Ubuntu Security Advisories

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Drivers core; - Network block device driver; - Character device driver; - TPM device driver; - Clock framework and drivers; - FireWire subsystem; - GPU drivers; - HID subsystem; - I3C subsystem; - InfiniBand drivers; - IOMMU subsystem; - Media drivers; - NVIDIA Tegra memory controller driver; - Fastrpc Driver; - Network drivers; - Operating Performance Points (OPP) driver; - PCI subsystem; - x86 platform drivers; - PPS (Pulse Per Second) driver; - PTP clock framework; - Remote Processor subsystem; - Real Time Clock drivers; - SCSI subsystem; - QCOM SoC drivers; - Media staging drivers; - TTY drivers; - UFS subsystem; - USB Gadget drivers; - USB Host Controller drivers; - File systems infrastructure; - BTRFS file system; - F2FS file system; - NILFS2 file system; - SMB network file system; - UBI file system; - Timer subsystem; - KVM subsystem; - Networking core; - ptr_ring data structure definitions; - Networking subsytem; - Amateur Radio drivers; - XFRM subsystem; - Tracing infrastructure; - BPF subsystem; - Padata parallel execution mechanism; - printk logging mechanism; - Memory management; - Bluetooth subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - NFC subsystem; - Rose network layer; - RxRPC session sockets; - Network traffic control; - Landlock security; - Linux Security Modules (LSM) Framework; - Tomoyo security module; - SoC audio core drivers; (CVE-2024-58052, CVE-2025-21826, CVE-2025-21736, CVE-2025-21809, CVE-2025-21723, CVE-2024-57994, CVE-2025-21802, CVE-2024-58003, CVE-2024-58078, CVE-2025-21742, CVE-2025-21721, CVE-2024-57973, CVE-2025-21830, CVE-2025-21733, CVE-2025-21714, CVE-2024-58002, CVE-2025-21804, CVE-2025-21825, CVE-2024-58014, CVE-2024-58055, CVE-2025-21808, CVE-2024-57986, CVE-2024-57997, CVE-2024-57981, CVE-2025-21753, CVE-2025-21743, CVE-2025-37750, CVE-2024-57975, CVE-2025-21741, CVE-2025-21715, CVE-2025-21744, CVE-2025-21829, CVE-2025-21801, CVE-2025-21815, CVE-2024-58051, CVE-2024-58082, CVE-2024-58058, CVE-2024-58079, CVE-2024-58006, CVE-2024-58011, CVE-2025-21750, CVE-2024-57996, CVE-2025-21705, CVE-2024-58056, CVE-2024-58072, CVE-2025-21806, CVE-2024-57999, CVE-2025-21814, CVE-2024-58080, CVE-2024-57953, CVE-2025-37974, CVE-2025-21732, CVE-2024-58069, CVE-2024-58053, CVE-2024-58054, CVE-2025-21725, CVE-2025-21708, CVE-2025-21799, CVE-2024-57998, CVE-2024-57984, CVE-2025-21719, CVE-2024-58057, CVE-2024-57990, CVE-2024-57979, CVE-2025-21722, CVE-2025-21812, CVE-2024-58071, CVE-2024-57974, CVE-2024-58076, CVE-2024-57980, CVE-2024-58005, CVE-2024-58007, CVE-2024-58083, CVE-2025-21716, CVE-2025-21710, CVE-2025-21745, CVE-2024-58063, CVE-2024-58018, CVE-2024-57993, CVE-2024-49887, CVE-2025-21798, CVE-2024-58081, CVE-2025-21810, CVE-2024-58068, CVE-2024-58013, CVE-2025-21731, CVE-2024-57982, CVE-2025-21727, CVE-2025-21738, CVE-2025-21811, CVE-2024-58085, CVE-2025-21735, CVE-2025-21720, CVE-2025-21748, CVE-2025-21749, CVE-2024-58077, CVE-2025-21711, CVE-2025-21726, CVE-2025-21754, CVE-2024-58019, CVE-2025-21739, CVE-2024-58010, CVE-2024-58070, CVE-2025-21724, CVE-2024-58061, CVE-2025-21820, CVE-2025-21816, CVE-2025-21718, CVE-2024-58017, CVE-2025-21734, CVE-2025-21728, CVE-2024-58034, CVE-2024-58016, CVE-2024-58001, CVE-2025-21832, CVE-2025-21707, CVE-2025-21828)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PA-RISC architecture; - PowerPC architecture; - S390 architecture; - x86 architecture; - Compute Acceleration Framework; - Ublk userspace block driver; - Bluetooth drivers; - ARM SCMI message protocol; - GPU drivers; - IOMMU subsystem; - IRQ chip drivers; - Multiple devices driver; - Network drivers; - PCI subsystem; - PTP clock framework; - SPI subsystem; - BTRFS file system; - SMB network file system; - eXpress Data Path; - Universal MIDI packet (UMP) support module; - Tracing infrastructure; - Memory management; - IPv4 networking; - IPv6 networking; - Network traffic control; - AMD SoC Alsa drivers; - SoC Audio generic drivers; (CVE-2025-37901, CVE-2025-37990, CVE-2025-37891, CVE-2025-37918, CVE-2025-37930, CVE-2025-37909, CVE-2025-37906, CVE-2025-37913, CVE-2025-37927, CVE-2025-37922, CVE-2025-37899, CVE-2025-37894, CVE-2025-37934, CVE-2025-37911, CVE-2025-37912, CVE-2025-37933, CVE-2025-37924, CVE-2025-37900, CVE-2025-37907, CVE-2025-37974, CVE-2025-37928, CVE-2025-37914, CVE-2025-37905, CVE-2025-37921, CVE-2025-37919, CVE-2025-37915, CVE-2025-37910, CVE-2025-37903, CVE-2025-37936, CVE-2025-37904, CVE-2025-38216, CVE-2025-37923, CVE-2025-37931, CVE-2025-37895, CVE-2025-37917, CVE-2025-37926, CVE-2025-37916, CVE-2025-37935, CVE-2025-37898, CVE-2025-37897, CVE-2025-37929, CVE-2025-37908, CVE-2025-37946, CVE-2025-37896, CVE-2025-37920, CVE-2025-37991)

It was discovered that Sinatra incorrectly handled serving static files. An attacker could possibly use this issue to perform local file inclusion, obtaining sensitive information. (CVE-2022-29970) It was discovered that Sinatra incorrectly handled special characters in the Content-Disposition HTTP header. An attacker could possibly use this issue to perform a reflected file download attack, achieving remote code execution. (CVE-2022-45442)

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.

