Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
172
security advisorycriticalUbuntuUbuntu 20.04 LTS: Linux-azure-fips Critical VMSCAPE Exposure CVE-2025-40300
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7939-2 December 16, 2025 linux-azure-fips vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS Details: Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - HSI subsystem; - I3C subsystem; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers subsystem; - AFS file system; - F2FS file system; - SMB network file system; - Padata parallel execution mechanism; - Timer subsystem; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Networking core; - Netfilter; (CVE-2022-49026, CVE-2022-49390, CVE-2023-52854, CVE-2024-35867, CVE-2024-47691, CVE-2024-49935, CVE-2024-50061, CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090, CVE-2024-53218, CVE-2024-56664, CVE-2025-21727, CVE-2025-21855, CVE-2025-37838, CVE-2025-37958, CVE-2025-38352, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.4.0-1157-azure-fips 5.4.0-1157.164+fips1 Available with Ubuntu Pro linux-image-azure-fips 5.4.0.1157.94 Available with Ubuntu Pro linux-image-azure-fips-5.4 5.4.0.1157.94 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7939-2 https://ubuntu.com/security/notices/USN-7939-1 CVE-2022-49026, CVE-2022-49390, CVE-2023-52854, CVE-2024-35867, CVE-2024-47691, CVE-2024-49935, CVE-2024-50061, CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090, CVE-2024-53218, CVE-2024-56664, CVE-2025-21727, CVE-2025-21855, CVE-2025-37838, CVE-2025-37958, CVE-2025-38352, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018, CVE-2025-40300 Package Information: . Several security issues in the Linux kernel for Azure FIPS highlight risks for sensitive data exposure.. Ubuntu Security Notices, Linux kernel issues, Azure FIPS vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Dec 16, 2025
•Critical
Ubuntu
172
security advisoryUbuntukernelUbuntu 24.04 LTS: USN-7861-5 Linux Kernel Issues Critical Fix
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7861-5 December 03, 2025 linux-raspi, linux-raspi-realtime, linux-xilinx vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-raspi: Linux kernel for Raspberry Pi systems - linux-raspi-realtime: Linux kernel for Raspberry Pi Real-time systems - linux-xilinx: Linux kernel for Xilinx systems Details: Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - HSI subsystem; - Bluetooth subsystem; - Timer subsystem; (CVE-2025-37838, CVE-2025-38118, CVE-2025-38352) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS linux-image-6.8.0-1019-xilinx 6.8.0-1019.20 linux-image-6.8.0-1042-raspi 6.8.0-1042.46 linux-image-6.8.0-2033-raspi-realtime 6.8.0-2033.34 Available with Ubuntu Pro linux-image-raspi 6.8.0-1042.46 linux-image-raspi-6.8 6.8.0-1042.46 linux-image-raspi-realtime 6.8.0-2033.34 Available with Ubuntu Pro linux-image-raspi-realtime-6.8 6.8.0-2033.34 Available with Ubuntu Pro linux-image-xilinx 6.8.0.1019.20 linux-image-xilinx-6.8 6.8.0.1019.20 linux-image-xilinx-zynqmp 6.8.0.1019.20 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7861-5 https://ubuntu.com/security/notices/USN-7861-4 https://ubuntu.com/security/notices/USN-7861-3 https://ubuntu.com/security/notices/USN-7861-2 https://ubuntu.com/security/notices/USN-7861-1 CVE-2025-37838, CVE-2025-38118, CVE-2025-38352, CVE-2025-40300 Package Information: https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1042.46 . Several security issues fixed in the Linux kernel for Ubuntu 24.04 enhancing system protection against exploits.. Linux Kernel Issues, Ubuntu Security Update, Kernel Compromise, Insufficient Isolation, VMSCAPE Attack. . Severity: Critical. LinuxSecurity.com Team
Dec 03, 2025
•Critical
Ubuntu
172
security advisoryUbuntuimportantUbuntu 22.04 LTS USN-7862-3 Important Info Exposure CVE-2025-40300
