Linux kernel, OpenSSH, Twig updates for Ubuntu

Ubuntu 6731 Published 4 days ago by Philipp Esselbach

News

[USN-7455-3] Linux kernel (Real-time) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7455-3
April 24, 2025

linux-intel-iot-realtime, linux-realtime vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-intel-iot-realtime: Linux kernel for Intel IoT Real-time platforms
- linux-realtime: Linux kernel for Real-time systems

Details:

Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- File systems infrastructure;
- NTFS3 file system;
- Ethernet bridge;
- Ethtool driver;
- IPv6 networking;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-56651, CVE-2025-21756, CVE-2024-26837, CVE-2025-21700,
CVE-2024-46826, CVE-2024-50256, CVE-2024-50248, CVE-2025-21993,
CVE-2025-21702, CVE-2025-21701, CVE-2025-21703)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1075-intel-iot-realtime 5.15.0-1075.77
Available with Ubuntu Pro
linux-image-5.15.0-1082-realtime 5.15.0-1082.91
Available with Ubuntu Pro
linux-image-intel-iot-realtime 5.15.0.1075.79
Available with Ubuntu Pro
linux-image-realtime 5.15.0.1082.86
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7455-3
https://ubuntu.com/security/notices/USN-7455-2
https://ubuntu.com/security/notices/USN-7455-1
CVE-2022-0995, CVE-2024-26837, CVE-2024-46826, CVE-2024-50248,
CVE-2024-50256, CVE-2024-56651, CVE-2025-21700, CVE-2025-21701,
CVE-2025-21702, CVE-2025-21703, CVE-2025-21756, CVE-2025-21993

Package Information:
https://launchpad.net/ubuntu/+source/linux-intel-iot-realtime/5.15.0-1075.77
https://launchpad.net/ubuntu/+source/linux-realtime/5.15.0-1082.91

[USN-7455-2] Linux kernel (FIPS) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7455-2
April 24, 2025

linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with FIPS

Details:

Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- File systems infrastructure;
- NTFS3 file system;
- Ethernet bridge;
- Ethtool driver;
- IPv6 networking;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-26837, CVE-2025-21993, CVE-2025-21702, CVE-2025-21700,
CVE-2025-21701, CVE-2024-50248, CVE-2024-56651, CVE-2024-46826,
CVE-2024-50256, CVE-2025-21756, CVE-2025-21703)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1081-gcp-fips 5.15.0-1081.90+fips1
Available with Ubuntu Pro
linux-image-5.15.0-1082-aws-fips 5.15.0-1082.89+fips1
Available with Ubuntu Pro
linux-image-5.15.0-138-fips 5.15.0-138.148+fips1
Available with Ubuntu Pro
linux-image-aws-fips 5.15.0.1082.78
Available with Ubuntu Pro
linux-image-fips 5.15.0.138.78
Available with Ubuntu Pro
linux-image-gcp-fips 5.15.0.1081.71
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7455-2
https://ubuntu.com/security/notices/USN-7455-1
CVE-2022-0995, CVE-2024-26837, CVE-2024-46826, CVE-2024-50248,
CVE-2024-50256, CVE-2024-56651, CVE-2025-21700, CVE-2025-21701,
CVE-2025-21702, CVE-2025-21703, CVE-2025-21756, CVE-2025-21993

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/5.15.0-1082.89+fips1
https://launchpad.net/ubuntu/+source/linux-fips/5.15.0-138.148+fips1
https://launchpad.net/ubuntu/+source/linux-gcp-fips/5.15.0-1081.90+fips1

[USN-7455-1] Linux kernel vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7455-1
April 24, 2025

linux, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde,
linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15,
linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency,
linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra,
linux-nvidia-tegra-igx, linux-oracle, linux-raspi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-intel-iotg: Linux kernel for Intel IoT platforms
- linux-kvm: Linux kernel for cloud environments
- linux-lowlatency: Linux low latency kernel
- linux-nvidia: Linux kernel for NVIDIA systems
- linux-nvidia-tegra: Linux kernel for NVIDIA Tegra systems
- linux-nvidia-tegra-igx: Linux kernel for NVIDIA Tegra IGX systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems
- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems
- linux-hwe-5.15: Linux hardware enablement (HWE) kernel
- linux-lowlatency-hwe-5.15: Linux low latency kernel

Details:

Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- File systems infrastructure;
- NTFS3 file system;
- Ethernet bridge;
- Ethtool driver;
- IPv6 networking;
- Network traffic control;
- VMware vSockets driver;
(CVE-2025-21703, CVE-2024-56651, CVE-2024-50248, CVE-2025-21701,
CVE-2024-26837, CVE-2024-46826, CVE-2025-21993, CVE-2025-21702,
CVE-2024-50256, CVE-2025-21756, CVE-2025-21700)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1023-nvidia-tegra-igx 5.15.0-1023.23
linux-image-5.15.0-1023-nvidia-tegra-igx-rt 5.15.0-1023.23
linux-image-5.15.0-1035-nvidia-tegra 5.15.0-1035.35
linux-image-5.15.0-1035-nvidia-tegra-rt 5.15.0-1035.35
linux-image-5.15.0-1064-gkeop 5.15.0-1064.72
linux-image-5.15.0-1074-ibm 5.15.0-1074.77
linux-image-5.15.0-1076-nvidia 5.15.0-1076.77
linux-image-5.15.0-1076-nvidia-lowlatency 5.15.0-1076.77
linux-image-5.15.0-1076-raspi 5.15.0-1076.79
linux-image-5.15.0-1077-intel-iotg 5.15.0-1077.83
linux-image-5.15.0-1078-kvm 5.15.0-1078.83
linux-image-5.15.0-1079-gke 5.15.0-1079.85
linux-image-5.15.0-1079-oracle 5.15.0-1079.85
linux-image-5.15.0-1081-gcp 5.15.0-1081.90
linux-image-5.15.0-1082-aws 5.15.0-1082.89
linux-image-5.15.0-1087-azure 5.15.0-1087.96
linux-image-5.15.0-1087-azure-fde 5.15.0-1087.96.1
linux-image-5.15.0-138-generic 5.15.0-138.148
linux-image-5.15.0-138-generic-64k 5.15.0-138.148
linux-image-5.15.0-138-generic-lpae 5.15.0-138.148
linux-image-5.15.0-138-lowlatency 5.15.0-138.148
linux-image-5.15.0-138-lowlatency-64k 5.15.0-138.148
linux-image-aws-lts-22.04 5.15.0.1082.84
linux-image-azure-fde-lts-22.04 5.15.0.1087.96.64
linux-image-azure-lts-22.04 5.15.0.1087.85
linux-image-gcp-lts-22.04 5.15.0.1081.77
linux-image-generic 5.15.0.138.134
linux-image-generic-64k 5.15.0.138.134
linux-image-generic-lpae 5.15.0.138.134
linux-image-gke 5.15.0.1079.78
linux-image-gke-5.15 5.15.0.1079.78
linux-image-gkeop 5.15.0.1064.63
linux-image-gkeop-5.15 5.15.0.1064.63
linux-image-ibm 5.15.0.1074.70
linux-image-intel-iotg 5.15.0.1077.77
linux-image-kvm 5.15.0.1078.74
linux-image-lowlatency 5.15.0.138.124
linux-image-lowlatency-64k 5.15.0.138.124
linux-image-nvidia 5.15.0.1076.76
linux-image-nvidia-lowlatency 5.15.0.1076.76
linux-image-nvidia-tegra 5.15.0.1035.35
linux-image-nvidia-tegra-igx 5.15.0.1023.25
linux-image-nvidia-tegra-igx-rt 5.15.0.1023.25
linux-image-nvidia-tegra-rt 5.15.0.1035.35
linux-image-oracle-lts-22.04 5.15.0.1079.75
linux-image-raspi 5.15.0.1076.74
linux-image-raspi-nolpae 5.15.0.1076.74
linux-image-virtual 5.15.0.138.134