It was discovered that GDK-Pixbuf incorrectly handled certain GIF files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 25.04, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS. (CVE-2025-6199) It was discovered that GDK-Pixbuf incorrectly handled certain JPEG files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2025-7345)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - Serial ATA and Parallel ATA drivers; - Bluetooth drivers; - Bus devices; - CPU frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - HSI subsystem; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - MCB driver; - Multiple devices driver; - Media drivers; - Multifunction device drivers; - PCI Endpoint Test driver; - MTD block device drivers; - Network drivers; - Device tree and open firmware driver; - PCI subsystem; - TI SCI PM domains driver; - PWM drivers; - S/390 drivers; - SCSI subsystem; - Samsung SoC drivers; - TCM subsystem; - UFS subsystem; - Cadence USB3 driver; - ChipIdea USB driver; - USB Device Class drivers; - DesignWare USB3 driver; - USB Gadget drivers; - USB Type-C support driver; - USB Type-C Connector System Software Interface driver; - Backlight driver; - Framebuffer layer; - Xen hypervisor drivers; - BTRFS file system; - Ext4 file system; - F2FS file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - Proc file system; - SMB network file system; - Kernel stack handling interfaces; - Bluetooth subsystem; - Network traffic control; - SCTP protocol; - BPF subsystem; - Kernel command line parsing driver; - Tracing infrastructure; - Memory management; - 802.1Q VLAN protocol; - Networking core; - IPv6 networking; - MAC80211 subsystem; - Management Component Transport Protocol (MCTP); - Multipath TCP; - Netfilter; - Open vSwitch; - Phonet protocol; - TIPC protocol; - TLS protocol; - Virtio sound driver; - CPU Power monitoring subsystem; (CVE-2025-37767, CVE-2025-23151, CVE-2025-38005, CVE-2024-46816, CVE-2025-37812, CVE-2025-23159, CVE-2024-36908, CVE-2025-37930, CVE-2024-27402, CVE-2024-50125, CVE-2025-37881, CVE-2024-49989, CVE-2025-37964, CVE-2025-37739, CVE-2025-37792, CVE-2025-37742, CVE-2025-37875, CVE-2025-23144, CVE-2025-37836, CVE-2024-35866, CVE-2025-37738, CVE-2024-46774, CVE-2025-37817, CVE-2025-37781, CVE-2025-37757, CVE-2024-46751, CVE-2025-37867, CVE-2025-23158, CVE-2025-37885, CVE-2025-37756, CVE-2025-37788, CVE-2025-37994, CVE-2024-35867, CVE-2025-37905, CVE-2025-37883, CVE-2024-35943, CVE-2024-53128, CVE-2025-38009, CVE-2025-37940, CVE-2025-37992, CVE-2025-37796, CVE-2024-49960, CVE-2024-26686, CVE-2023-52757, CVE-2025-37841, CVE-2025-23148, CVE-2025-37851, CVE-2025-37808, CVE-2024-26739, CVE-2025-23161, CVE-2025-37859, CVE-2025-37839, CVE-2025-37982, CVE-2025-23142, CVE-2025-23140, CVE-2022-49168, CVE-2025-38024, CVE-2025-37949, CVE-2025-37790, CVE-2024-46742, CVE-2025-37780, CVE-2025-37911, CVE-2025-37840, CVE-2025-37768, CVE-2024-54458, CVE-2025-23150, CVE-2025-37969, CVE-2025-37749, CVE-2025-37995, CVE-2025-37789, CVE-2025-23146, CVE-2024-38541, CVE-2025-23163, CVE-2025-37770, CVE-2025-37871, CVE-2025-37740, CVE-2025-23157, CVE-2025-37741, CVE-2022-21546, CVE-2025-37909, CVE-2025-37991, CVE-2025-37913, CVE-2025-37803, CVE-2025-37797, CVE-2022-49063, CVE-2025-38023, CVE-2025-21839, CVE-2025-37811, CVE-2023-52572, CVE-2025-22027, CVE-2025-37765, CVE-2025-37892, CVE-2025-37810, CVE-2025-37914, CVE-2025-37850, CVE-2025-37858, CVE-2025-37794, CVE-2024-53203, CVE-2025-21853, CVE-2024-42322, CVE-2024-50258, CVE-2022-48893, CVE-2024-35790, CVE-2025-37787, CVE-2024-38540, CVE-2025-37915, CVE-2025-37819, CVE-2025-37838, CVE-2025-37998, CVE-2025-37771, CVE-2025-37983, CVE-2025-37844, CVE-2024-50272, CVE-2025-37824, CVE-2025-37857, CVE-2025-37970, CVE-2025-37989, CVE-2025-23156, CVE-2024-50280, CVE-2025-22062, CVE-2025-37985, CVE-2025-37829, CVE-2025-37927, CVE-2025-37766, CVE-2025-37862, CVE-2024-56751, CVE-2025-37990, CVE-2025-37923, CVE-2025-38094, CVE-2025-37830, CVE-2025-23145, CVE-2025-37805, CVE-2025-37823, CVE-2025-23147, CVE-2025-37773, CVE-2025-37758, CVE-2025-37912, CVE-2025-37967, CVE-2022-49535)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Drivers