Ubuntu Security Advisories

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Ublk userspace block driver; - Bus devices; - DMA engine subsystem; - Arm Firmware Framework for ARMv8-A(FFA); - Cirrus firmware drivers; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - TI TPS6594 PFSM driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - NVME drivers; - x86 platform drivers; - RapidIO drivers; - Voltage and Current Regulator drivers; - Remote Processor subsystem; - S/390 drivers; - SCSI subsystem; - TCM subsystem; - Trusted Execution Environment drivers; - TTY drivers; - ChipIdea USB driver; - USB Type-C support driver; - Framebuffer layer; - TSM Common Guest driver; - File systems infrastructure; - BTRFS file system; - Ceph distributed file system; - Ext4 file system; - F2FS file system; - JFFS2 file system; - JFS file system; - Network file systems library; - Network file system (NFS) client; - Network file system (NFS) server daemon; - SMB network file system; - Memory Management; - Bluetooth subsystem; - Tracing infrastructure; - io_uring subsystem; - IPC subsystem; - BPF subsystem; - Perf events; - Kernel exit() syscall; - IRQ subsystem; - Scheduler infrastructure; - Maple Tree data structure library; - Memory management; - Asynchronous Transfer Mode (ATM) subsystem; - Ethernet bridge; - Networking core; - IPv6 networking; - MultiProtocol Label Switching driver; - Netfilter; - NFC subsystem; - Rose network layer; - Network traffic control; - Sun RPC protocol; - TIPC protocol; - TLS protocol; - Unix domain sockets; - VMware vSockets driver; - WCD audio codecs; - USB sound devices; (CVE-2025-38217, CVE-2025-38259, CVE-2025-38257, CVE-2025-38388, CVE-2025-38258, CVE-2025-38086, CVE-2025-38416, CVE-2025-38428, CVE-2025-38368, CVE-2025-38233, CVE-2025-38391, CVE-2025-38364, CVE-2025-38328, CVE-2025-38417, CVE-2025-38228, CVE-2025-38413, CVE-2025-38360, CVE-2025-38248, CVE-2025-38346, CVE-2025-38197, CVE-2025-38179, CVE-2025-38186, CVE-2025-38356, CVE-2025-38371, CVE-2025-38231, CVE-2025-38249, CVE-2025-38334, CVE-2025-38325, CVE-2025-38353, CVE-2025-38422, CVE-2025-38387, CVE-2025-38225, CVE-2025-38224, CVE-2025-38400, CVE-2025-38245, CVE-2025-38411, CVE-2025-38205, CVE-2025-38362, CVE-2025-38200, CVE-2025-38250, CVE-2025-38541, CVE-2025-38326, CVE-2025-38342, CVE-2025-38208, CVE-2025-38261, CVE-2025-38407, CVE-2025-38202, CVE-2025-38331, CVE-2025-38189, CVE-2025-38090, CVE-2025-38184, CVE-2025-38255, CVE-2025-38419, CVE-2025-38340, CVE-2025-38383, CVE-2025-38423, CVE-2025-38332, CVE-2025-38246, CVE-2025-38429, CVE-2025-38410, CVE-2025-38396, CVE-2025-38262, CVE-2025-38191, CVE-2025-38420, CVE-2025-38226, CVE-2025-38341, CVE-2025-38199, CVE-2025-38085, CVE-2025-38188, CVE-2025-38253, CVE-2025-38182, CVE-2025-38087, CVE-2025-38203, CVE-2025-38194, CVE-2025-38227, CVE-2025-38365, CVE-2025-38238, CVE-2025-38201, CVE-2025-38196, CVE-2025-38232, CVE-2025-38361, CVE-2025-38392, CVE-2025-38254, CVE-2025-38370, CVE-2025-38192, CVE-2025-38229, CVE-2025-38241, CVE-2025-38222, CVE-2025-38337, CVE-2025-38343, CVE-2025-38321, CVE-2025-38183, CVE-2025-38381, CVE-2025-38354, CVE-2025-38234, CVE-2025-38385, CVE-2025-38239, CVE-2025-38218, CVE-2025-38426, CVE-2025-38330, CVE-2025-38427, CVE-2025-38523, CVE-2025-38260, CVE-2025-38425, CVE-2025-38320, CVE-2025-38424, CVE-2025-38372, CVE-2025-38412, CVE-2025-38434, CVE-2025-38089, CVE-2025-38322, CVE-2025-38236, CVE-2025-38339, CVE-2025-38237, CVE-2025-38386, CVE-2025-38395, CVE-2025-38431, CVE-2025-38329, CVE-2025-38436, CVE-2025-38369, CVE-2025-38405, CVE-2025-38204, CVE-2025-38374, CVE-2025-38263, CVE-2025-38181, CVE-2025-38363, CVE-2025-38084, CVE-2025-38206, CVE-2025-38359, CVE-2025-38347, CVE-2025-38421, CVE-2025-38418, CVE-2025-38375, CVE-2025-38389, CVE-2025-38373, CVE-2025-38403, CVE-2025-38348, CVE-2025-38399, CVE-2025-38242, CVE-2025-38393, CVE-2025-38336, CVE-2025-38264, CVE-2025-38408, CVE-2025-38384, CVE-2025-38406, CVE-2025-38382, CVE-2025-38211, CVE-2025-38220, CVE-2025-38376, CVE-2025-38401, CVE-2025-38344, CVE-2025-38223, CVE-2025-38251, CVE-2025-38324, CVE-2025-38402, CVE-2025-38198, CVE-2025-38210, CVE-2025-38377, CVE-2025-38345, CVE-2025-38219, CVE-2025-39682, CVE-2025-38355, CVE-2025-38333, CVE-2025-38338, CVE-2025-38256, CVE-2025-38390, CVE-2025-38435, CVE-2025-38430, CVE-2025-38409, CVE-2025-38212)