The system could be made to expose sensitive information.. ========================================================================== Ubuntu Security Notice USN-7862-3 November 13, 2025 linux-xilinx-zynqmp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: The system could be made to expose sensitive information. Software Description: - linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors Details: Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS linux-image-5.15.0-1060-xilinx-zynqmp 5.15.0-1060.64 linux-image-xilinx-zynqmp 5.15.0.1060.63 linux-image-xilinx-zynqmp-5.15 5.15.0.1060.63 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7862-3 https://ubuntu.com/security/notices/USN-7862-2 https://ubuntu.com/security/notices/USN-7862-1 CVE-2025-40300 Package Information: https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.15.0-1060.64 . Anew advisory for Ubuntu 22.04 LTS addresses an important security issue exposing sensitive information.. Ubuntu Security, Linux Kernel, VMSCAPE, Information Exposure, Linux Advisory. . Severity: Important. LinuxSecurity.com Team
Nov 13, 2025
•Important
Ubuntu
172
security advisoryUbuntusystem updateUbuntu 25.04 USN-7860-1: Linux Kernel Critical Info Leak CVE-2025-40300
The system could be made to expose sensitive information.. ========================================================================== Ubuntu Security Notice USN-7860-1 November 06, 2025 linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oem-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS Summary: The system could be made to expose sensitive information. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-realtime: Linux kernel for Real-time systems - linux-aws-6.14: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp-6.14: Linux kernel for Google Cloud Platform (GCP) systems - linux-oem-6.14: Linux kernel for OEM systems - linux-oracle-6.14: Linux kernel for Oracle Cloud systems Details: Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 linux-image-6.14.0-1015-realtime 6.14.0-1015.15 linux-image-6.14.0-1016-aws 6.14.0-1016.16 linux-image-6.14.0-1016-aws-64k 6.14.0-1016.16 linux-image-6.14.0-1016-oracle 6.14.0-1016.16 linux-image-6.14.0-1016-oracle-64k 6.14.0-1016.16 linux-image-6.14.0-1017-raspi 6.14.0-1017.17 linux-image-6.14.0-1019-gcp 6.14.0-1019.20 linux-image-6.14.0-1019-gcp-64k 6.14.0-1019.20 linux-image-6.14.0-35-generic 6.14.0-35.35 linux-image-6.14.0-35-generic-64k 6.14.0-35.35 linux-image-aws 6.14.0-1016.16 linux-image-aws-6.14 6.14.0-1016.16 linux-image-aws-64k 6.14.0-1016.16 linux-image-aws-64k-6.14 6.14.0-1016.16 linux-image-gcp 6.14.0-1019.20 linux-image-gcp-6.14 6.14.0-1019.20 linux-image-gcp-64k 6.14.0-1019.20 linux-image-gcp-64k-6.14 6.14.0-1019.20 linux-image-generic 6.14.0-35.35 linux-image-generic-6.14 6.14.0-35.35 linux-image-generic-64k 6.14.0-35.35 linux-image-generic-64k-6.14 6.14.0-35.35 linux-image-oracle 6.14.0-1016.16 linux-image-oracle-6.14 6.14.0-1016.16 linux-image-oracle-64k 6.14.0-1016.16 linux-image-oracle-64k-6.14 6.14.0-1016.16 linux-image-raspi 6.14.0-1017.17 linux-image-raspi-6.14 6.14.0-1017.17 linux-image-realtime 6.14.0-1015.15 linux-image-realtime-6.14 6.14.0-1015.15 linux-image-virtual 6.14.0-35.35 linux-image-virtual-6.14 6.14.0-35.35 Ubuntu 24.04 LTS linux-image-6.14.0-1015-oem 6.14.0-1015.15 linux-image-6.14.0-1016-aws 6.14.0-1016.16~24.04.1 linux-image-6.14.0-1016-aws-64k 6.14.0-1016.16~24.04.1 linux-image-6.14.0-1016-oracle 6.14.0-1016.16~24.04.1 linux-image-6.14.0-1016-oracle-64k 6.14.0-1016.16~24.04.1 linux-image-6.14.0-1019-gcp 6.14.0-1019.20~24.04.1 linux-image-6.14.0-1019-gcp-64k 6.14.0-1019.20~24.04.1 linux-image-aws 6.14.0-1016.16~24.04.1 linux-image-aws-6.14 6.14.0-1016.16~24.04.1 linux-image-aws-64k 6.14.0-1016.16~24.04.1 linux-image-aws-64k-6.14 6.14.0-1016.16~24.04.1 linux-image-gcp 6.14.0-1019.20~24.04.1 linux-image-gcp-6.14 6.14.0-1019.20~24.04.1 linux-image-gcp-64k 6.14.0-1019.20~24.04.1 linux-image-gcp-64k-6.14 6.14.0-1019.20~24.04.1 linux-image-oem-24.04 6.14.0-1015.15 linux-image-oem-24.04a 6.14.0-1015.15 linux-image-oem-24.04b 6.14.0-1015.15 linux-image-oem-24.04c 6.14.0-1015.15 linux-image-oem-6.14 6.14.0-1015.15 linux-image-oracle 6.14.0-1016.16~24.04.1 linux-image-oracle-6.14 6.14.0-1016.16~24.04.1 linux-image-oracle-64k 6.14.0-1016.16~24.04.1 linux-image-oracle-64k-6.14 6.14.0-1016.16~24.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7860-1 CVE-2025-40300 Package Information: https://launchpad.net/ubuntu/+source/linux/6.14.0-35.35 https://launchpad.net/ubuntu/+source/linux-aws/6.14.0-1016.16 https://launchpad.net/ubuntu/+source/linux-oracle/6.14.0-1016.16 https://launchpad.net/ubuntu/+source/linux-raspi/6.14.0-1017.17 https://launchpad.net/ubuntu/+source/linux-aws-6.14/6.14.0-1016.16~24.04.1 https://launchpad.net/ubuntu/+source/linux-gcp-6.14/6.14.0-1019.20~24.04.1 https://launchpad.net/ubuntu/+source/linux-oem-6.14/6.14.0-1015.15 https://launchpad.net/ubuntu/+source/linux-oracle-6.14/6.14.0-1016.16~24.04.1 . A critical vulnerability in the Linux kernel may expose sensitive information on Ubuntu systems. Update urgently.. Linux kernel, Ubuntu security, information exposure, system update,VMSCAPE. . Severity: Critical. LinuxSecurity.com Team