core; - Network block device driver; - Character device driver; - TPM device driver; - Clock framework and drivers; - FireWire subsystem; - GPU drivers; - HID subsystem; - I3C subsystem; - InfiniBand drivers; - IOMMU subsystem; - Media drivers; - NVIDIA Tegra memory controller driver; - Fastrpc Driver; - Network drivers; - Operating Performance Points (OPP) driver; - PCI subsystem; - x86 platform drivers; - PPS (Pulse Per Second) driver; - PTP clock framework; - Remote Processor subsystem; - Real Time Clock drivers; - SCSI subsystem; - QCOM SoC drivers; - Media staging drivers; - TTY drivers; - UFS subsystem; - USB Gadget drivers; - USB Host Controller drivers; - File systems infrastructure; - BTRFS file system; - F2FS file system; - NILFS2 file system; - SMB network file system; - UBI file system; - Timer subsystem; - KVM subsystem; - Networking core; - ptr_ring data structure definitions; - Networking subsytem; - Amateur Radio drivers; - XFRM subsystem; - Tracing infrastructure; - BPF subsystem; - Padata parallel execution mechanism; - printk logging mechanism; - Memory management; - Bluetooth subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - NFC subsystem; - Rose network layer; - RxRPC session sockets; - Network traffic control; - Landlock security; - Linux Security Modules (LSM) Framework; - Tomoyo security module; - SoC audio core drivers; (CVE-2024-58058, CVE-2024-57984, CVE-2025-21727, CVE-2025-21812, CVE-2024-58070, CVE-2024-57974, CVE-2025-21810, CVE-2025-21816, CVE-2024-58085, CVE-2025-21738, CVE-2024-58057, CVE-2025-21733, CVE-2024-58054, CVE-2024-57994, CVE-2025-21721, CVE-2024-57979, CVE-2025-21825, CVE-2025-37750, CVE-2025-21750, CVE-2025-21798, CVE-2024-58080, CVE-2024-58034, CVE-2025-21724, CVE-2025-21714, CVE-2025-21742, CVE-2025-21720, CVE-2024-58077, CVE-2025-21710, CVE-2024-58014, CVE-2024-58052, CVE-2024-57986, CVE-2024-58007, CVE-2024-58017, CVE-2025-21731, CVE-2024-58056, CVE-2025-21722, CVE-2025-21826, CVE-2024-58079, CVE-2024-58005, CVE-2025-21732, CVE-2025-21749, CVE-2024-57998, CVE-2024-58055, CVE-2025-21809, CVE-2025-21806, CVE-2025-21820, CVE-2024-58010, CVE-2025-21829, CVE-2025-21705, CVE-2024-58082, CVE-2024-58051, CVE-2024-57982, CVE-2025-21723, CVE-2024-58053, CVE-2024-57973, CVE-2024-58006, CVE-2025-21707, CVE-2024-58061, CVE-2025-21735, CVE-2025-21804, CVE-2024-58068, CVE-2024-57996, CVE-2025-21748, CVE-2024-57999, CVE-2024-58069, CVE-2024-57953, CVE-2025-21718, CVE-2024-49887, CVE-2025-21708, CVE-2024-58063, CVE-2024-58001, CVE-2025-21811, CVE-2025-21744, CVE-2025-21754, CVE-2025-21734, CVE-2025-21715, CVE-2024-57981, CVE-2025-21743, CVE-2024-57990, CVE-2024-58011, CVE-2025-21745, CVE-2024-58076, CVE-2024-58002, CVE-2024-57997, CVE-2025-21728, CVE-2025-21802, CVE-2025-21830, CVE-2025-21719, CVE-2025-21711, CVE-2024-57975, CVE-2025-37974, CVE-2025-21716, CVE-2024-58071, CVE-2024-58019, CVE-2025-21828, CVE-2025-21832, CVE-2025-21799, CVE-2025-21739, CVE-2024-58083, CVE-2025-21725, CVE-2024-58013, CVE-2025-21801, CVE-2025-21808, CVE-2024-58003, CVE-2025-21814, CVE-2024-58016, CVE-2024-58072, CVE-2024-57993, CVE-2024-58018, CVE-2025-21726, CVE-2024-57980, CVE-2024-58081, CVE-2024-58078, CVE-2025-21736, CVE-2025-21753, CVE-2025-21741, CVE-2025-21815)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PA-RISC architecture; - PowerPC architecture; - S390 architecture; - x86 architecture; - Compute Acceleration Framework; - Ublk userspace block driver; - Bluetooth drivers; - ARM SCMI message protocol; - GPU drivers; - IOMMU subsystem; - IRQ chip drivers; - Multiple devices driver; - Network drivers; - PCI subsystem; - PTP clock framework; - SPI subsystem; - BTRFS file system; - SMB