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Ublk userspace block driver; - Bus devices; - DMA engine subsystem; - Arm Firmware Framework for ARMv8-A(FFA); - Cirrus firmware drivers; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - TI TPS6594 PFSM driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - NVME drivers; - x86 platform drivers; - RapidIO drivers; - Voltage and Current Regulator drivers; - Remote Processor subsystem; - S/390 drivers; - SCSI subsystem; - TCM subsystem; - Trusted Execution Environment drivers; - TTY drivers; - ChipIdea USB driver; - USB Type-C support driver; - Framebuffer layer; - TSM Common Guest driver; - File systems infrastructure; - BTRFS file system; - Ceph distributed file system; - Ext4 file system; - F2FS file system; - JFFS2 file system; - JFS file system; - Network file systems library; - Network file system (NFS) client; - Network file system (NFS) server daemon; - SMB network file system; - Memory Management; - Bluetooth subsystem; - Tracing infrastructure; - io_uring subsystem; - IPC subsystem; - BPF subsystem; - Perf events; - Kernel exit() syscall; - IRQ subsystem; - Scheduler infrastructure; - Maple Tree data structure library; - Memory management; - Asynchronous Transfer Mode (ATM) subsystem; - Ethernet bridge; - Networking core; - IPv6 networking; - MultiProtocol Label Switching driver; - Netfilter; - NFC subsystem; - Rose network layer; - Network traffic control; - Sun RPC protocol; - TIPC protocol; - TLS protocol; - Unix domain sockets; - VMware vSockets driver; - WCD audio codecs; - USB sound devices; (CVE-2025-38339, CVE-2025-38391, CVE-2025-38262, CVE-2025-38345, CVE-2025-38387, CVE-2025-38373, CVE-2025-38395, CVE-2025-38330, CVE-2025-38425, CVE-2025-38210, CVE-2025-38206, CVE-2025-38219, CVE-2025-38245, CVE-2025-38253, CVE-2025-38401, CVE-2025-38410, CVE-2025-38086, CVE-2025-38340, CVE-2025-38368, CVE-2025-38385, CVE-2025-38384, CVE-2025-38326, CVE-2025-38224, CVE-2025-38338, CVE-2025-38191, CVE-2025-39682, CVE-2025-38343, CVE-2025-38090, CVE-2025-38228, CVE-2025-38182, CVE-2025-38231, CVE-2025-38183, CVE-2025-38184, CVE-2025-38237, CVE-2025-38413, CVE-2025-38356, CVE-2025-38246, CVE-2025-38202, CVE-2025-38248, CVE-2025-38254, CVE-2025-38426, CVE-2025-38429, CVE-2025-38364, CVE-2025-38388, CVE-2025-38435, CVE-2025-38403, CVE-2025-38186, CVE-2025-38199, CVE-2025-38402, CVE-2025-38181, CVE-2025-38264, CVE-2025-38362, CVE-2025-38341, CVE-2025-38422, CVE-2025-38331, CVE-2025-38423, CVE-2025-38233, CVE-2025-38337, CVE-2025-38328, CVE-2025-38196, CVE-2025-38412, CVE-2025-38205, CVE-2025-38242, CVE-2025-38324, CVE-2025-38354, CVE-2025-38347, CVE-2025-38217, CVE-2025-38393, CVE-2025-38392, CVE-2025-38390, CVE-2025-38321, CVE-2025-38541, CVE-2025-38363, CVE-2025