Ubuntu 20.04 LTS
linux-image-5.15.0-1087-azure 5.15.0-1087.96~20.04.1
linux-image-5.15.0-1087-azure-fde 5.15.0-1087.96~20.04.1.1
linux-image-5.15.0-138-generic 5.15.0-138.148~20.04.1
linux-image-5.15.0-138-generic-64k 5.15.0-138.148~20.04.1
linux-image-5.15.0-138-generic-lpae 5.15.0-138.148~20.04.1
linux-image-5.15.0-138-lowlatency 5.15.0-138.148~20.04.1
linux-image-5.15.0-138-lowlatency-64k 5.15.0-138.148~20.04.1
linux-image-azure 5.15.0.1087.96~20.04.1
linux-image-azure-cvm 5.15.0.1087.96~20.04.1
linux-image-azure-fde 5.15.0.1087.96~20.04.1.62
linux-image-generic-64k-hwe-20.04 5.15.0.138.148~20.04.1
linux-image-generic-hwe-20.04 5.15.0.138.148~20.04.1
linux-image-generic-lpae-hwe-20.04 5.15.0.138.148~20.04.1
linux-image-lowlatency-64k-hwe-20.04 5.15.0.138.148~20.04.1
linux-image-lowlatency-hwe-20.04 5.15.0.138.148~20.04.1
linux-image-oem-20.04 5.15.0.138.148~20.04.1
linux-image-oem-20.04b 5.15.0.138.148~20.04.1
linux-image-oem-20.04c 5.15.0.138.148~20.04.1
linux-image-oem-20.04d 5.15.0.138.148~20.04.1
linux-image-virtual-hwe-20.04 5.15.0.138.148~20.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7455-1
CVE-2022-0995, CVE-2024-26837, CVE-2024-46826, CVE-2024-50248,
CVE-2024-50256, CVE-2024-56651, CVE-2025-21700, CVE-2025-21701,
CVE-2025-21702, CVE-2025-21703, CVE-2025-21756, CVE-2025-21993

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.15.0-138.148
https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1082.89
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1087.96
https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1087.96.1
https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1081.90
https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1079.85
https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1064.72
https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1074.77
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1077.83
https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1078.83
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-138.148
https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1076.77
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra/5.15.0-1035.35
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra-igx/5.15.0-1023.23
https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1079.85
https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1076.79
https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1087.96~20.04.1
https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1087.96~20.04.1.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-138.148~20.04.1
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-138.148~20.04.1

[USN-7461-1] Linux kernel vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7461-1
April 24, 2025

linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp,
linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- Bluetooth subsystem;
- IPv6 networking;
- Network traffic control;
(CVE-2024-53237, CVE-2024-50256, CVE-2021-47119, CVE-2024-35958,
CVE-2025-21700, CVE-2025-21703, CVE-2024-56651, CVE-2024-49974,
CVE-2025-21702, CVE-2024-26915, CVE-2024-46826)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1090-ibm 5.4.0-1090.95
linux-image-5.4.0-1103-bluefield 5.4.0-1103.110
linux-image-5.4.0-1131-kvm 5.4.0-1131.140
linux-image-5.4.0-1142-oracle 5.4.0-1142.152
linux-image-5.4.0-1147-gcp 5.4.0-1147.156
linux-image-5.4.0-1149-azure 5.4.0-1149.156
linux-image-5.4.0-214-generic 5.4.0-214.234
linux-image-5.4.0-214-generic-lpae 5.4.0-214.234
linux-image-5.4.0-214-lowlatency 5.4.0-214.234
linux-image-azure-lts-20.04 5.4.0.1149.143
linux-image-bluefield 5.4.0.1103.99
linux-image-gcp-lts-20.04 5.4.0.1147.149
linux-image-generic 5.4.0.214.207
linux-image-generic-lpae 5.4.0.214.207
linux-image-ibm-lts-20.04 5.4.0.1090.119
linux-image-kvm 5.4.0.1131.127
linux-image-lowlatency 5.4.0.214.207
linux-image-oem 5.4.0.214.207
linux-image-oem-osp1 5.4.0.214.207
linux-image-oracle-lts-20.04 5.4.0.1142.136
linux-image-virtual 5.4.0.214.207

Ubuntu 18.04 LTS
linux-image-5.4.0-1142-oracle 5.4.0-1142.152~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1149-azure 5.4.0-1149.156~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-214-generic 5.4.0-214.234~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-214-lowlatency 5.4.0-214.234~18.04.1
Available with Ubuntu Pro
linux-image-azure 5.4.0.1149.156~18.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-18.04 5.4.0.214.234~18.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-18.04 5.4.0.214.234~18.04.1
Available with Ubuntu Pro
linux-image-oem 5.4.0.214.234~18.04.1
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.214.234~18.04.1
Available with Ubuntu Pro
linux-image-oracle 5.4.0.1142.152~18.04.1
Available with Ubuntu Pro
linux-image-snapdragon-hwe-18.04 5.4.0.214.234~18.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-18.04 5.4.0.214.234~18.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7461-1
CVE-2021-47119, CVE-2024-26915, CVE-2024-35958, CVE-2024-46826,
CVE-2024-49974, CVE-2024-50256, CVE-2024-53237, CVE-2024-56651,
CVE-2025-21700, CVE-2025-21702, CVE-2025-21703

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-214.234
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1149.156
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1103.110
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1147.156
https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1090.95
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1131.140
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1142.152

[USN-7457-1] OpenSSH vulnerability

==========================================================================
Ubuntu Security Notice USN-7457-1
April 24, 2025

openssh vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

OpenSSH could allow unintended access to network services.

Software Description:
- openssh: secure shell (SSH) for secure access to remote machines

Details:

It was discovered that OpenSSH incorrectly handled the DisableForwarding
directive. The directive would fail to disable X11 and agent forwarding,
contrary to documentation and expectations.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
openssh-client 1:9.9p1-3ubuntu3.1
openssh-server 1:9.9p1-3ubuntu3.1

Ubuntu 24.10
openssh-client 1:9.7p1-7ubuntu4.3
openssh-server 1:9.7p1-7ubuntu4.3

Ubuntu 24.04 LTS
openssh-client 1:9.6p1-3ubuntu13.11
openssh-server 1:9.6p1-3ubuntu13.11

Ubuntu 22.04 LTS
openssh-client 1:8.9p1-3ubuntu0.13
openssh-server 1:8.9p1-3ubuntu0.13

Ubuntu 20.04 LTS
openssh-client 1:8.2p1-4ubuntu0.13
openssh-server 1:8.2p1-4ubuntu0.13

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7457-1
CVE-2025-32728

Package Information:
https://launchpad.net/ubuntu/+source/openssh/1:9.9p1-3ubuntu3.1
https://launchpad.net/ubuntu/+source/openssh/1:9.7p1-7ubuntu4.3
https://launchpad.net/ubuntu/+source/openssh/1:9.6p1-3ubuntu13.11
https://launchpad.net/ubuntu/+source/openssh/1:8.9p1-3ubuntu0.13
https://launchpad.net/ubuntu/+source/openssh/1:8.2p1-4ubuntu0.13

[USN-7460-1] Linux kernel (Azure FIPS) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7460-1
April 24, 2025

linux-azure-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS

Details:

Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Microsoft Azure Network Adapter (MANA) driver;
- File systems infrastructure;
- NTFS3 file system;
- Ethernet bridge;
- Ethtool driver;
- IPv6 networking;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-26837, CVE-2024-50248, CVE-2025-21756, CVE-2025-21701,
CVE-2024-50256, CVE-2025-21993, CVE-2025-21700, CVE-2025-21702,
CVE-2024-56651, CVE-2025-21703, CVE-2024-46826, CVE-2024-42069)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1087-azure-fips 5.15.0-1087.96+fips1
Available with Ubuntu Pro
linux-image-azure-fips 5.15.0.1087.72
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7460-1
CVE-2022-0995, CVE-2024-26837, CVE-2024-42069, CVE-2024-46826,
CVE-2024-50248, CVE-2024-50256, CVE-2024-56651, CVE-2025-21700,
CVE-2025-21701, CVE-2025-21702, CVE-2025-21703, CVE-2025-21756,
CVE-2025-21993

[USN-7459-1] Linux kernel (Intel IoTG) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7459-1
April 24, 2025

linux-intel-iotg-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms

Details:

Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Microsoft Hyper-V drivers;
- I3C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- LED subsystem;
- Multiple devices driver;
- Media drivers;
- Multifunction device drivers;
- MMC subsystem;
- MTD block device drivers;
- Network drivers;
- Mellanox network drivers;
- Microsoft Azure Network Adapter (MANA) driver;
- NVME drivers;
- PCI subsystem;
- Pin controllers subsystem;
- x86 platform drivers;
- Power supply drivers;
- Real Time Clock drivers;
- SCSI subsystem;
- SuperH / SH-Mobile drivers;
- i.MX SoC drivers;
- QCOM SoC drivers;
- SPI subsystem;
- Media staging drivers;
- UFS subsystem;
- DesignWare USB3 driver;
- USB Gadget drivers;
- USB Serial drivers;
- USB Type-C Port Controller Manager driver;
- VFIO drivers;
- Framebuffer layer;
- Xen hypervisor drivers;
- AFS file system;
- File systems infrastructure;
- BTRFS file system;
- Ceph distributed file system;
- F2FS file system;
- GFS2 file system;
- JFFS2 file system;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- NTFS3 file system;
- Overlay file system;
- Proc file system;
- Diskquota system;
- SMB network file system;
- UBI file system;
- Timer subsystem;
- VLANs driver;
- LAPB network protocol;
- Network namespace;
- Kernel init infrastructure;
- BPF subsystem;
- Kernel CPU control infrastructure;
- DMA mapping infrastructure;
- KCSAN framework;
- Tracing infrastructure;
- Memory management;
- 9P file system network protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- CAN network layer;
- Networking core;
- DCCP (Datagram Congestion Control Protocol);
- Distributed Switch Architecture;
- Ethtool driver;
- HSR network protocol;
- IEEE802154.4 network protocol;
- IPv4 networking;
- IPv6 networking;
- IEEE 802.15.4 subsystem;
- Multipath TCP;
- Netfilter;
- Netlink;
- NET/ROM layer;
- Packet sockets;
- Network traffic control;
- SCTP protocol;
- SMC sockets;
- Sun RPC protocol;
- TIPC protocol;
- VMware vSockets driver;
- eXpress Data Path;
- SELinux security module;
- ALSA framework;
- USB sound devices;
(CVE-2024-57913, CVE-2024-56748, CVE-2024-46871, CVE-2024-57900,
CVE-2025-21637, CVE-2025-21756, CVE-2024-53680, CVE-2024-56728,
CVE-2024-46826, CVE-2024-57910, CVE-2024-56679, CVE-2024-53215,
CVE-2024-56640, CVE-2024-56634, CVE-2024-56594, CVE-2024-56619,
CVE-2024-50242, CVE-2024-53150, CVE-2024-49925, CVE-2024-56648,
CVE-2024-53121, CVE-2024-36476, CVE-2025-21631, CVE-2024-49996,
CVE-2024-56723, CVE-2025-21690, CVE-2024-56769, CVE-2024-56767,
CVE-2025-21664, CVE-2024-53155, CVE-2024-48881, CVE-2024-57925,
CVE-2024-53197, CVE-2024-53156, CVE-2024-35864, CVE-2024-53122,
CVE-2024-50121, CVE-2025-21700, CVE-2022-49034, CVE-2025-21648,
CVE-2024-57903, CVE-2024-57902, CVE-2024-53184, CVE-2024-57922,
CVE-2024-56644, CVE-2024-53151, CVE-2024-53239, CVE-2024-56636,
CVE-2024-56651, CVE-2024-57911, CVE-2024-56532, CVE-2024-56739,
CVE-2024-56600, CVE-2024-57917, CVE-2024-57901, CVE-2024-56623,
CVE-2024-56570, CVE-2024-57838, CVE-2024-56586, CVE-2024-50055,
CVE-2024-47730, CVE-2024-57841, CVE-2024-56548, CVE-2024-57906,
CVE-2024-56606, CVE-2024-57896, CVE-2024-56787, CVE-2024-56785,
CVE-2024-57849, CVE-2024-57807, CVE-2024-50248, CVE-2024-56576,
CVE-2024-53158, CVE-2024-53198, CVE-2024-53194, CVE-2025-21701,
CVE-2024-57890, CVE-2025-21703, CVE-2024-56629, CVE-2025-21687,
CVE-2024-53146, CVE-2024-56643, CVE-2024-56637, CVE-2024-56745,
CVE-2025-21665, CVE-2024-53165, CVE-2024-57850, CVE-2024-57889,
CVE-2024-56558, CVE-2024-56659, CVE-2024-56781, CVE-2024-57892,
CVE-2024-56601, CVE-2024-56597, CVE-2024-57791, CVE-2025-21653,
CVE-2024-56746, CVE-2024-56631, CVE-2024-56590, CVE-2024-56596,
CVE-2024-56756, CVE-2024-56569, CVE-2024-47707, CVE-2024-47143,
CVE-2024-57940, CVE-2024-42315, CVE-2025-21689, CVE-2024-53161,
CVE-2024-57951, CVE-2024-50256, CVE-2024-56598, CVE-2024-57884,
CVE-2024-56662, CVE-2024-56716, CVE-2024-26837, CVE-2025-21683,
CVE-2024-56593, CVE-2024-53129, CVE-2024-45828, CVE-2024-53206,
CVE-2024-56650, CVE-2024-57912, CVE-2024-56715, CVE-2024-56630,
CVE-2024-53113, CVE-2024-56763, CVE-2025-21669, CVE-2024-53174,
CVE-2024-56776, CVE-2024-53119, CVE-2024-55881, CVE-2024-53099,
CVE-2024-56539, CVE-2024-56724, CVE-2024-53142, CVE-2024-53157,
CVE-2024-56774, CVE-2024-57802, CVE-2024-53183, CVE-2024-56759,
CVE-2024-58087, CVE-2024-50304, CVE-2024-26928, CVE-2024-56531,
CVE-2024-56747, CVE-2024-56625, CVE-2024-53127, CVE-2024-53136,
CVE-2025-21993, CVE-2024-53226, CVE-2024-56778, CVE-2024-53124,
CVE-2024-57798, CVE-2024-56562, CVE-2024-50275, CVE-2024-57907,
CVE-2024-56589, CVE-2024-53217, CVE-2024-50051, CVE-2024-56574,
CVE-2024-55916, CVE-2024-56572, CVE-2024-56627, CVE-2024-56720,
CVE-2024-57939, CVE-2025-21699, CVE-2024-56642, CVE-2024-56670,
CVE-2024-56622, CVE-2024-56575, CVE-2024-53685, CVE-2024-56678,
CVE-2024-56779, CVE-2024-56690, CVE-2024-57938, CVE-2024-49950,
