Ubuntu Security Notices

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – ARM64 architecture; – PowerPC architecture; – x86 architecture; – Cryptographic API; – ACPI drivers; – Ublk userspace block driver; – Clock framework and drivers; – EDAC drivers; – GPU drivers; – HSI subsystem; – IIO subsystem; – InfiniBand drivers; – Media drivers; – MemoryStick subsystem; – Network drivers; – NTB driver; – PCI subsystem; – Remote Processor subsystem; – Thermal drivers; – Virtio Host (VHOST) subsystem; – 9P distributed file system; – File systems infrastructure; – JFS file system; – Network file system (NFS) server daemon; – NTFS3 file system; – SMB network file system; – Memory management; – Bluetooth subsystem; – RDMA verbs API; – Kernel fork() syscall; – Timer subsystem; – Tracing infrastructure; – Watch queue notification mechanism; – Appletalk network protocol; – Asynchronous Transfer Mode (ATM) subsystem; – Networking core; – IPv4 networking; – IPv6 networking; – Netfilter; – Network traffic control; – SCTP protocol; – TLS protocol; – SoC Audio for Freescale CPUs drivers; (CVE-2023-53034, CVE-2024-58092, CVE-2025-21729, CVE-2025-22018, CVE-2025-22019, CVE-2025-22020, CVE-2025-22021, CVE-2025-22025, CVE-2025-22027, CVE-2025-22028, CVE-2025-22033, CVE-2025-22035, CVE-2025-22036, CVE-2025-22038, CVE-2025-22039, CVE-2025-22040, CVE-2025-22041, CVE-2025-22042, CVE-2025-22044, CVE-2025-22045, CVE-2025-22047, CVE-2025-22050, CVE-2025-22053, CVE-2025-22054, CVE-2025-22055, CVE-2025-22056, CVE-2025-22057, CVE-2025-22058, CVE-2025-22060, CVE-2025-22062, CVE-2025-22063, CVE-2025-22064, CVE-2025-22065, CVE-2025-22066, CVE-2025-22068, CVE-2025-22070, CVE-2025-22071, CVE-2025-22072, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079, CVE-2025-22080, CVE-2025-22081, CVE-2025-22083, CVE-2025-22086, CVE-2025-22089, CVE-2025-22090, CVE-2025-22095, CVE-2025-22097, CVE-2025-23136, CVE-2025-23138, CVE-2025-37838, CVE-2025-37937, CVE-2025-37958, CVE-2025-38118, CVE-2025-38152, CVE-2025-38227, CVE-2025-38240, CVE-2025-38352, CVE-2025-38575, CVE-2025-38616, CVE-2025-38637, CVE-2025-38666, CVE-2025-38678, CVE-2025-39682, CVE-2025-39728, CVE-2025-39735, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018, CVE-2025-40114, CVE-2025-40157)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – Cryptographic API; – ACPI drivers; – HSI subsystem; – I3C subsystem; – InfiniBand drivers; – Media drivers; – Network drivers; – Pin controllers subsystem; – AFS file system; – F2FS file system; – SMB network file system; – Padata parallel execution mechanism; – Timer subsystem; – Tracing infrastructure; – Memory management; – Appletalk network protocol; – Networking core; – Netfilter; (CVE-2022-49026, CVE-2022-49390, CVE-2023-52854, CVE-2024-35867, CVE-2024-47691, CVE-2024-49935, CVE-2024-50061, CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090, CVE-2024-53218, CVE-2024-56664, CVE-2025-21727, CVE-2025-21855, CVE-2025-37838, CVE-2025-37958, CVE-2025-38352, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – Cryptographic API; – ACPI drivers; – HSI subsystem; – I3C subsystem; – InfiniBand drivers; – Media drivers; – Network drivers; – Pin controllers subsystem; – AFS file system; – F2FS file system; – SMB network file system; – Padata parallel execution mechanism; – Timer subsystem; – Tracing infrastructure; – Memory management; – Appletalk network protocol; – Networking core; – Netfilter; (CVE-2022-49026, CVE-2022-49390, CVE-2023-52854, CVE-2024-35867, CVE-2024-47691, CVE-2024-49935, CVE-2024-50061, CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090, CVE-2024-53218, CVE-2024-56664, CVE-2025-21727, CVE-2025-21855, CVE-2025-37838, CVE-2025-37958, CVE-2025-38352, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – ARM32 