network file system; - eXpress Data Path; - Universal MIDI packet (UMP) support module; - Tracing infrastructure; - Memory management; - IPv4 networking; - IPv6 networking; - Network traffic control; - AMD SoC Alsa drivers; - SoC Audio generic drivers; (CVE-2025-37974, CVE-2025-37931, CVE-2025-37990, CVE-2025-37921, CVE-2025-37917, CVE-2025-37908, CVE-2025-37906, CVE-2025-37896, CVE-2025-37919, CVE-2025-37909, CVE-2025-37934, CVE-2025-37897, CVE-2025-37912, CVE-2025-37923, CVE-2025-37904, CVE-2025-37894, CVE-2025-38216, CVE-2025-37930, CVE-2025-37935, CVE-2025-37910, CVE-2025-37933, CVE-2025-37916, CVE-2025-37907, CVE-2025-37913, CVE-2025-37905, CVE-2025-37918, CVE-2025-37915, CVE-2025-37927, CVE-2025-37991, CVE-2025-37929, CVE-2025-37924, CVE-2025-37920, CVE-2025-37901, CVE-2025-37900, CVE-2025-37922, CVE-2025-37898, CVE-2025-37946, CVE-2025-37914, CVE-2025-37936, CVE-2025-37926, CVE-2025-37899, CVE-2025-37895, CVE-2025-37903, CVE-2025-37911, CVE-2025-37891, CVE-2025-37928)

It was discovered that GoBGP did not properly manage memory under certain circumstances, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-46565) It was discovered that GoBGP did not properly verify the length of certain inputs. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2025-43970, CVE-2025-43971, CVE-2025-43972, CVE-2025-43973)

It was discovered that fdkaac did not correctly handle certain input. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-36148) It was discovered that fdkaac did not correctly handle certain memory operations. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-37781, CVE-2023-34823, CVE-2023-34824)

It was discovered Nokogiri did not correctly parse XML Schemas. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-26247) Agustin Gianni discovered that Nokogiri did not correctly parse XML and HTML files. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or leak sensitive information. (CVE-2022-29181)

It was discovered that Drupal incorrectly parsed untrusted HTML. A remote attacker could possibly use this issue to execute arbitrary code.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; (CVE-2025-38000, CVE-2025-37890, CVE-2025-38001, CVE-2025-37997, CVE-2025-37932)

It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could possibly use this issue to cause jq to crash, resulting in a denial of service. (CVE-2024-23337) It was discovered that jq incorrectly handled NaN values when parsing JSON data. A remote attacker could possibly use this issue to cause jq to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2024-53427) It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could use this issue to cause jq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-48060)

It was discovered that Erlang OTP’s SSH module incorrectly enforced strict KEX handshake hardening measures. A remote attacker able to intercept communications could possibly use this issue to insert optional messages into connections during the handshake. (CVE-2025-46712) It was discovered that Erlang OTP incorrectly handled ZIP archives. If a user or automated system were tricked into opening a specially crafted ZIP archive, a remote attacker could possibly use this issue to overwrite arbitrary files outside of the intended directory. (CVE-2025-4748)

USN-6885-1 fixed vulnerabilities in Apache. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions. (CVE-2024-38474, CVE-2024-38475)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Drivers core; - Network block device driver; - Character device driver; - TPM device driver; - Clock framework and drivers; - FireWire subsystem; - GPU drivers; - HID subsystem; - I3C subsystem; - InfiniBand drivers; - IOMMU subsystem; - Media drivers; - NVIDIA Tegra memory controller driver; - Fastrpc Driver; - Network drivers; - Operating Performance Points (OPP) driver; - PCI subsystem; - x86 platform drivers; - PPS (Pulse Per Second) driver; - PTP clock framework; - Remote Processor subsystem; - Real Time Clock drivers; - SCSI subsystem; - QCOM SoC drivers; - Media staging drivers; - TTY drivers; - UFS subsystem; - USB Gadget drivers; - USB Host Controller drivers; - File systems infrastructure; - BTRFS file system; - F2FS file system; - NILFS2 file system; - SMB network file system; - UBI file system; - Timer subsystem; - KVM subsystem; - Networking core; - ptr_ring data structure definitions; - Networking subsytem; - Amateur Radio drivers; - XFRM subsystem; - Tracing infrastructure; - BPF subsystem; - Padata parallel execution mechanism; - printk logging mechanism; - Memory management; - Bluetooth subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - NFC subsystem; - Rose network layer; - RxRPC session sockets; - Network traffic control; - Landlock security; - Linux Security Modules (LSM) Framework; - Tomoyo security module; - SoC audio core drivers; (CVE-2024-57980, CVE-2024-57999, CVE-2025-21727, CVE-2024-58058, CVE-2024-58052, CVE-2025-21739, CVE-2025-21722, CVE-2024-58072, CVE-2025-21748, CVE-2024-57993, CVE-2024-58003, CVE-2024-58077, CVE-2025-21734, CVE-2024-58070, CVE-2025-21719, CVE-2024-58006, CVE-2025-21826, CVE-2024-58061, CVE-2025-21745, CVE-2025-21715, CVE-2024-58078, CVE-2025-21829, CVE-2024-49887, CVE-2025-21742, CVE-2025-21721, CVE-2025-21724, CVE-2025-21828, CVE-2025-21814, CVE-2025-21801, CVE-2024-57953, CVE-2024-58081, CVE-2024-58080, CVE-2025-21753, CVE-2025-21732, CVE-2025-21811, CVE-2025-37974, CVE-2024-58068, CVE-2024-58010, CVE-2024-58011, CVE-2024-58085, CVE-2025-21714, CVE-2025-21705, CVE-2025-21735, CVE-2024-58001, CVE-2024-58082, CVE-2024-58055, CVE-2025-21743, CVE-2025-21716, CVE-2024-57998, CVE-2025-21731, CVE-2024-58017, CVE-2024-58053, CVE-2025-21808, CVE-2024-57997, CVE-2024-58016, CVE-2024-58076, CVE-2025-21710, CVE-2025-21738, CVE-2025-21809, CVE-2025-21733, CVE-2025-21810, CVE-2024-57996, CVE-2024-58005, CVE-2025-21720, CVE-2025-21728, CVE-2024-58054, CVE-2024-58057, CVE-2025-21725, CVE-2025-21812, CVE-2025-21830, CVE-2024-58014, CVE-2025-21832, CVE-2024-58002, CVE-2025-21802, CVE-2024-57986, CVE-2025-21749, CVE-2024-58018, CVE-2024-57984, CVE-2025-21736, CVE-2024-58079, CVE-2024-58034, CVE-2024-57973, CVE-2024-57974, CVE-2025-21718, CVE-2025-21723, CVE-2024-58019, CVE-2025-21820, CVE-2024-58013, CVE-2025-21707, CVE-2024-58071, CVE-2025-21711, CVE-2024-58056, CVE-2024-58007, CVE-2024-58051, CVE-2025-21815, CVE-2024-57982, CVE-2025-21799, CVE-2025-21754, CVE-2025-21708, CVE-2025-21798, CVE-2024-57979, CVE-2024-57981, CVE-2024-58069, CVE-2025-21744, CVE-2025-21741, CVE-2024-58063, CVE-2024-58083, CVE-2024-57994, CVE-2025-21804, CVE-2025-21825, CVE-2024-57990, CVE-2025-21726, CVE-2025-21806, CVE-2024-57975, CVE-2025-21750, CVE-2025-21816, CVE-2025-37750)

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. (CVE-2025-2312) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - HSI subsystem; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - MCB driver; - Multiple devices driver; - Media drivers; - MemoryStick subsystem; - Multifunction device drivers; - PCI Endpoint Test driver; - MTD block device drivers; - Network drivers; - Mellanox network drivers; - NTB driver; - Device tree and open firmware driver; - PCI subsystem; - TI SCI PM domains driver; - PWM drivers; - Voltage and Current Regulator drivers; - Remote Processor subsystem; - S/390 drivers; - SCSI subsystem; - QCOM SoC drivers; - Samsung SoC drivers; - TCM subsystem; - Thermal drivers; - UFS subsystem; - Cadence USB3 driver; - ChipIdea USB driver; - USB Device Class drivers; - DesignWare USB3 driver; - USB Gadget drivers; - USB Type-C support driver; - USB Type-C Connector System Software Interface driver; - Backlight driver; - Framebuffer layer; - Xen hypervisor drivers; - BTRFS file system; - Ext4 file system; - F2FS file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NTFS3 