CVE-2024-56726, CVE-2024-53227, CVE-2024-53131, CVE-2025-21680,
CVE-2024-56605, CVE-2024-57908, CVE-2024-56704, CVE-2024-43900,
CVE-2024-56708, CVE-2024-56777, CVE-2024-53120, CVE-2025-21640,
CVE-2024-56615, CVE-2024-53138, CVE-2024-53214, CVE-2024-53130,
CVE-2024-56770, CVE-2024-56603, CVE-2024-53180, CVE-2024-53181,
CVE-2024-47408, CVE-2025-21692, CVE-2024-56698, CVE-2024-49571,
CVE-2024-56681, CVE-2024-56614, CVE-2024-56693, CVE-2024-56633,
CVE-2024-56610, CVE-2024-56645, CVE-2024-57874, CVE-2025-21678,
CVE-2024-56691, CVE-2024-56578, CVE-2024-57897, CVE-2024-46784,
CVE-2024-56694, CVE-2025-21636, CVE-2024-43098, CVE-2024-53172,
CVE-2024-56780, CVE-2024-36899, CVE-2024-56595, CVE-2024-49998,
CVE-2024-53140, CVE-2024-56581, CVE-2024-56688, CVE-2024-56369,
CVE-2024-53690, CVE-2024-46841, CVE-2025-21702, CVE-2024-53148,
CVE-2024-57792, CVE-2024-53135, CVE-2024-53145, CVE-2024-46809,
CVE-2025-21666, CVE-2024-53173, CVE-2024-53171, CVE-2025-21646,
CVE-2025-21639, CVE-2024-44938, CVE-2024-56626, CVE-2024-49974,
CVE-2024-57931, CVE-2024-56568, CVE-2025-21694, CVE-2024-56658,
CVE-2024-57929, CVE-2024-56533, CVE-2024-56602, CVE-2024-53237,
CVE-2024-56701, CVE-2024-57882, CVE-2024-56587, CVE-2024-56616,
CVE-2024-56705, CVE-2024-53125, CVE-2024-57904, CVE-2025-21638,
CVE-2024-52332, CVE-2024-57946, CVE-2024-56754, CVE-2024-56700,
CVE-2024-56567, CVE-2024-50283, CVE-2025-21697, CVE-2024-57948,
CVE-2024-53096, CVE-2024-53112)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.15.0-1077-intel-iotg 5.15.0-1077.83~20.04.1
linux-image-intel 5.15.0.1077.83~20.04.1
linux-image-intel-iotg 5.15.0.1077.83~20.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7459-1
CVE-2022-0995, CVE-2022-49034, CVE-2024-26837, CVE-2024-26928,
CVE-2024-35864, CVE-2024-36476, CVE-2024-36899, CVE-2024-42315,
CVE-2024-43098, CVE-2024-43900, CVE-2024-44938, CVE-2024-45828,
CVE-2024-46784, CVE-2024-46809, CVE-2024-46826, CVE-2024-46841,
CVE-2024-46871, CVE-2024-47143, CVE-2024-47408, CVE-2024-47707,
CVE-2024-47730, CVE-2024-48881, CVE-2024-49571, CVE-2024-49925,
CVE-2024-49950, CVE-2024-49974, CVE-2024-49996, CVE-2024-49998,
CVE-2024-50051, CVE-2024-50055, CVE-2024-50121, CVE-2024-50242,
CVE-2024-50248, CVE-2024-50256, CVE-2024-50275, CVE-2024-50283,
CVE-2024-50304, CVE-2024-52332, CVE-2024-53096, CVE-2024-53099,
CVE-2024-53112, CVE-2024-53113, CVE-2024-53119, CVE-2024-53120,
CVE-2024-53121, CVE-2024-53122, CVE-2024-53124, CVE-2024-53125,
CVE-2024-53127, CVE-2024-53129, CVE-2024-53130, CVE-2024-53131,
CVE-2024-53135, CVE-2024-53136, CVE-2024-53138, CVE-2024-53140,
CVE-2024-53142, CVE-2024-53145, CVE-2024-53146, CVE-2024-53148,
CVE-2024-53150, CVE-2024-53151, CVE-2024-53155, CVE-2024-53156,
CVE-2024-53157, CVE-2024-53158, CVE-2024-53161, CVE-2024-53165,
CVE-2024-53171, CVE-2024-53172, CVE-2024-53173, CVE-2024-53174,
CVE-2024-53180, CVE-2024-53181, CVE-2024-53183, CVE-2024-53184,
CVE-2024-53194, CVE-2024-53197, CVE-2024-53198, CVE-2024-53206,
CVE-2024-53214, CVE-2024-53215, CVE-2024-53217, CVE-2024-53226,
CVE-2024-53227, CVE-2024-53237, CVE-2024-53239, CVE-2024-53680,
CVE-2024-53685, CVE-2024-53690, CVE-2024-55881, CVE-2024-55916,
CVE-2024-56369, CVE-2024-56531, CVE-2024-56532, CVE-2024-56533,
CVE-2024-56539, CVE-2024-56548, CVE-2024-56558, CVE-2024-56562,
CVE-2024-56567, CVE-2024-56568, CVE-2024-56569, CVE-2024-56570,
CVE-2024-56572, CVE-2024-56574, CVE-2024-56575, CVE-2024-56576,
CVE-2024-56578, CVE-2024-56581, CVE-2024-56586, CVE-2024-56587,
CVE-2024-56589, CVE-2024-56590, CVE-2024-56593, CVE-2024-56594,
CVE-2024-56595, CVE-2024-56596, CVE-2024-56597, CVE-2024-56598,
CVE-2024-56600, CVE-2024-56601, CVE-2024-56602, CVE-2024-56603,
CVE-2024-56605, CVE-2024-56606, CVE-2024-56610, CVE-2024-56614,
CVE-2024-56615, CVE-2024-56616, CVE-2024-56619, CVE-2024-56622,
CVE-2024-56623, CVE-2024-56625, CVE-2024-56626, CVE-2024-56627,
CVE-2024-56629, CVE-2024-56630, CVE-2024-56631, CVE-2024-56633,
CVE-2024-56634, CVE-2024-56636, CVE-2024-56637, CVE-2024-56640,
CVE-2024-56642, CVE-2024-56643, CVE-2024-56644, CVE-2024-56645,
CVE-2024-56648, CVE-2024-56650, CVE-2024-56651, CVE-2024-56658,
CVE-2024-56659, CVE-2024-56662, CVE-2024-56670, CVE-2024-56678,
CVE-2024-56679, CVE-2024-56681, CVE-2024-56688, CVE-2024-56690,
CVE-2024-56691, CVE-2024-56693, CVE-2024-56694, CVE-2024-56698,
CVE-2024-56700, CVE-2024-56701, CVE-2024-56704, CVE-2024-56705,
CVE-2024-56708, CVE-2024-56715, CVE-2024-56716, CVE-2024-56720,
CVE-2024-56723, CVE-2024-56724, CVE-2024-56726, CVE-2024-56728,
CVE-2024-56739, CVE-2024-56745, CVE-2024-56746, CVE-2024-56747,
CVE-2024-56748, CVE-2024-56754, CVE-2024-56756, CVE-2024-56759,
CVE-2024-56763, CVE-2024-56767, CVE-2024-56769, CVE-2024-56770,
CVE-2024-56774, CVE-2024-56776, CVE-2024-56777, CVE-2024-56778,
CVE-2024-56779, CVE-2024-56780, CVE-2024-56781, CVE-2024-56785,
CVE-2024-56787, CVE-2024-57791, CVE-2024-57792, CVE-2024-57798,
CVE-2024-57802, CVE-2024-57807, CVE-2024-57838, CVE-2024-57841,
CVE-2024-57849, CVE-2024-57850, CVE-2024-57874, CVE-2024-57882,
CVE-2024-57884, CVE-2024-57889, CVE-2024-57890, CVE-2024-57892,
CVE-2024-57896, CVE-2024-57897, CVE-2024-57900, CVE-2024-57901,
CVE-2024-57902, CVE-2024-57903, CVE-2024-57904, CVE-2024-57906,
CVE-2024-57907, CVE-2024-57908, CVE-2024-57910, CVE-2024-57911,
CVE-2024-57912, CVE-2024-57913, CVE-2024-57917, CVE-2024-57922,
CVE-2024-57925, CVE-2024-57929, CVE-2024-57931, CVE-2024-57938,
CVE-2024-57939, CVE-2024-57940, CVE-2024-57946, CVE-2024-57948,
CVE-2024-57951, CVE-2024-58087, CVE-2025-21631, CVE-2025-21636,
CVE-2025-21637, CVE-2025-21638, CVE-2025-21639, CVE-2025-21640,
CVE-2025-21646, CVE-2025-21648, CVE-2025-21653, CVE-2025-21664,
CVE-2025-21665, CVE-2025-21666, CVE-2025-21669, CVE-2025-21678,
CVE-2025-21680, CVE-2025-21683, CVE-2025-21687, CVE-2025-21689,
CVE-2025-21690, CVE-2025-21692, CVE-2025-21694, CVE-2025-21697,
CVE-2025-21699, CVE-2025-21700, CVE-2025-21701, CVE-2025-21702,
CVE-2025-21703, CVE-2025-21756, CVE-2025-21993

