUPS incorrectly handled clients that send messages slowly. A remote attacker could possibly use this issue to cause CUPS to stop responding, resulting in a denial of service. (CVE-2025-58436) In addition, this update fixes a regression introduced in USN-7897-1 which resulted in certain invalid configuration file directives to cause the CUPS daemon to fail to start.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; - Network drivers; - AFS file system; - Ceph distributed file system; - Network file system (NFS) server daemon; - NILFS2 file system; - File systems infrastructure; - KVM subsystem; - L3 Master device support module; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Netfilter; - Open vSwitch; (CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935, CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179, CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083, CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791, CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-40018)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; - Network drivers; - AFS file system; - Ceph distributed file system; - Network file system (NFS) server daemon; - NILFS2 file system; - File systems infrastructure; - KVM subsystem; - L3 Master device support module; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Netfilter; - Open vSwitch; (CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935, CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179, CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083, CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791, CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-40018)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SCSI subsystem; - JFS file system; (CVE-2023-52975, CVE-2024-56596)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - ATM drivers; - DRBD Distributed Replicated Block Device drivers; - Bus devices; - Clock framework and drivers; - Data acquisition framework and drivers; - Hardware crypto device drivers; - Device frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - IOMMU subsystem; - Media drivers; - Network drivers; - Mellanox network drivers; - PCI subsystem; - PCCARD (PCMCIA/CardBus) bus subsystem; - PHY drivers; - Power supply drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - ASPEED SoC drivers; - QCOM SoC drivers; - small TFT LCD display modules; - Trusted Execution Environment drivers; - TTY drivers; - UFS subsystem; - USB core drivers; - DesignWare USB3 driver; - USB Gadget drivers; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - EFI Variable file system; - Ext4 file system; - F2FS file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - NTFS3 file system; - SMB network file system; - Asynchronous Transfer Mode (ATM) subsystem; - BPF subsystem; - NFS page cache wrapper; - Memory management; - Networking subsytem; - UDP network protocol; - Perf events; - RCU subsystem; - Tracing infrastructure; - 802.1Q VLAN protocol; - Appletalk network protocol; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - HSR network protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Netfilter; - Network traffic control; - SCTP protocol; - TLS protocol; - Wireless networking; - SoC audio core drivers; - USB sound devices; (CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074, CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968, CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335, CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693, CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894, CVE-2025-39902, CVE-2025-39920)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - ATM drivers; - DRBD Distributed Replicated Block Device drivers; - Bus devices; - Clock framework and drivers; - Data acquisition framework and drivers; - Hardware crypto device drivers; - Device frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - IOMMU subsystem; - Media drivers; - Network drivers; - Mellanox network drivers; - PCI subsystem; - PCCARD (PCMCIA/CardBus) bus subsystem; - PHY drivers; - Power supply drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - ASPEED SoC drivers; - QCOM SoC drivers; - small TFT LCD display modules; - Trusted Execution Environment drivers; - TTY drivers; - UFS subsystem; - USB core drivers; - DesignWare USB3 driver; - USB Gadget drivers; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - EFI Variable file system; - Ext4 file system; - F2FS file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - NTFS3 file system; - SMB network file system; - Asynchronous Transfer Mode (ATM) subsystem; - BPF subsystem; - NFS page cache wrapper; - Memory management; - Networking subsytem; - UDP network protocol; - Perf events; - RCU subsystem; - Tracing infrastructure; - 802.1Q VLAN protocol; - Appletalk network protocol; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - HSR network protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Netfilter; - Network traffic control; - SCTP protocol; - TLS protocol; - Wireless networking; - SoC audio core drivers; - USB sound