architecture; – ARM64 architecture; – MIPS architecture; – PowerPC architecture; – RISC-V architecture; – S390 architecture; – x86 architecture; – Block layer subsystem; – Cryptographic API; – ACPI drivers; – ATM drivers; – DRBD Distributed Replicated Block Device drivers; – Bus devices; – Clock framework and drivers; – Data acquisition framework and drivers; – Hardware crypto device drivers; – Device frequency scaling framework; – Buffer Sharing and Synchronization framework; – DMA engine subsystem; – ARM SCMI message protocol; – GPU drivers; – HID subsystem; – Hardware monitoring drivers; – I2C subsystem; – I3C subsystem; – IIO subsystem; – InfiniBand drivers; – Input Device core drivers; – IOMMU subsystem; – Media drivers; – Network drivers; – Mellanox network drivers; – PCI subsystem; – PCCARD (PCMCIA/CardBus) bus subsystem; – PHY drivers; – Power supply drivers; – Voltage and Current Regulator drivers; – SCSI subsystem; – ASPEED SoC drivers; – QCOM SoC drivers; – small TFT LCD display modules; – Trusted Execution Environment drivers; – TTY drivers; – UFS subsystem; – USB core drivers; – DesignWare USB3 driver; – USB Gadget drivers; – Framebuffer layer; – AFS file system; – BTRFS file system; – File systems infrastructure; – EFI Variable file system; – Ext4 file system; – F2FS file system; – JFS file system; – Network file system (NFS) client; – Network file system (NFS) server daemon; – NILFS2 file system; – NTFS3 file system; – SMB network file system; – Asynchronous Transfer Mode (ATM) subsystem; – BPF subsystem; – NFS page cache wrapper; – Memory management; – Networking subsytem; – UDP network protocol; – Perf events; – RCU subsystem; – Tracing infrastructure; – 802.1Q VLAN protocol; – Appletalk network protocol; – Amateur Radio drivers; – B.A.T.M.A.N. meshing protocol; – Bluetooth subsystem; – Ethernet bridge; – Networking core; – HSR network protocol; – IPv4 networking; – IPv6 networking; – Multipath TCP; – Netfilter; – Network traffic control; – SCTP protocol; – TLS protocol; – Wireless networking; – SoC audio core drivers; – USB sound devices; (CVE-2022-49390, CVE-2022-50070, CVE-2022-50327, CVE-2023-52935, CVE-2023-53074, CVE-2024-47691, CVE-2024-50061, CVE-2024-50067, CVE-2024-53068, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855, CVE-2025-37925, CVE-2025-37968, CVE-2025-38095, CVE-2025-38148, CVE-2025-38165, CVE-2025-38335, CVE-2025-38347, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38499, CVE-2025-38502, CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38548, CVE-2025-38550, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38583, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38612, CVE-2025-38614, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624, CVE-2025-38630, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639, CVE-2025-38645, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38678, CVE-2025-38680, CVE-2025-38681, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693, CVE-2025-39697, CVE-2025-39702, CVE-2025-39703, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730, CVE-2025-39734, CVE-2025-39736, CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894, CVE-2025-39902, CVE-2025-39920, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – Media drivers; – Network drivers; – Netfilter; – TLS protocol; (CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – Cryptographic API; – ACPI drivers; – DMA engine subsystem; – GPU drivers; – HSI subsystem; – Hardware monitoring