Package Information:
https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1077.83~20.04.1

[USN-7449-2] Linux kernel (HWE) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7449-2
April 24, 2025

linux-hwe-6.8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-hwe-6.8: Linux hardware enablement (HWE) kernel

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- CXL (Compute Express Link) drivers;
- EDAC drivers;
- ARM SCMI message protocol;
- ARM SCPI message protocol;
- EFI core;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I3C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- LED subsystem;
- Multiple devices driver;
- Media drivers;
- Multifunction device drivers;
- MMC subsystem;
- MTD block device drivers;
- Network drivers;
- Mellanox network drivers;
- STMicroelectronics network drivers;
- NVME drivers;
- PCI subsystem;
- PHY drivers;
- Pin controllers subsystem;
- x86 platform drivers;
- i.MX PM domains;
- Voltage and Current Regulator drivers;
- StarFive reset controller drivers;
- Real Time Clock drivers;
- SCSI subsystem;
- i.MX SoC drivers;
- QCOM SoC drivers;
- Xilinx SoC drivers;
- SPI subsystem;
- Media staging drivers;
- TCM subsystem;
- UFS subsystem;
- DesignWare USB3 driver;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Port Controller Manager driver;
- USB Type-C Connector System Software Interface driver;
- vDPA drivers;
- VFIO drivers;
- Framebuffer layer;
- Xen hypervisor drivers;
- AFS file system;
- BTRFS file system;
- File systems infrastructure;
- EROFS file system;
- F2FS file system;
- JFFS2 file system;
- JFS file system;
- Network file systems library;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- NTFS3 file system;
- Overlay file system;
- Proc file system;
- Diskquota system;
- SMB network file system;
- UBI file system;
- DRM display driver;
- BPF subsystem;
- StackDepot library;
- Bluetooth subsystem;
- IP tunnels definitions;
- Netfilter;
- Tracing infrastructure;
- User-space API (UAPI);
- Kernel init infrastructure;
- io_uring subsystem;
- IPC subsystem;
- DMA mapping infrastructure;
- Kernel fork() syscall;
- KCSAN framework;
- RCU subsystem;
- Arbitrary resource management;
- Scheduler infrastructure;
- Signal handling mechanism;
- Task handling mechanism;
- Timer subsystem;
- KUnit library;
- Memory management;
- 9P file system network protocol;
- CAN network layer;
- Networking core;
- DCCP (Datagram Congestion Control Protocol);
- Ethtool driver;
- HSR network protocol;
- IEEE802154.4 network protocol;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- MAC80211 subsystem;
- Multipath TCP;
- Packet sockets;
- RxRPC session sockets;
- Network traffic control;
- SCTP protocol;
- SMC sockets;
- Sun RPC protocol;
- TIPC protocol;
- VMware vSockets driver;
- Wireless networking;
- eXpress Data Path;
- XFRM subsystem;
- Integrity Measurement Architecture(IMA) framework;
- Key management;
- ALSA framework;
- FireWire sound drivers;
- HD-audio driver;
- MediaTek ASoC drivers;
- QCOM ASoC drivers;
- SoC audio core drivers;
- STMicroelectronics SoC drivers;
- USB sound devices;
(CVE-2022-49034, CVE-2024-56632, CVE-2024-53177, CVE-2024-56679,
CVE-2024-48881, CVE-2024-56690, CVE-2024-50216, CVE-2024-50269,
CVE-2024-53079, CVE-2024-50111, CVE-2024-50103, CVE-2024-50147,
CVE-2024-53089, CVE-2024-56579, CVE-2024-53110, CVE-2024-50203,
CVE-2024-50243, CVE-2024-57872, CVE-2024-53181, CVE-2024-50155,
CVE-2024-53196, CVE-2024-50154, CVE-2024-53084, CVE-2024-50128,
CVE-2024-53146, CVE-2024-53047, CVE-2024-56619, CVE-2024-50259,
CVE-2024-56724, CVE-2024-50270, CVE-2024-44955, CVE-2024-53166,
CVE-2024-56771, CVE-2024-53081, CVE-2024-50172, CVE-2024-56636,
CVE-2024-56543, CVE-2024-49906, CVE-2024-45828, CVE-2024-50236,
CVE-2024-50284, CVE-2024-56694, CVE-2024-56777, CVE-2024-50296,
CVE-2024-53083, CVE-2024-50299, CVE-2024-53117, CVE-2024-53202,
CVE-2024-53052, CVE-2024-53145, CVE-2024-53106, CVE-2024-50121,
CVE-2024-53113, CVE-2024-50300, CVE-2024-50211, CVE-2024-50226,
CVE-2024-50230, CVE-2024-56698, CVE-2024-53184, CVE-2024-50142,
CVE-2024-56638, CVE-2024-53043, CVE-2024-56651, CVE-2024-50105,
CVE-2024-56549, CVE-2024-56644, CVE-2024-50303, CVE-2024-53108,
CVE-2024-53221, CVE-2024-56576, CVE-2024-50248, CVE-2024-50222,
CVE-2024-53150, CVE-2024-50287, CVE-2024-53045, CVE-2024-53213,
CVE-2024-50127, CVE-2024-53129, CVE-2024-53217, CVE-2024-53130,
CVE-2024-56640, CVE-2024-56634, CVE-2024-53169, CVE-2024-53200,
CVE-2024-53151, CVE-2024-53087, CVE-2024-53050, CVE-2024-53237,
CVE-2024-50159, CVE-2024-43098, CVE-2025-21831, CVE-2024-52332,
CVE-2024-53220, CVE-2024-50138, CVE-2024-53115, CVE-2024-50152,
CVE-2024-56703, CVE-2024-53168, CVE-2024-53123, CVE-2024-50271,
CVE-2024-50210, CVE-2024-50275, CVE-2024-50153, CVE-2024-50301,
CVE-2024-56601, CVE-2024-47141, CVE-2024-56649, CVE-2024-50133,
CVE-2024-56772, CVE-2024-50249, CVE-2024-50118, CVE-2024-56562,
CVE-2024-53197, CVE-2024-56566, CVE-2024-56725, CVE-2024-56603,
CVE-2024-56621, CVE-2024-50292, CVE-2024-56561, CVE-2024-53139,
CVE-2024-56575, CVE-2024-53155, CVE-2024-53048, CVE-2024-50272,
CVE-2024-53119, CVE-2024-53215, CVE-2024-53172, CVE-2024-50279,
CVE-2024-56739, CVE-2024-56700, CVE-2024-53135, CVE-2024-50252,
CVE-2024-56688, CVE-2024-41014, CVE-2024-56604, CVE-2024-53099,
CVE-2024-56701, CVE-2024-56532, CVE-2024-53222, CVE-2024-56533,
CVE-2024-56787, CVE-2024-53121, CVE-2024-53053, CVE-2024-50206,
CVE-2024-53091, CVE-2024-50208, CVE-2024-53134, CVE-2024-56568,
CVE-2024-53183, CVE-2024-56780, CVE-2024-53194, CVE-2024-56586,
CVE-2024-53127, CVE-2024-50263, CVE-2024-56776, CVE-2024-53208,
CVE-2024-50273, CVE-2024-53178, CVE-2024-53214, CVE-2024-50282,
CVE-2024-50245, CVE-2024-56616, CVE-2024-50145, CVE-2024-50235,
CVE-2024-50276, CVE-2024-50110, CVE-2024-56748, CVE-2024-56558,
CVE-2024-53122, CVE-2024-50162, CVE-2024-53131, CVE-2024-50120,
CVE-2024-56627, CVE-2024-53076, CVE-2024-53228, CVE-2024-53058,
CVE-2024-53201, CVE-2024-50267, CVE-2024-50104, CVE-2024-53109,
CVE-2024-56565, CVE-2024-56574, CVE-2024-53231, CVE-2024-56631,
CVE-2024-56625, CVE-2024-53093, CVE-2024-53051, CVE-2024-50151,
CVE-2024-53198, CVE-2024-50156, CVE-2024-50244, CVE-2024-53062,
