Linux Kernel updates for Ubuntu Linux

Ubuntu 6929 Published by

Ubuntu has released several security updates for its Linux Kernel packages to address various vulnerabilities. The updates cover different kernel versions, including those used by real-time systems, FIPS-compliant systems, Raspberry Pi devices, and cloud environments such as GCP and GKE. Additionally, updates have been issued for Azure and generic Linux kernel configurations.

[USN-7860-4] Linux kernel (Real-time) vulnerability
[USN-7860-3] Linux kernel (FIPS) vulnerability
[USN-7795-5] Linux kernel (Raspberry Pi) vulnerabilities
[USN-7861-2] Linux kernel (Real-time) vulnerabilities
[USN-7864-1] Linux kernel (GCP and GKE) vulnerabilities
[USN-7853-3] Linux kernel (Azure) vulnerabilities




[USN-7860-4] Linux kernel (Real-time) vulnerability


==========================================================================
Ubuntu Security Notice USN-7860-4
November 07, 2025

linux-intel-iot-realtime, linux-realtime vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
- linux-intel-iot-realtime: Linux kernel for Intel IoT Real-time platforms
- linux-realtime: Linux kernel for Real-time systems

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1088-intel-iot-realtime 5.15.0-1088.90
Available with Ubuntu Pro
linux-image-5.15.0-1095-realtime 5.15.0-1095.104
Available with Ubuntu Pro
linux-image-intel-iot-realtime 5.15.0.1088.92
Available with Ubuntu Pro
linux-image-intel-iot-realtime-5.15 5.15.0.1088.92
Available with Ubuntu Pro
linux-image-realtime 5.15.0.1095.99
Available with Ubuntu Pro
linux-image-realtime-5.15 5.15.0.1095.99
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7860-4
https://ubuntu.com/security/notices/USN-7860-3
https://ubuntu.com/security/notices/USN-7860-2
https://ubuntu.com/security/notices/USN-7860-1
CVE-2025-40300

Package Information:
https://launchpad.net/ubuntu/+source/linux-intel-iot-realtime/5.15.0-1088.90
https://launchpad.net/ubuntu/+source/linux-realtime/5.15.0-1095.104



[USN-7860-3] Linux kernel (FIPS) vulnerability


==========================================================================
Ubuntu Security Notice USN-7860-3
November 07, 2025

linux-fips, linux-aws-fips, inux-gcp-fips vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1096-aws-fips 5.15.0-1096.103+fips1
Available with Ubuntu Pro
linux-image-5.15.0-1096-gcp-fips 5.15.0-1096.105+fips1
Available with Ubuntu Pro
linux-image-5.15.0-161-fips 5.15.0-161.171+fips1
Available with Ubuntu Pro
linux-image-aws-fips 5.15.0.1096.92
Available with Ubuntu Pro
linux-image-aws-fips-5.15 5.15.0.1096.92
Available with Ubuntu Pro
linux-image-fips 5.15.0.161.93
Available with Ubuntu Pro
linux-image-fips-5.15 5.15.0.161.93
Available with Ubuntu Pro
linux-image-gcp-fips 5.15.0.1096.86
Available with Ubuntu Pro
linux-image-gcp-fips-5.15 5.15.0.1096.86
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7860-3
https://ubuntu.com/security/notices/USN-7860-2
https://ubuntu.com/security/notices/USN-7860-1
CVE-2025-40300

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/5.15.0-1096.103+fips1
https://launchpad.net/ubuntu/+source/linux-fips/5.15.0-161.171+fips1
https://launchpad.net/ubuntu/+source/linux-gcp-fips/5.15.0-1096.105+fips1



[USN-7795-5] Linux kernel (Raspberry Pi) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7795-5
November 07, 2025

linux-raspi-5.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Ext4 file system;
- Network file system (NFS) server daemon;
- Packet sockets;
- Network traffic control;
- VMware vSockets driver;
(CVE-2025-21796, CVE-2025-37785, CVE-2025-38477, CVE-2025-38617,
CVE-2025-38618)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-5.4.0-1134-raspi 5.4.0-1134.147~18.04.1
Available with Ubuntu Pro
linux-image-raspi-5.4 5.4.0.1134.147~18.04.1
Available with Ubuntu Pro
linux-image-raspi-hwe-18.04 5.4.0.1134.147~18.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7795-5
https://ubuntu.com/security/notices/USN-7795-4
https://ubuntu.com/security/notices/USN-7795-3
https://ubuntu.com/security/notices/USN-7795-2
https://ubuntu.com/security/notices/USN-7795-1
CVE-2025-21796, CVE-2025-37785, CVE-2025-38477, CVE-2025-38617,
CVE-2025-38618