-38203, CVE-2025-38250, CVE-2025-38418, CVE-2025-38336, CVE-2025-38333, CVE-2025-38194, CVE-2025-38372, CVE-2025-38348, CVE-2025-38370, CVE-2025-38411, CVE-2025-38188, CVE-2025-38365, CVE-2025-38241, CVE-2025-38201, CVE-2025-38259, CVE-2025-38355, CVE-2025-38227, CVE-2025-38225, CVE-2025-38405, CVE-2025-38329, CVE-2025-38232, CVE-2025-38344, CVE-2025-38238, CVE-2025-38239, CVE-2025-38260, CVE-2025-38257, CVE-2025-38399, CVE-2025-38419, CVE-2025-38430, CVE-2025-38251, CVE-2025-38332, CVE-2025-38220, CVE-2025-38417, CVE-2025-38396, CVE-2025-38234, CVE-2025-38434, CVE-2025-38197, CVE-2025-38436, CVE-2025-38408, CVE-2025-38204, CVE-2025-38222, CVE-2025-38361, CVE-2025-38218, CVE-2025-38212, CVE-2025-38198, CVE-2025-38255, CVE-2025-38389, CVE-2025-38085, CVE-2025-38244, CVE-2025-38089, CVE-2025-38428, CVE-2025-38369, CVE-2025-38189, CVE-2025-38084, CVE-2025-38400, CVE-2025-38382, CVE-2025-38223, CVE-2025-38325, CVE-2025-38263, CVE-2025-38249, CVE-2025-38346, CVE-2025-38320, CVE-2025-38409, CVE-2025-38374, CVE-2025-38208, CVE-2025-38256, CVE-2025-38371, CVE-2025-38192, CVE-2025-38406, CVE-2025-38360, CVE-2025-38258, CVE-2025-38226, CVE-2025-38376, CVE-2025-38375, CVE-2025-38200, CVE-2025-38523, CVE-2025-38334, CVE-2025-38236, CVE-2025-38386, CVE-2025-38421, CVE-2025-38087, CVE-2025-38416, CVE-2025-38179, CVE-2025-38420, CVE-2025-38424, CVE-2025-38377, CVE-2025-38359, CVE-2025-38342, CVE-2025-38431, CVE-2025-38407, CVE-2025-38427, CVE-2025-38229, CVE-2025-38353, CVE-2025-38383, CVE-2025-38211, CVE-2025-38322, CVE-2025-38381, CVE-2025-38261)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - Ext4 file system; - Network file system (NFS) server daemon; - SMB network file system; - Bluetooth subsystem; - Packet sockets; - Network traffic control; - VMware vSockets driver; (CVE-2025-38350, CVE-2024-57996, CVE-2025-37752, CVE-2025-38617, CVE-2025-38477, CVE-2025-38083, CVE-2024-38541, CVE-2023-52757, CVE-2023-52975, CVE-2025-38618, CVE-2024-49950, CVE-2024-50073, CVE-2025-37785, CVE-2025-21796, CVE-2025-38683, CVE-2025-37797)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Virtio block driver; - Media drivers; - Network drivers; - Framebuffer layer; - BTRFS file system; - Ext4 file system; - Network file system (NFS) server daemon; - Packet sockets; - VMware vSockets driver; (CVE-2025-38618, CVE-2024-35849, CVE-2025-37785, CVE-2024-49924, CVE-2025-38617, CVE-2024-27078, CVE-2021-47149, CVE-2021-47319, CVE-2025-21796, CVE-2021-47589)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - SMB network file system; - Bluetooth subsystem; - Network traffic control; (CVE-2025-38350, CVE-2023-52975, CVE-2024-50073, CVE-2024-57996, CVE-2024-49950, CVE-2024-38541, CVE-2025-37752, CVE-2023-52757, CVE-2025-38083, CVE-2025-37797)