drivers; – InfiniBand drivers; – Mailbox framework; – Network drivers; – Ethernet team driver; – AFS file system; – Ceph distributed file system; – Ext4 file system; – Network file system (NFS) server daemon; – NILFS2 file system; – File systems infrastructure; – KVM subsystem; – L3 Master device support module; – Timer subsystem; – Tracing infrastructure; – Memory management; – Appletalk network protocol; – DCCP (Datagram Congestion Control Protocol); – IPv6 networking; – Netfilter; – NET/ROM layer; – Open vSwitch; – SCTP protocol; – USB sound devices; (CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-49935, CVE-2024-49963, CVE-2024-50006, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179, CVE-2024-50299, CVE-2024-53090, CVE-2024-53112, CVE-2024-53124, CVE-2024-53150, CVE-2024-53217, CVE-2024-56767, CVE-2024-58083, CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791, CVE-2025-21811, CVE-2025-21855, CVE-2025-37838, CVE-2025-37958, CVE-2025-38352, CVE-2025-38666, CVE-2025-39964, CVE-2025-40018)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – Cryptographic API; – HSI subsystem; – Media drivers; – Network drivers; – Bluetooth subsystem; – Timer subsystem; – Memory management; – Appletalk network protocol; – Netfilter; – TLS protocol; (CVE-2025-21729, CVE-2025-37838, CVE-2025-37958, CVE-2025-38118, CVE-2025-38227, CVE-2025-38352, CVE-2025-38616, CVE-2025-38666, CVE-2025-38678, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – Cryptographic API; – Compute Acceleration Framework; – Media drivers; – Netfilter; – TLS protocol; (CVE-2025-39946, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018, CVE-2025-40172, CVE-2025-40177)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – Tracing infrastructure; – Netfilter; (CVE-2025-40018, CVE-2025-40232)

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – ARM64 architecture; – PowerPC architecture; – S390 architecture; – x86 architecture; – Cryptographic API; – Network block device driver; – Character device driver; – Clock framework and drivers; – Data acquisition framework and drivers; – Hardware crypto device drivers; – Device frequency scaling framework; – DMA engine subsystem; – EDAC drivers; – GPU drivers; – HID subsystem; – Hardware monitoring drivers; – I2C subsystem; – IIO subsystem; – IIO ADC drivers; – InfiniBand drivers; – Input Device core drivers; – Multiple devices driver; – Media drivers; – Network drivers; – Mellanox network drivers; – PCI subsystem; – PHY drivers; – Pin controllers subsystem; – x86 platform drivers; – Power supply drivers; – Powercap sysfs driver; – Voltage and Current Regulator drivers; – S/390 drivers; – ASPEED SoC drivers; – SPI subsystem; – small TFT LCD display modules; – Media staging drivers; – USB Gadget drivers; – vDPA drivers; – VFIO drivers; – Framebuffer layer; – Xen hypervisor drivers; – BTRFS file system; – Ceph distributed file system; – EFI Variable file system; – File systems infrastructure; – F2FS file system; – GFS2 file system; – Network file systems library; – Network file system (NFS) client; – Network file system (NFS) server daemon; – NILFS2 file system; – NTFS3 file system; – Proc file system; – SMB network file system; – DRM display driver; – io_uring subsystem; – Internal shared memory driver; – padata parallel execution mechanism; – Networking subsytem; – Bluetooth subsystem; – Netfilter; – UDP network protocol; – Tracing infrastructure; – BPF subsystem; – Perf events; – Padata parallel execution mechanism; – Codetag library; – KASAN memory debugging framework; – Memory management; – 802.1Q VLAN protocol; – Appletalk network protocol; – Asynchronous