Nov 06, 2025
•Critical
Ubuntu
89
security advisoryfedoraimportantFedora 43: kernel-headers Important VMSCAPE Mitigation CVE-2025-40300
The 6.17 rc6 kernel build contains a number of important fixes across the tree. It also includes mitigations for the VMSCAPE vulnerability on x86 CPUs. This has been assigned CVE-2025-40300.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-22c5cc654d 2025-09-18 00:16:07.326046+00:00 -------------------------------------------------------------------------------- Name : kernel-headers Product : Fedora 43 Version : 6.17.0 Release : 0.rc6.49.fc43 URL : http://www.kernel.org/ Summary : Header files for the Linux kernel for use by glibc Description : Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. -------------------------------------------------------------------------------- Update Information: The 6.17 rc6 kernel build contains a number of important fixes across the tree. It also includes mitigations for the VMSCAPE vulnerability on x86 CPUs. This has been assigned CVE-2025-40300. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 15 2025 Justin M. Forbes - 6.17.0-6 - Linux v6.17-rc6 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-22c5cc654d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 18, 2025
•Important
Fedora
89
security advisoryfedoraimportantFedora 43 Release: Kernel 6.17 rc6 VMSCAPE Advisory FEDORA-2025-22c5cc654d
The 6.17 rc6 kernel build contains a number of important fixes across the tree. It also includes mitigations for the VMSCAPE vulnerability on x86 CPUs. This has been assigned CVE-2025-40300.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-22c5cc654d 2025-09-18 00:16:07.326046+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 43 Version : 6.17.0 Release : 0.rc6.49.fc43 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 6.17 rc6 kernel build contains a number of important fixes across the tree. It also includes mitigations for the VMSCAPE vulnerability on x86 CPUs. This has been assigned CVE-2025-40300. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 15 2025 Fedora Kernel Team [6.17.0-0.rc6.49] - arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: add Bluetooth support (Jens Glathe) - ALSA HDA driver configuration split for 6.17 upstream (Jaroslav Kysela) - redhat/configs: clang_lto: disable CONFIG_FORTIFY_KUNIT_TEST (Scott Weaver) * Mon Sep 15 2025 Fedora Kernel Team [6.17.0-0.rc6.48] - Linux v6.17.0-0.rc6 * Sun Sep 14 2025 Fedora Kernel Team [6.17.0-0.rc5.f83a4f2a4d8c.47] - Linux v6.17.0-0.rc5.f83a4f2a4d8c * Sat Sep 13 2025 Fedora Kernel Team [6.17.0-0.rc5.22f20375f5b7.46] - Set CONFIG_MITIGATION_VMSCAPE for Fedora (Justin M. Forbes) - Linux v6.17.0-0.rc5.22f20375f5b7 * Fri Sep 12 2025 Fedora Kernel Team [6.17.0-0.rc5.320475fbd590.45] - redhat/Makefile: update dist-vr-check (Scott Weaver) - Linux v6.17.0-0.rc5.320475fbd590 * Thu Sep 11 2025 Fedora Kernel Team [6.17.0-0.rc5.7aac71907bde.44] - Linux v6.17.0-0.rc5.7aac71907bde * Wed Sep 10 2025 Fedora Kernel Team [6.17.0-0.rc5.9dd1835ecda5.43] - gitlab-ci: add kcidb_tree_name to trees (Tales da Aparecida) - Fix packaging for libcpupower python binding debuginfo (Justin M. Forbes) - redhat/configs: automotive: enable TI K3 R5F remoteproc driver (Jared Kangas) - Move CONFIG_SCHED_PROXY_EXEC to the zfcpdump directory (Justin M. Forbes) - Set Fedora configs for 6.17 (Justin M. Forbes) - Linux v6.17.0-0.rc5.9dd1835ecda5 * Tue Sep 9 2025 Fedora Kernel Team [6.17.0-0.rc5.f777d1112ee5.42] - Linux v6.17.0-0.rc5.f777d1112ee5 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-22c5cc654d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 18, 2025
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!