It was discovered that Erlang incorrectly handled resource allocation and consumption in the SFTP SSH module. An attacker could possibly use this issue cause Erlang to consume excessive resources, leading to a denial of service.

It was discovered that FFmpeg incorrectly handled the return values of functions in its Firequalizer filter and in the HTTP Live Streaming (HLS) implementation, leading to a NULL pointer dereference. If a user was tricked into loading a crafted media file, a remote attacker could possibly use this issue to make FFmpeg crash, resulting in a denial of service. (CVE-2023-6603, CVE-2025-10256) It was discovered that FFmpeg did not enforce an input format before triggering the HTTP demuxer. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-6605) It was discovered that FFmpeg incorrectly handled memory allocation in the ALS audio decoder. If a user was tricked into loading a crafted media file, a remote attacker could possibly use this issue to make FFmpeg crash, resulting in a denial of service. (CVE-2025-7700) It was discovered that FFmpeg incorrectly handled memory in the JPEG 2000 decoder, which could lead to a heap buffer overflow. If a user or application were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or leak sensitive information. (CVE-2025-9951)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - Netlink; (CVE-2024-26700, CVE-2025-38727, CVE-2023-52593, CVE-2024-26896)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - Netlink; (CVE-2024-26700, CVE-2025-38727, CVE-2023-52593, CVE-2024-26896)

It was discovered that Python LDAP incorrectly handled special characters in the special character filtering function. A remote attacker could possibly use this issue to perform LDAP injection attacks. (CVE-2025-61911) Arad Inbar discovered that Python LDAP incorrectly escaped NUL character bytes. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-61912)

USN-7826-1 fixed vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Andrew Walker discovered that Samba incorrectly initialized memory in the vfs_streams_xattr module. An authenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2025-9640) Igor Morgenstern discovered that Samba incorrectly handled names passed to the WINS hook program. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-10230)

Shaun Mirani discovered that GStreamer Base Plugins did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service.

It was discovered that .NET did not properly handle the creation of temporary build time directories. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-55247) It was discovered that .NET did not properly establish TLS sessions for SMTP server connections. An attacker could use this issue to cause .NET to use unencrypted connections. This issue only affects .NET versions 8.0 and 9.0. (CVE-2025-55248) It was discovered that .NET inconsistently interpreted certain http requests. An attacker could possibly use this to bypass a security feature over a network. (CVE-2025-55315)

USN-7818-1 fixed vulnerabilities in Apache Subversion. This update provides the corresponding update for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. Original advisory details: It was discovered that Apache Subversion incorrectly parsed control characters in filenames. An attacker could possibly use this issue to commit a corrupted revision to a repository, leading to a denial of service.

Andrew Walker discovered that Samba incorrectly initialized memory in the vfs_streams_xattr module. An authenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2025-9640) Igor Morgenstern discovered that Samba incorrectly handled names passed to the WINS hook program. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-10230)

USN-7824-1 fixed several vulnerabilities in Redis. This update provides the corresponding update for Ubuntu 22.04 LTS. Original advisory details: Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Redis server.

USN-7824-1 fixed several vulnerabilities in Redis. This update provides the corresponding update for Redict - a fork of Redis. Original advisory details: Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Redis server.

It was discovered that MuPDF incorrectly managed memory, resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-1000036) It was discovered that MuPDF could enter an infinite loop when parsing certain PDF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10289) It was discovered that MuPDF incorrectly managed memory, possibly leading to a segmentation fault. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16647, CVE-2018-16648) It was discovered that MuPDF contained a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21896) It was discovered that MuPDF incorrectly managed memory, resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-26683) Maxim Mishechkin, Vitalii Akolzin, Shamil Kurmangaleev, Denis Straghkov, Fedor Nis'kov and Ivan Gulakov discovered that MuPDF incorrectly managed memory under certain circumstances, leading to a double-free. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3407) Xuwei Liu discovered that MuPDF may perform an out-of-bounds write under certain circumstances. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-37220)