Transfer Mode (ATM) subsystem; – Networking core; – IPv4 networking; – IPv6 networking; – MAC80211 subsystem; – Multipath TCP; – Netlink; – RxRPC session sockets; – Network traffic control; – SMC sockets; – Sun RPC protocol; – TIPC protocol; – TLS protocol; – VMware vSockets driver; – Wireless networking; – XFRM subsystem; – ADI SoundPort AD1816A based soundcard drivers; – MediaTek ASoC drivers; – SOF drivers; – USB sound devices; – KVM subsystem; (CVE-2025-38335, CVE-2025-38349, CVE-2025-38351, CVE-2025-38437, CVE-2025-38438, CVE-2025-38439, CVE-2025-38440, CVE-2025-38441, CVE-2025-38443, CVE-2025-38444, CVE-2025-38445, CVE-2025-38446, CVE-2025-38448, CVE-2025-38449, CVE-2025-38450, CVE-2025-38451, CVE-2025-38452, CVE-2025-38453, CVE-2025-38454, CVE-2025-38455, CVE-2025-38456, CVE-2025-38457, CVE-2025-38458, CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462, CVE-2025-38463, CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467, CVE-2025-38468, CVE-2025-38469, CVE-2025-38470, CVE-2025-38471, CVE-2025-38472, CVE-2025-38473, CVE-2025-38474, CVE-2025-38475, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38484, CVE-2025-38485, CVE-2025-38487, CVE-2025-38488, CVE-2025-38489, CVE-2025-38490, CVE-2025-38491, CVE-2025-38492, CVE-2025-38493, CVE-2025-38494, CVE-2025-38495, CVE-2025-38496, CVE-2025-38497, CVE-2025-38501, CVE-2025-38503, CVE-2025-38505, CVE-2025-38506, CVE-2025-38507, CVE-2025-38508, CVE-2025-38509, CVE-2025-38510, CVE-2025-38511, CVE-2025-38512, CVE-2025-38513, CVE-2025-38514, CVE-2025-38515, CVE-2025-38516, CVE-2025-38517, CVE-2025-38520, CVE-2025-38521, CVE-2025-38524, CVE-2025-38525, CVE-2025-38526, CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530, CVE-2025-38531, CVE-2025-38532, CVE-2025-38533, CVE-2025-38534, CVE-2025-38535, CVE-2025-38537, CVE-2025-38538, CVE-2025-38539, CVE-2025-38540, CVE-2025-38542, CVE-2025-38543, CVE-2025-38544, CVE-2025-38545, CVE-2025-38546, CVE-2025-38547, CVE-2025-38548, CVE-2025-38549, CVE-2025-38550, CVE-2025-38551, CVE-2025-38552, CVE-2025-38553, CVE-2025-38555, CVE-2025-38556, CVE-2025-38557, CVE-2025-38558, CVE-2025-38559, CVE-2025-38560, CVE-2025-38561, CVE-2025-38562, CVE-2025-38563, CVE-2025-38565, CVE-2025-38566, CVE-2025-38567, CVE-2025-38568, CVE-2025-38569, CVE-2025-38570, CVE-2025-38571, CVE-2025-38572, CVE-2025-38573, CVE-2025-38574, CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579, CVE-2025-38581, CVE-2025-38582, CVE-2025-38583, CVE-2025-38584, CVE-2025-38585, CVE-2025-38586, CVE-2025-38587, CVE-2025-38588, CVE-2025-38589, CVE-2025-38590, CVE-2025-38593, CVE-2025-38595, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38605, CVE-2025-38606, CVE-2025-38608, CVE-2025-38609, CVE-2025-38610, CVE-2025-38612, CVE-2025-38615, CVE-2025-38616, CVE-2025-38619, CVE-2025-38622, CVE-2025-38623, CVE-2025-38624, CVE-2025-38625, CVE-2025-38626, CVE-2025-38628, CVE-2025-38629, CVE-2025-38630, CVE-2025-38631, CVE-2025-38632, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639, CVE-2025-38640, CVE-2025-38642, CVE-2025-38643, CVE-2025-38644, CVE-2025-38645, CVE-2025-38646, CVE-2025-38648, CVE-2025-38649, CVE-2025-38650, CVE-2025-38652, CVE-2025-38653, CVE-2025-38654, CVE-2025-38655, CVE-2025-38659, CVE-2025-38660, CVE-2025-38662, CVE-2025-38663, CVE-2025-38664, CVE-2025-38665, CVE-2025-38666, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38675, CVE-2025-38678, CVE-2025-39725, CVE-2025-39726, CVE-2025-39727, CVE-2025-39730, CVE-2025-39731, CVE-2025-39732, CVE-2025-39734, CVE-2025-39809, CVE-2025-39818, CVE-2025-39946, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018, CVE-2025-40157)