[USN-7861-2] Linux kernel (Real-time) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7861-2
November 07, 2025

linux-realtime, linux-realtime-6.8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-realtime: Linux kernel for Real-time systems
- linux-realtime-6.8: Linux kernel for Real-time systems

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HSI subsystem;
- Bluetooth subsystem;
- Timer subsystem;
(CVE-2025-37838, CVE-2025-38118, CVE-2025-38352)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.1-1037-realtime 6.8.1-1037.38
Available with Ubuntu Pro
linux-image-realtime 6.8.1-1037.38
Available with Ubuntu Pro
linux-image-realtime-6.8.1 6.8.1-1037.38
Available with Ubuntu Pro

Ubuntu 22.04 LTS
linux-image-6.8.1-1037-realtime 6.8.1-1037.38~22.04.1
Available with Ubuntu Pro
linux-image-realtime-6.8.1 6.8.1-1037.38~22.04.1
Available with Ubuntu Pro
linux-image-realtime-hwe-22.04 6.8.1-1037.38~22.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7861-2
https://ubuntu.com/security/notices/USN-7861-1
CVE-2025-37838, CVE-2025-38118, CVE-2025-38352, CVE-2025-40300

Package Information:
https://launchpad.net/ubuntu/+source/linux-realtime/6.8.1-1037.38

https://launchpad.net/ubuntu/+source/linux-realtime-6.8/6.8.1-1037.38~22.04.1



[USN-7864-1] Linux kernel (GCP and GKE) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7864-1
November 07, 2025

linux-gcp, linux-gcp-6.8, linux-gke vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HSI subsystem;
- I2C subsystem;
- Bluetooth subsystem;
- Timer subsystem;
(CVE-2025-37838, CVE-2025-38118, CVE-2025-38352, CVE-2025-38425)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1039-gke 6.8.0-1039.44
linux-image-6.8.0-1039-gke-64k 6.8.0-1039.44
linux-image-6.8.0-1043-gcp 6.8.0-1043.46
linux-image-6.8.0-1043-gcp-64k 6.8.0-1043.46
linux-image-gcp-6.8 6.8.0-1043.46
linux-image-gcp-64k-6.8 6.8.0-1043.46
linux-image-gcp-64k-lts-24.04 6.8.0-1043.46
linux-image-gcp-lts-24.04 6.8.0-1043.46
linux-image-gke 6.8.0-1039.44
linux-image-gke-6.8 6.8.0-1039.44
linux-image-gke-64k 6.8.0-1039.44
linux-image-gke-64k-6.8 6.8.0-1039.44

Ubuntu 22.04 LTS
linux-image-6.8.0-1043-gcp 6.8.0-1043.46~22.04.1
linux-image-6.8.0-1043-gcp-64k 6.8.0-1043.46~22.04.1
linux-image-gcp 6.8.0-1043.46~22.04.1
linux-image-gcp-6.8 6.8.0-1043.46~22.04.1
linux-image-gcp-64k 6.8.0-1043.46~22.04.1
linux-image-gcp-64k-6.8 6.8.0-1043.46~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7864-1
CVE-2025-37838, CVE-2025-38118, CVE-2025-38352, CVE-2025-38425,
CVE-2025-40300

Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1043.46
https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1039.44
https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1043.46~22.04.1



[USN-7853-3] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7853-3
November 07, 2025

linux-azure, linux-azure-4.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- SCTP protocol;
- USB sound devices;
(CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1194-azure 4.15.0-1194.209
Available with Ubuntu Pro
linux-image-azure-4.15 4.15.0.1194.162
Available with Ubuntu Pro
linux-image-azure-lts-18.04 4.15.0.1194.162
Available with Ubuntu Pro

Ubuntu 16.04 LTS
linux-image-4.15.0-1194-azure 4.15.0-1194.209~16.04.1
Available with Ubuntu Pro
linux-image-azure 4.15.0.1194.209~16.04.1
Available with Ubuntu Pro

Ubuntu 14.04 LTS
linux-image-4.15.0-1194-azure 4.15.0-1194.209~14.04.1
Available with Ubuntu Pro
linux-image-azure 4.15.0.1194.209~14.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7853-3
https://ubuntu.com/security/notices/USN-7853-2
https://ubuntu.com/security/notices/USN-7853-1
CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352, CVE-2025-40300


Kernel, ImageMagick, GPG2, Erlang, OpenJDK updates for SUSE

OpenJDK, Keystone, Swift, Chromium updates for Debian

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...