file system; - Proc file system; - SMB network file system; - Kernel stack handling interfaces; - Bluetooth subsystem; - IPv6 networking; - Network traffic control; - SCTP protocol; - RDMA verbs API; - SoC audio core drivers; - BPF subsystem; - Kernel command line parsing driver; - Tracing infrastructure; - Watch queue notification mechanism; - Memory management; - 802.1Q VLAN protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Networking core; - IPv4 networking; - MAC80211 subsystem; - Management Component Transport Protocol (MCTP); - Multipath TCP; - Netfilter; - Open vSwitch; - Phonet protocol; - SMC sockets; - Sun RPC protocol; - TIPC protocol; - TLS protocol; - SoC Audio for Freescale CPUs drivers; - Virtio sound driver; - CPU Power monitoring subsystem; (CVE-2025-37989, CVE-2025-22071, CVE-2025-37808, CVE-2025-37983, CVE-2025-38001, CVE-2024-46816, CVE-2024-50125, CVE-2025-38575, CVE-2025-37766, CVE-2022-49168, CVE-2025-22025, CVE-2025-22035, CVE-2025-37923, CVE-2024-49989, CVE-2025-23148, CVE-2024-53051, CVE-2025-39728, CVE-2025-21956, CVE-2025-37741, CVE-2025-37970, CVE-2025-37798, CVE-2025-23157, CVE-2025-38177, CVE-2022-49535, CVE-2025-22027, CVE-2025-37756, CVE-2025-38023, CVE-2025-22066, CVE-2025-37780, CVE-2025-37995, CVE-2025-37739, CVE-2025-37932, CVE-2025-37982, CVE-2025-37812, CVE-2025-23156, CVE-2025-38005, CVE-2025-21839, CVE-2025-37892, CVE-2025-22073, CVE-2024-35866, CVE-2023-52757, CVE-2025-37785, CVE-2025-23150, CVE-2024-58093, CVE-2025-21992, CVE-2025-37905, CVE-2025-37836, CVE-2025-21964, CVE-2025-23140, CVE-2025-22056, CVE-2025-37915, CVE-2025-22054, CVE-2025-37859, CVE-2025-22050, CVE-2025-37811, CVE-2024-38540, CVE-2025-37794, CVE-2025-37839, CVE-2022-21546, CVE-2025-22089, CVE-2025-22079, CVE-2024-56751, CVE-2025-37789, CVE-2025-37790, CVE-2025-23159, CVE-2025-22097, CVE-2025-37883, CVE-2025-37829, CVE-2023-52572, CVE-2025-21962, CVE-2025-37823, CVE-2024-53203, CVE-2025-38000, CVE-2025-38152, CVE-2025-37771, CVE-2025-39735, CVE-2025-37992, CVE-2025-37937, CVE-2025-22081, CVE-2024-35943, CVE-2025-37803, CVE-2025-37940, CVE-2025-22005, CVE-2025-22014, CVE-2025-37742, CVE-2022-49063, CVE-2025-37890, CVE-2025-37969, CVE-2025-37788, CVE-2022-48893, CVE-2025-23161, CVE-2024-46753, CVE-2025-21853, CVE-2025-37817, CVE-2022-49636, CVE-2025-37985, CVE-2025-37787, CVE-2025-37810, CVE-2025-22008, CVE-2025-37824, CVE-2025-37765, CVE-2025-23145, CVE-2025-37830, CVE-2025-37913, CVE-2025-37881, CVE-2025-37967, CVE-2025-37912, CVE-2024-42230, CVE-2024-46821, CVE-2024-56608, CVE-2025-37805, CVE-2025-37838, CVE-2025-38637, CVE-2025-38024, CVE-2025-23138, CVE-2025-37949, CVE-2024-46751, CVE-2025-22007, CVE-2025-37844, CVE-2024-46812, CVE-2025-37889, CVE-2023-53034, CVE-2025-37927, CVE-2025-37998, CVE-2024-42322, CVE-2024-50280, CVE-2025-22086, CVE-2025-21963, CVE-2024-50272, CVE-2024-54458, CVE-2024-36908, CVE-2025-22062, CVE-2025-37994, CVE-2025-22044, CVE-2025-22018, CVE-2025-22010, CVE-2024-49960, CVE-2025-37768, CVE-2025-37911, CVE-2025-22060, CVE-2025-37781, CVE-2024-26686, CVE-2024-50047, CVE-2025-37850, CVE-2024-46742, CVE-2025-37797, CVE-2025-37767, CVE-2025-23136, CVE-2025-23158, CVE-2025-37792, CVE-2025-37749, CVE-2025-38009, CVE-2024-35867, CVE-2025-37885, CVE-2025-37914, CVE-2024-46774, CVE-2025-38094, CVE-2025-23163, CVE-2024-38541, CVE-2025-37819, CVE-2025-22020, CVE-2025-37857, CVE-2025-21975, CVE-2024-53144, CVE-2025-21991, CVE-2025-37867, CVE-2025-37930, CVE-2025-37796, CVE-2025-21968, CVE-2025-22075, CVE-2025-37997, CVE-2025-22063, CVE-2025-37840, CVE-2025-37909, CVE-2025-22045, CVE-2024-46787, CVE-2025-37738, CVE-2025-22055, CVE-2025-37862, CVE-2024-56664, CVE-2025-21959, CVE-2025-22004, CVE-2024-50258, CVE-2025-23146, CVE-2025-22021, CVE-2025-21994, CVE-2025-21957, CVE-2025-37758, CVE-2024-26739, CVE-2025-37858, CVE-2025-37757, CVE-2025-23142, CVE-2025-23151, CVE-2025-21996, CVE-2025-21970, CVE-2025-37770, CVE-2024-35790, CVE-2025-37773, CVE-2025-37990, CVE-2025-21941, CVE-2025-21999, CVE-2024-53128, CVE-2025-37851, CVE-2025-23147, CVE-2025-37964, CVE-2025-37841, CVE-2025-37875, CVE-2024-53168, CVE-2022-49728, CVE-2025-23144, CVE-2025-37991, CVE-2024-56551, CVE-2025-21981, CVE-2024-27402, CVE-2025-37740, CVE-2024-36945)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - Serial