CVE-2024-56588, CVE-2024-53095, CVE-2024-53142, CVE-2024-53210,
CVE-2024-53120, CVE-2024-50265, CVE-2024-53185, CVE-2024-56590,
CVE-2024-50108, CVE-2024-50220, CVE-2024-56756, CVE-2024-56635,
CVE-2024-50304, CVE-2024-56545, CVE-2024-57849, CVE-2024-56708,
CVE-2024-53157, CVE-2024-50250, CVE-2024-56678, CVE-2024-57874,
CVE-2024-53114, CVE-2024-53160, CVE-2024-56723, CVE-2024-56683,
CVE-2024-56570, CVE-2024-53209, CVE-2024-53126, CVE-2024-56581,
CVE-2024-53161, CVE-2024-56605, CVE-2024-50115, CVE-2024-50135,
CVE-2024-53061, CVE-2024-50126, CVE-2024-56573, CVE-2024-56567,
CVE-2024-56546, CVE-2024-53180, CVE-2024-50283, CVE-2024-50207,
CVE-2024-50242, CVE-2024-50240, CVE-2024-50130, CVE-2024-47794,
CVE-2024-56611, CVE-2024-56751, CVE-2024-53138, CVE-2024-53195,
CVE-2024-47143, CVE-2024-56691, CVE-2025-21702, CVE-2024-56742,
CVE-2024-53223, CVE-2024-53227, CVE-2024-50150, CVE-2024-56594,
CVE-2024-50140, CVE-2024-56721, CVE-2024-53059, CVE-2024-41932,
CVE-2024-41935, CVE-2024-56607, CVE-2024-53191, CVE-2024-53055,
CVE-2024-50218, CVE-2024-56746, CVE-2024-53096, CVE-2024-56531,
CVE-2024-57876, CVE-2024-56592, CVE-2024-56722, CVE-2024-56728,
CVE-2025-21700, CVE-2024-53232, CVE-2024-56608, CVE-2024-53190,
CVE-2024-56752, CVE-2024-50234, CVE-2024-56572, CVE-2024-53044,
CVE-2024-50107, CVE-2024-56677, CVE-2024-53111, CVE-2024-50205,
CVE-2024-56650, CVE-2024-48875, CVE-2024-56609, CVE-2024-53680,
CVE-2024-56687, CVE-2024-53175, CVE-2024-50231, CVE-2024-56578,
CVE-2024-50112, CVE-2024-56647, CVE-2024-50294, CVE-2024-50160,
CVE-2024-50209, CVE-2024-53147, CVE-2024-56707, CVE-2024-53088,
CVE-2024-50167, CVE-2024-50232, CVE-2024-56642, CVE-2024-56596,
CVE-2024-50224, CVE-2024-53100, CVE-2024-50137, CVE-2024-56633,
CVE-2024-56580, CVE-2024-53118, CVE-2024-53082, CVE-2024-56569,
CVE-2024-56775, CVE-2024-53173, CVE-2024-56727, CVE-2024-56597,
CVE-2024-56593, CVE-2024-56744, CVE-2024-53105, CVE-2024-56786,
CVE-2024-53224, CVE-2024-53162, CVE-2024-57838, CVE-2024-50223,
CVE-2024-50139, CVE-2024-56557, CVE-2024-50221, CVE-2024-50124,
CVE-2024-50251, CVE-2024-50170, CVE-2024-53230, CVE-2024-53148,
CVE-2024-56623, CVE-2024-50125, CVE-2024-53094, CVE-2024-50136,
CVE-2024-50288, CVE-2024-50131, CVE-2024-56689, CVE-2024-56610,
CVE-2024-53066, CVE-2024-56641, CVE-2024-50067, CVE-2024-53174,
CVE-2024-53236, CVE-2024-56785, CVE-2024-56637, CVE-2024-56765,
CVE-2024-50255, CVE-2024-53187, CVE-2024-56643, CVE-2024-56540,
CVE-2024-50261, CVE-2024-56630, CVE-2024-50169, CVE-2024-50010,
CVE-2024-53128, CVE-2024-56551, CVE-2024-53090, CVE-2024-56773,
CVE-2025-21701, CVE-2024-50262, CVE-2024-56648, CVE-2024-56779,
CVE-2024-50278, CVE-2024-53086, CVE-2024-48873, CVE-2024-56745,
CVE-2024-50247, CVE-2024-56602, CVE-2024-53085, CVE-2024-50238,
CVE-2024-56726, CVE-2024-50256, CVE-2024-49899, CVE-2024-50239,
CVE-2024-50166, CVE-2024-56629, CVE-2024-50225, CVE-2024-53060,
CVE-2024-53046, CVE-2025-21756, CVE-2024-50051, CVE-2024-50258,
CVE-2024-50297, CVE-2024-53203, CVE-2024-50257, CVE-2024-56577,
CVE-2024-50116, CVE-2024-53226, CVE-2024-47809, CVE-2024-50280,
CVE-2024-53229, CVE-2024-50290, CVE-2024-56600, CVE-2024-50143,
CVE-2024-53171, CVE-2024-53163, CVE-2024-56704, CVE-2024-50274,
CVE-2024-53072, CVE-2024-50141, CVE-2024-48876, CVE-2024-56681,
CVE-2024-56599, CVE-2024-56774, CVE-2024-56583, CVE-2024-50146,
CVE-2024-56729, CVE-2024-50295, CVE-2024-56693, CVE-2024-53158,
CVE-2024-56548, CVE-2024-53154, CVE-2024-53188, CVE-2024-50237,
CVE-2024-56550, CVE-2024-53233, CVE-2024-53068, CVE-2024-56783,
CVE-2024-50164, CVE-2024-53067, CVE-2024-50298, CVE-2024-50285,
CVE-2024-50246, CVE-2024-42122, CVE-2024-56754, CVE-2024-56606,
CVE-2024-53101, CVE-2024-56626, CVE-2024-56589, CVE-2024-56692,
CVE-2024-53234, CVE-2024-56613, CVE-2024-53133, CVE-2024-56747,
CVE-2024-57843, CVE-2024-50215, CVE-2024-56705, CVE-2024-56620,
CVE-2024-56615, CVE-2024-56539, CVE-2024-57850, CVE-2024-56755,
CVE-2024-56584, CVE-2024-50291, CVE-2024-53218, CVE-2024-56685,
CVE-2024-50158, CVE-2024-56782, CVE-2024-53176, CVE-2024-53042,
CVE-2024-50268, CVE-2024-53239, CVE-2024-50286, CVE-2024-53107,
CVE-2024-56645, CVE-2024-56538, CVE-2024-56622, CVE-2024-56720,
CVE-2024-50163, CVE-2025-21993, CVE-2024-53219, CVE-2024-56587,
CVE-2024-56781, CVE-2024-49569, CVE-2024-50289, CVE-2024-53112,
CVE-2024-56778)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-6.8.0-58-generic 6.8.0-58.60~22.04.1
linux-image-6.8.0-58-generic-64k 6.8.0-58.60~22.04.1
linux-image-generic-64k-hwe-22.04 6.8.0-58.60~22.04.1
linux-image-generic-hwe-22.04 6.8.0-58.60~22.04.1
linux-image-oem-22.04 6.8.0-58.60~22.04.1
linux-image-oem-22.04a 6.8.0-58.60~22.04.1
linux-image-oem-22.04b 6.8.0-58.60~22.04.1
linux-image-oem-22.04c 6.8.0-58.60~22.04.1
linux-image-oem-22.04d 6.8.0-58.60~22.04.1
linux-image-virtual-hwe-22.04 6.8.0-58.60~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7449-2
https://ubuntu.com/security/notices/USN-7449-1
CVE-2022-49034, CVE-2024-41014, CVE-2024-41932, CVE-2024-41935,
CVE-2024-42122, CVE-2024-43098, CVE-2024-44955, CVE-2024-45828,
CVE-2024-47141, CVE-2024-47143, CVE-2024-47794, CVE-2024-47809,
CVE-2024-48873, CVE-2024-48875, CVE-2024-48876, CVE-2024-48881,
CVE-2024-49569, CVE-2024-49899, CVE-2024-49906, CVE-2024-50010,
CVE-2024-50051, CVE-2024-50067, CVE-2024-50103, CVE-2024-50104,
CVE-2024-50105, CVE-2024-50107, CVE-2024-50108, CVE-2024-50110,
CVE-2024-50111, CVE-2024-50112, CVE-2024-50115, CVE-2024-50116,
CVE-2024-50118, CVE-2024-50120, CVE-2024-50121, CVE-2024-50124,
CVE-2024-50125, CVE-2024-50126, CVE-2024-50127, CVE-2024-50128,
CVE-2024-50130, CVE-2024-50131, CVE-2024-50133, CVE-2024-50135,
CVE-2024-50136, CVE-2024-50137, CVE-2024-50138, CVE-2024-50139,
CVE-2024-50140, CVE-2024-50141, CVE-2024-50142, CVE-2024-50143,
CVE-2024-50145, CVE-2024-50146, CVE-2024-50147, CVE-2024-50150,
CVE-2024-50151, CVE-2024-50152, CVE-2024-50153, CVE-2024-50154,
CVE-2024-50155, CVE-2024-50156, CVE-2024-50158, CVE-2024-50159,
CVE-2024-50160, CVE-2024-50162, CVE-2024-50163, CVE-2024-50164,
CVE-2024-50166, CVE-2024-50167, CVE-2024-50169, CVE-2024-50170,
CVE-2024-50172, CVE-2024-50203, CVE-2024-50205, CVE-2024-50206,