devices; (CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074, CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968, CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335, CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681, CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693, CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894, CVE-2025-39902, CVE-2025-39920)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - ATM drivers; - DRBD Distributed Replicated Block Device drivers; - Bus devices; - Clock framework and drivers; - Data acquisition framework and drivers; - Hardware crypto device drivers; - Device frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - IOMMU subsystem; - Media drivers; - Network drivers; - Mellanox network drivers; - PCI subsystem; - PCCARD (PCMCIA/CardBus) bus subsystem; - PHY drivers; - Power supply drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - ASPEED SoC drivers; - QCOM SoC drivers; - small TFT LCD display modules; - Trusted Execution Environment drivers; - TTY drivers; - UFS subsystem; - USB core drivers; - DesignWare USB3 driver; - USB Gadget drivers; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - EFI Variable file system; - Ext4 file system; - F2FS file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - NTFS3 file system; - SMB network file system; - Asynchronous Transfer Mode (ATM) subsystem; - BPF subsystem; - NFS page cache wrapper; - Memory management; - Networking subsytem; - UDP network protocol; - Perf events; - RCU subsystem; - Tracing infrastructure; - 802.1Q VLAN protocol; - Appletalk network protocol; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - HSR network protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Netfilter; - Network traffic control; - SCTP protocol; - TLS protocol; - Wireless networking; - SoC audio core drivers; - USB sound devices; (CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074, CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968, CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335, CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681, CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693, CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894, CVE-2025-39902, CVE-2025-39920)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - Network drivers; - Netfilter; - TLS protocol; (CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678)

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - S390 architecture; - x86 architecture; - Network block device driver; - Character device driver; - Clock framework and drivers; - Data acquisition framework and drivers; - Hardware crypto device drivers; - Device frequency scaling framework; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - IIO subsystem; - IIO ADC drivers; - InfiniBand drivers; - Input Device core drivers; - Multiple devices driver; - Media drivers; - Network drivers; - Mellanox network drivers; - PCI subsystem; - PHY drivers; - Pin controllers subsystem; - x86 platform drivers; - Power supply drivers; - Powercap sysfs driver; - Voltage and Current Regulator drivers; - S/390 drivers; - ASPEED SoC drivers; - SPI subsystem; - small TFT LCD display modules; - Media staging drivers; - USB Gadget drivers; - vDPA drivers; - VFIO drivers; - Framebuffer layer; - Xen hypervisor drivers; - BTRFS file system; - Ceph distributed file system; - EFI Variable file system; - File systems infrastructure; - F2FS file system; - GFS2 file system; - Network file systems library; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - NTFS3 file system; - Proc file system; - SMB network file system; - DRM display driver; - io_uring subsystem; - Internal shared memory driver; - padata parallel execution mechanism; - Networking subsytem; - Bluetooth subsystem; - Netfilter; - UDP network protocol; - Tracing infrastructure; - BPF subsystem; - Perf events; - Padata parallel execution mechanism; - Codetag library; - KASAN memory debugging framework; - Memory management; - 802.1Q VLAN protocol; - Appletalk network protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Networking core; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - Netlink; - RxRPC session sockets; - Network traffic control; - SMC sockets; - Sun RPC protocol; - TIPC protocol; - TLS protocol; - VMware vSockets driver; - Wireless networking; - XFRM subsystem; - ADI SoundPort AD1816A based soundcard drivers; - MediaTek ASoC drivers; - SOF drivers; - USB sound devices; - KVM subsystem; (CVE-2025-38335, CVE-2025-38349, CVE-2025-38351, CVE-2025-38437, CVE-2025-38438, CVE-2025-38439, CVE-2025-38440, CVE-2025-38441, CVE-2025-38443, CVE-2025-38444, CVE-2025-38445, CVE-2025-38446, CVE-2025-38448, CVE-2025-38449, CVE-2025-38450, CVE-2025-38451, CVE-2025-38452, CVE-2025-38453, CVE-2025-38454, CVE-2025-38455, CVE-2025-38456, CVE-2025-38457, CVE-2025-38458, CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462, CVE-2025-38463, CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467, CVE-2025-38468, CVE-2025-38469, CVE-2025-38470, CVE-2025-38471, CVE-2025-38472, CVE-2025-38473, CVE-2025-38474, CVE-2025-38475, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38484, CVE-2025-38485, CVE-2025-38487, CVE-2025-38488, CVE-2025-38489, CVE-2025-38490, CVE-2025-38491, CVE-2025-38492, CVE-2025-38493, CVE-2025-38494, CVE-2025-38495, CVE-2025-38496, CVE-2025-38497, CVE-2025-38501, CVE-2025-38503, CVE-2025-38505, CVE-2025-38506, CVE-2025-38507, CVE-2025-38508, CVE-2025-38509, CVE-2025-38510, CVE-2025-38511, CVE-2025-38512, CVE-2025-38513, CVE-2025-38514, CVE-2025-38515, CVE-2025-38516, CVE-2025-38517, CVE-2025-38520, CVE-2025-38521, CVE-2025-38524, CVE-2025-38525, CVE-2025-38526, CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530, CVE-2025-38531, CVE-2025-38532, CVE-2025-38533, CVE-2025-38534, CVE-2025-38535, CVE-2025-38537, CVE-2025-38538, CVE-2025-38539, CVE-2025-38540, CVE-2025-38542, CVE-2025-38543, CVE-2025-38544, CVE-2025-38545, CVE-2025-38546, CVE-2025-38547, CVE-2025-38548, CVE-2025-38549, CVE-2025-38550, CVE-2025-38551, CVE-2025-38552, CVE-2025-38553, CVE-2025-38555, CVE-2025-38556, CVE-2025-38557, CVE-2025-38558, CVE-2025-38559, CVE-2025-38560, CVE-2025-38561, CVE-2025-38562, CVE-2025-38563, CVE-2025-38565, CVE-2025-38566, CVE-2025-38567, CVE-2025-38568, CVE-2025-38569, CVE-2025-38570, CVE-2025-38571, CVE-2025-38572, CVE-2025-38573, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38582, CVE-2025-38583, CVE-2025-38584, CVE-2025-38585, CVE-2025-38586, CVE-2025-38587, CVE-2025-38588, CVE-2025-38589, CVE-2025-38590, CVE-2025-38593, CVE-2025-38595, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38605, CVE-2025-38606, CVE-2025-38608, CVE-2025-38609, CVE-2025-38610, CVE-2025-38612, CVE-2025-38615, CVE-2025-38616, CVE-2025-38619, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624, CVE-2025-38625, CVE-2025-38626, CVE-2025-38628, CVE-2025-38629, CVE-2025-38630, CVE-2025-38631, CVE-2025-38632, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639, CVE-2025-38640, CVE-2025-38642, CVE-2025-38643, CVE-2025-38644, CVE-2025-38645, CVE-2025-38646, CVE-2025-38648, CVE-2025-38649, CVE-2025-38650, CVE-2025-38652, CVE-2025-38653, CVE-2025-38654, CVE-2025-38655, CVE-2025-38659, CVE-2025-38660, CVE-2025-38662, CVE-2025-38663, CVE-2025-38664, CVE-2025-38665, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38675, CVE-2025-38678, CVE-2025-39725, CVE-2025-39726, CVE-2025-39727, CVE-2025-39730, CVE-2025-39731, CVE-2025-39732, CVE-2025-39734, CVE-2025-39809, CVE-2025-39818, CVE-2025-40157)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - ATM drivers; - DRBD Distributed Replicated Block Device drivers; - Bus devices; - Clock framework and drivers; - Data acquisition framework and drivers; - Hardware crypto device drivers; - Device frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - IOMMU subsystem; - Media drivers; - Network drivers; - Mellanox network drivers; - PCI subsystem; - PCCARD (PCMCIA/CardBus) bus subsystem; - PHY drivers; - Power supply drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - ASPEED SoC drivers; - QCOM SoC drivers; - small TFT LCD display modules; - Trusted Execution Environment drivers; - TTY drivers; - UFS subsystem; - USB core drivers; - DesignWare USB3 driver; - USB Gadget drivers; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - EFI Variable file system; - Ext4 file system; - F2FS file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - NTFS3 file system; - SMB network file system; - Asynchronous Transfer Mode (ATM) subsystem; - BPF subsystem; - NFS page cache wrapper; - Memory management; - Networking subsytem; - UDP network protocol; - Perf events; - RCU subsystem; - Tracing infrastructure; - 802.1Q VLAN protocol; - Appletalk network protocol; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - HSR network protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Netfilter; - Network traffic control; - SCTP protocol; - TLS protocol; - Wireless networking; - SoC audio core drivers; - USB sound devices; (CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074, CVE-2024-50061, CVE-2024-53068, CVE-2025-37925, CVE-2025-37968, CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335, CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681, CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693, CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894, CVE-2025-39902, CVE-2025-39920)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - HSI subsystem; - Bluetooth subsystem; - Timer subsystem; (CVE-2025-37838, CVE-2025-38118, CVE-2025-38352)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; - Network drivers; - AFS file system; - Ceph distributed file system; - Network file system (NFS) server daemon; - NILFS2 file system; - File systems infrastructure; - KVM subsystem; - L3 Master device support module; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Netfilter; - Open vSwitch; (CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935, CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179, CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083, CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791, CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-40018)

Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command did not correctly check for schema CREATE privileges. An authenticated attacker could possibly use this issue to create a denial of service against other CREATE STATISTICS users. (CVE-2025-12817) Aleksey Solovev discovered that the PostgreSQL libpq client library incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause libpq to crash, resulting in a denial of service. (CVE-2025-12818)