ATA and Parallel ATA drivers; - Bluetooth drivers; - Bus devices; - CPU frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - HSI subsystem; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - MCB driver; - Multiple devices driver; - Media drivers; - Multifunction device drivers; - PCI Endpoint Test driver; - MTD block device drivers; - Network drivers; - Device tree and open firmware driver; - PCI subsystem; - TI SCI PM domains driver; - PWM drivers; - S/390 drivers; - SCSI subsystem; - Samsung SoC drivers; - TCM subsystem; - UFS subsystem; - Cadence USB3 driver; - ChipIdea USB driver; - USB Device Class drivers; - DesignWare USB3 driver; - USB Gadget drivers; - USB Type-C support driver; - USB Type-C Connector System Software Interface driver; - Backlight driver; - Framebuffer layer; - Xen hypervisor drivers; - BTRFS file system; - Ext4 file system; - F2FS file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - Proc file system; - SMB network file system; - Kernel stack handling interfaces; - Bluetooth subsystem; - Network traffic control; - SCTP protocol; - BPF subsystem; - Kernel command line parsing driver; - Tracing infrastructure; - Memory management; - 802.1Q VLAN protocol; - Networking core; - IPv6 networking; - MAC80211 subsystem; - Management Component Transport Protocol (MCTP); - Multipath TCP; - Netfilter; - Open vSwitch; - Phonet protocol; - TIPC protocol; - TLS protocol; - Virtio sound driver; - CPU Power monitoring subsystem; (CVE-2022-49535, CVE-2025-37773, CVE-2025-37982, CVE-2025-37990, CVE-2025-37859, CVE-2025-37765, CVE-2025-37768, CVE-2025-23142, CVE-2025-37911, CVE-2024-56751, CVE-2025-37767, CVE-2025-37940, CVE-2024-50272, CVE-2025-37858, CVE-2025-38094, CVE-2025-37905, CVE-2025-37994, CVE-2025-38024, CVE-2024-26686, CVE-2025-37992, CVE-2025-37983, CVE-2025-23157, CVE-2025-37867, CVE-2025-37771, CVE-2025-38005, CVE-2025-37989, CVE-2025-37991, CVE-2025-37796, CVE-2025-23151, CVE-2025-37738, CVE-2025-37790, CVE-2023-52757, CVE-2025-37949, CVE-2025-37969, CVE-2025-37823, CVE-2023-52572, CVE-2025-37844, CVE-2024-46816, CVE-2025-37851, CVE-2024-53128, CVE-2025-37927, CVE-2025-23147, CVE-2025-37930, CVE-2024-49989, CVE-2022-49168, CVE-2025-37794, CVE-2025-37998, CVE-2025-37810, CVE-2024-46751, CVE-2025-37995, CVE-2025-37742, CVE-2025-37883, CVE-2024-46742, CVE-2024-54458, CVE-2025-37964, CVE-2025-38023, CVE-2025-37780, CVE-2022-49063, CVE-2025-37740, CVE-2025-37915, CVE-2025-37850, CVE-2025-37758, CVE-2025-23159, CVE-2024-50258, CVE-2025-37811, CVE-2025-37885, CVE-2025-23158, CVE-2025-37787, CVE-2025-37792, CVE-2025-23144, CVE-2025-37805, CVE-2025-21853, CVE-2025-23145, CVE-2025-37803, CVE-2025-37739, CVE-2025-37749, CVE-2025-37841, CVE-2022-21546, CVE-2025-37923, CVE-2025-22027, CVE-2025-37836, CVE-2022-48893, CVE-2025-37797, CVE-2025-23161, CVE-2024-50125, CVE-2025-37857, CVE-2025-23163, CVE-2024-49960, CVE-2025-37808, CVE-2025-37766, CVE-2025-23140, CVE-2025-23150, CVE-2025-22062, CVE-2025-23148, CVE-2025-37875, CVE-2025-37819, CVE-2025-37817, CVE-2025-37824, CVE-2024-35867, CVE-2025-37781, CVE-2024-35790, CVE-2025-21839, CVE-2025-37829, CVE-2025-37788, CVE-2024-35943, CVE-2025-37892, CVE-2024-38540, CVE-2025-37830, CVE-2025-37757, CVE-2025-37871, CVE-2024-26739, CVE-2024-27402, CVE-2025-37756, CVE-2024-46774, CVE-2025-37914, CVE-2024-50280, CVE-2025-37909, CVE-2025-37812, CVE-2024-53203, CVE-2025-37912, CVE-2025-38009, CVE-2024-38541, CVE-2025-37881, CVE-2025-37838, CVE-2024-35866, CVE-2025-37789, CVE-2025-37913, CVE-2025-37985, CVE-2025-37970, CVE-2025-37840, CVE-2025-37770, CVE-2025-37862, CVE-2025-23156, CVE-2025-37967, CVE-2025-37741, CVE-2024-36908, CVE-2024-42322, CVE-2025-23146, CVE-2025-37839)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - Serial