CVE-2024-50207, CVE-2024-50208, CVE-2024-50209, CVE-2024-50210,
CVE-2024-50211, CVE-2024-50215, CVE-2024-50216, CVE-2024-50218,
CVE-2024-50220, CVE-2024-50221, CVE-2024-50222, CVE-2024-50223,
CVE-2024-50224, CVE-2024-50225, CVE-2024-50226, CVE-2024-50230,
CVE-2024-50231, CVE-2024-50232, CVE-2024-50234, CVE-2024-50235,
CVE-2024-50236, CVE-2024-50237, CVE-2024-50238, CVE-2024-50239,
CVE-2024-50240, CVE-2024-50242, CVE-2024-50243, CVE-2024-50244,
CVE-2024-50245, CVE-2024-50246, CVE-2024-50247, CVE-2024-50248,
CVE-2024-50249, CVE-2024-50250, CVE-2024-50251, CVE-2024-50252,
CVE-2024-50255, CVE-2024-50256, CVE-2024-50257, CVE-2024-50258,
CVE-2024-50259, CVE-2024-50261, CVE-2024-50262, CVE-2024-50263,
CVE-2024-50265, CVE-2024-50267, CVE-2024-50268, CVE-2024-50269,
CVE-2024-50270, CVE-2024-50271, CVE-2024-50272, CVE-2024-50273,
CVE-2024-50274, CVE-2024-50275, CVE-2024-50276, CVE-2024-50278,
CVE-2024-50279, CVE-2024-50280, CVE-2024-50282, CVE-2024-50283,
CVE-2024-50284, CVE-2024-50285, CVE-2024-50286, CVE-2024-50287,
CVE-2024-50288, CVE-2024-50289, CVE-2024-50290, CVE-2024-50291,
CVE-2024-50292, CVE-2024-50294, CVE-2024-50295, CVE-2024-50296,
CVE-2024-50297, CVE-2024-50298, CVE-2024-50299, CVE-2024-50300,
CVE-2024-50301, CVE-2024-50303, CVE-2024-50304, CVE-2024-52332,
CVE-2024-53042, CVE-2024-53043, CVE-2024-53044, CVE-2024-53045,
CVE-2024-53046, CVE-2024-53047, CVE-2024-53048, CVE-2024-53050,
CVE-2024-53051, CVE-2024-53052, CVE-2024-53053, CVE-2024-53055,
CVE-2024-53058, CVE-2024-53059, CVE-2024-53060, CVE-2024-53061,
CVE-2024-53062, CVE-2024-53066, CVE-2024-53067, CVE-2024-53068,
CVE-2024-53072, CVE-2024-53076, CVE-2024-53079, CVE-2024-53081,
CVE-2024-53082, CVE-2024-53083, CVE-2024-53084, CVE-2024-53085,
CVE-2024-53086, CVE-2024-53087, CVE-2024-53088, CVE-2024-53089,
CVE-2024-53090, CVE-2024-53091, CVE-2024-53093, CVE-2024-53094,
CVE-2024-53095, CVE-2024-53096, CVE-2024-53099, CVE-2024-53100,
CVE-2024-53101, CVE-2024-53105, CVE-2024-53106, CVE-2024-53107,
CVE-2024-53108, CVE-2024-53109, CVE-2024-53110, CVE-2024-53111,
CVE-2024-53112, CVE-2024-53113, CVE-2024-53114, CVE-2024-53115,
CVE-2024-53117, CVE-2024-53118, CVE-2024-53119, CVE-2024-53120,
CVE-2024-53121, CVE-2024-53122, CVE-2024-53123, CVE-2024-53126,
CVE-2024-53127, CVE-2024-53128, CVE-2024-53129, CVE-2024-53130,
CVE-2024-53131, CVE-2024-53133, CVE-2024-53134, CVE-2024-53135,
CVE-2024-53138, CVE-2024-53139, CVE-2024-53142, CVE-2024-53145,
CVE-2024-53146, CVE-2024-53147, CVE-2024-53148, CVE-2024-53150,
CVE-2024-53151, CVE-2024-53154, CVE-2024-53155, CVE-2024-53157,
CVE-2024-53158, CVE-2024-53160, CVE-2024-53161, CVE-2024-53162,
CVE-2024-53163, CVE-2024-53166, CVE-2024-53168, CVE-2024-53169,
CVE-2024-53171, CVE-2024-53172, CVE-2024-53173, CVE-2024-53174,
CVE-2024-53175, CVE-2024-53176, CVE-2024-53177, CVE-2024-53178,
CVE-2024-53180, CVE-2024-53181, CVE-2024-53183, CVE-2024-53184,
CVE-2024-53185, CVE-2024-53187, CVE-2024-53188, CVE-2024-53190,
CVE-2024-53191, CVE-2024-53194, CVE-2024-53195, CVE-2024-53196,
CVE-2024-53197, CVE-2024-53198, CVE-2024-53200, CVE-2024-53201,
CVE-2024-53202, CVE-2024-53203, CVE-2024-53208, CVE-2024-53209,
CVE-2024-53210, CVE-2024-53213, CVE-2024-53214, CVE-2024-53215,
CVE-2024-53217, CVE-2024-53218, CVE-2024-53219, CVE-2024-53220,
CVE-2024-53221, CVE-2024-53222, CVE-2024-53223, CVE-2024-53224,
CVE-2024-53226, CVE-2024-53227, CVE-2024-53228, CVE-2024-53229,
CVE-2024-53230, CVE-2024-53231, CVE-2024-53232, CVE-2024-53233,
CVE-2024-53234, CVE-2024-53236, CVE-2024-53237, CVE-2024-53239,
CVE-2024-53680, CVE-2024-56531, CVE-2024-56532, CVE-2024-56533,
CVE-2024-56538, CVE-2024-56539, CVE-2024-56540, CVE-2024-56543,
CVE-2024-56545, CVE-2024-56546, CVE-2024-56548, CVE-2024-56549,
CVE-2024-56550, CVE-2024-56551, CVE-2024-56557, CVE-2024-56558,
CVE-2024-56561, CVE-2024-56562, CVE-2024-56565, CVE-2024-56566,
CVE-2024-56567, CVE-2024-56568, CVE-2024-56569, CVE-2024-56570,
CVE-2024-56572, CVE-2024-56573, CVE-2024-56574, CVE-2024-56575,
CVE-2024-56576, CVE-2024-56577, CVE-2024-56578, CVE-2024-56579,
CVE-2024-56580, CVE-2024-56581, CVE-2024-56583, CVE-2024-56584,
CVE-2024-56586, CVE-2024-56587, CVE-2024-56588, CVE-2024-56589,
CVE-2024-56590, CVE-2024-56592, CVE-2024-56593, CVE-2024-56594,
CVE-2024-56596, CVE-2024-56597, CVE-2024-56599, CVE-2024-56600,
CVE-2024-56601, CVE-2024-56602, CVE-2024-56603, CVE-2024-56604,
CVE-2024-56605, CVE-2024-56606, CVE-2024-56607, CVE-2024-56608,
CVE-2024-56609, CVE-2024-56610, CVE-2024-56611, CVE-2024-56613,
CVE-2024-56615, CVE-2024-56616, CVE-2024-56619, CVE-2024-56620,
CVE-2024-56621, CVE-2024-56622, CVE-2024-56623, CVE-2024-56625,
CVE-2024-56626, CVE-2024-56627, CVE-2024-56629, CVE-2024-56630,
CVE-2024-56631, CVE-2024-56632, CVE-2024-56633, CVE-2024-56634,
CVE-2024-56635, CVE-2024-56636, CVE-2024-56637, CVE-2024-56638,
CVE-2024-56640, CVE-2024-56641, CVE-2024-56642, CVE-2024-56643,
CVE-2024-56644, CVE-2024-56645, CVE-2024-56647, CVE-2024-56648,
CVE-2024-56649, CVE-2024-56650, CVE-2024-56651, CVE-2024-56677,
CVE-2024-56678, CVE-2024-56679, CVE-2024-56681, CVE-2024-56683,
CVE-2024-56685, CVE-2024-56687, CVE-2024-56688, CVE-2024-56689,
CVE-2024-56690, CVE-2024-56691, CVE-2024-56692, CVE-2024-56693,
CVE-2024-56694, CVE-2024-56698, CVE-2024-56700, CVE-2024-56701,
CVE-2024-56703, CVE-2024-56704, CVE-2024-56705, CVE-2024-56707,
CVE-2024-56708, CVE-2024-56720, CVE-2024-56721, CVE-2024-56722,
CVE-2024-56723, CVE-2024-56724, CVE-2024-56725, CVE-2024-56726,
CVE-2024-56727, CVE-2024-56728, CVE-2024-56729, CVE-2024-56739,
CVE-2024-56742, CVE-2024-56744, CVE-2024-56745, CVE-2024-56746,
CVE-2024-56747, CVE-2024-56748, CVE-2024-56751, CVE-2024-56752,
CVE-2024-56754, CVE-2024-56755, CVE-2024-56756, CVE-2024-56765,
CVE-2024-56771, CVE-2024-56772, CVE-2024-56773, CVE-2024-56774,
CVE-2024-56775, CVE-2024-56776, CVE-2024-56777, CVE-2024-56778,
CVE-2024-56779, CVE-2024-56780, CVE-2024-56781, CVE-2024-56782,
CVE-2024-56783, CVE-2024-56785, CVE-2024-56786, CVE-2024-56787,
CVE-2024-57838, CVE-2024-57843, CVE-2024-57849, CVE-2024-57850,
CVE-2024-57872, CVE-2024-57874, CVE-2024-57876, CVE-2025-21700,
CVE-2025-21701, CVE-2025-21702, CVE-2025-21756, CVE-2025-21831,
CVE-2025-21993

Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-58.60~22.04.1

[USN-7462-2] Linux kernel (AWS FIPS) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7462-2
April 24, 2025

linux-aws-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Network namespace;
- Bluetooth subsystem;
- Networking core;
- IPv6 networking;
- Network traffic control;
(CVE-2024-56651, CVE-2021-47119, CVE-2025-21700, CVE-2025-21702,
CVE-2024-49974, CVE-2024-56658, CVE-2024-53237, CVE-2025-21703,
CVE-2024-26928, CVE-2024-26915, CVE-2024-35958, CVE-2024-50256,
CVE-2024-35864, CVE-2024-46826)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1144-aws-fips 5.4.0-1144.155+fips1
Available with Ubuntu Pro
linux-image-aws-fips 5.4.0.1144.91
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7462-2
https://ubuntu.com/security/notices/USN-7462-1
CVE-2021-47119, CVE-2024-26915, CVE-2024-26928, CVE-2024-35864,
CVE-2024-35958, CVE-2024-46826, CVE-2024-49974, CVE-2024-50256,
CVE-2024-53237, CVE-2024-56651, CVE-2024-56658, CVE-2025-21700,
CVE-2025-21702, CVE-2025-21703

[USN-7456-1] Twig vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7456-1
April 24, 2025

php-twig vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Twig.

Software Description:
- php-twig: Flexible, fast, and secure template engine for PHP

Details:

Fabien Potencier discovered that Twig did not run sandbox security checks
in some circumstances. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary commands. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-45411)

Jamie Schouten discovered that Twig could bypass the security policy for
an object call. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2024-51754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
php-twig                        3.8.0-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
php-twig                        3.3.8-2ubuntu4+esm2
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
php-twig                        2.12.5-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7456-1
CVE-2024-45411, CVE-2024-51754

Libsoup, LibXML, Govulncheck-Vulndb, Mozilla Thunderbird, Glib2, Mozjs60, and Ruby2.5 updates for SUSE

Openrazer and Libbpf updates for Debian 11 LTS

Linux kernel, OpenSSH, Twig updates for Ubuntu

[USN-7455-3] Linux kernel (Real-time) vulnerabilities

[USN-7455-2] Linux kernel (FIPS) vulnerabilities

[USN-7455-1] Linux kernel vulnerabilities

[USN-7461-1] Linux kernel vulnerabilities

[USN-7457-1] OpenSSH vulnerability

[USN-7460-1] Linux kernel (Azure FIPS) vulnerabilities

[USN-7459-1] Linux kernel (Intel IoTG) vulnerabilities

[USN-7449-2] Linux kernel (HWE) vulnerabilities

[USN-7462-2] Linux kernel (AWS FIPS) vulnerabilities

[USN-7456-1] Twig vulnerabilities

Windows

Linux

macOS

Community