ATA and Parallel ATA drivers; - Bluetooth drivers; - Bus devices; - CPU frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - HSI subsystem; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - MCB driver; - Multiple devices driver; - Media drivers; - Multifunction device drivers; - PCI Endpoint Test driver; - MTD block device drivers; - Network drivers; - Device tree and open firmware driver; - PCI subsystem; - TI SCI PM domains driver; - PWM drivers; - S/390 drivers; - SCSI subsystem; - Samsung SoC drivers; - TCM subsystem; - UFS subsystem; - Cadence USB3 driver; - ChipIdea USB driver; - USB Device Class drivers; - DesignWare USB3 driver; - USB Gadget drivers; - USB Type-C support driver; - USB Type-C Connector System Software Interface driver; - Backlight driver; - Framebuffer layer; - Xen hypervisor drivers; - BTRFS file system; - Ext4 file system; - F2FS file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - Proc file system; - SMB network file system; - Kernel stack handling interfaces; - Bluetooth subsystem; - Network traffic control; - SCTP protocol; - BPF subsystem; - Kernel command line parsing driver; - Tracing infrastructure; - Memory management; - 802.1Q VLAN protocol; - Networking core; - IPv6 networking; - MAC80211 subsystem; - Management Component Transport Protocol (MCTP); - Multipath TCP; - Netfilter; - Open vSwitch; - Phonet protocol; - TIPC protocol; - TLS protocol; - Virtio sound driver; - CPU Power monitoring subsystem; (CVE-2025-38024, CVE-2025-37787, CVE-2025-37741, CVE-2024-53128, CVE-2024-27402, CVE-2025-37794, CVE-2024-50280, CVE-2025-23146, CVE-2025-37862, CVE-2025-23151, CVE-2025-38023, CVE-2025-37797, CVE-2025-23140, CVE-2024-35866, CVE-2025-37940, CVE-2025-37738, CVE-2025-37905, CVE-2025-37766, CVE-2024-53203, CVE-2024-50125, CVE-2025-37995, CVE-2025-37949, CVE-2025-37915, CVE-2025-37839, CVE-2025-37812, CVE-2025-37857, CVE-2024-38541, CVE-2025-38094, CVE-2025-37789, CVE-2025-37867, CVE-2025-37770, CVE-2025-37927, CVE-2025-22062, CVE-2025-37805, CVE-2025-37841, CVE-2025-37970, CVE-2025-37913, CVE-2025-37859, CVE-2025-37830, CVE-2025-37780, CVE-2025-37994, CVE-2025-37840, CVE-2025-37967, CVE-2025-21853, CVE-2025-37790, CVE-2025-37914, CVE-2025-37982, CVE-2025-37808, CVE-2025-37740, CVE-2025-37803, CVE-2025-22027, CVE-2025-37765, CVE-2024-54458, CVE-2025-37912, CVE-2025-23161, CVE-2025-23159, CVE-2025-37875, CVE-2024-46774, CVE-2025-37991, CVE-2025-21839, CVE-2024-46751, CVE-2025-37998, CVE-2025-37810, CVE-2023-52757, CVE-2025-37851, CVE-2025-37749, CVE-2025-37871, CVE-2025-37792, CVE-2025-37757, CVE-2024-46816, CVE-2023-52572, CVE-2025-23150, CVE-2025-37923, CVE-2025-37964, CVE-2025-37892, CVE-2025-37989, CVE-2025-23142, CVE-2025-38009, CVE-2025-37767, CVE-2025-37911, CVE-2024-35943, CVE-2025-37844, CVE-2025-23158, CVE-2025-37796, CVE-2022-21546, CVE-2025-37829, CVE-2024-50272, CVE-2022-49063, CVE-2025-37969, CVE-2024-26686, CVE-2024-49989, CVE-2024-56751, CVE-2025-37742, CVE-2022-48893, CVE-2024-46742, CVE-2025-23157, CVE-2025-37781, CVE-2024-50258, CVE-2025-23148, CVE-2025-37983, CVE-2025-37771, CVE-2025-23144, CVE-2025-37858, CVE-2024-49960, CVE-2025-23163, CVE-2025-37881, CVE-2025-37883, CVE-2025-37773, CVE-2025-37836, CVE-2025-23156, CVE-2025-37885, CVE-2025-37811, CVE-2025-37758, CVE-2025-23147, CVE-2025-37788, CVE-2022-49535, CVE-2025-23145, CVE-2025-38005, CVE-2025-37930, CVE-2025-37990, CVE-2025-37768, CVE-2025-37819, CVE-2025-37824, CVE-2025-37909, CVE-2024-42322, CVE-2025-37850, CVE-2024-36908, CVE-2025-37838, CVE-2025-37823, CVE-2024-35867, CVE-2025-37756, CVE-2025-37817, CVE-2024-38540, CVE-2025-37992, CVE-2025-37739, CVE-2022-49168, CVE-2025-37985, CVE-2024-35790, CVE-2024-26739)