Ubuntu Security Notices

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – ARM64 architecture; – PowerPC architecture; – x86 architecture; – ACPI drivers; – Ublk userspace block driver; – Clock framework and drivers; – GPU drivers; – IIO subsystem; – InfiniBand drivers; – Media drivers; – MemoryStick subsystem; – Network drivers; – NTB driver; – PCI subsystem; – Remote Processor subsystem; – Thermal drivers; – Virtio Host (VHOST) subsystem; – 9P distributed file system; – File systems infrastructure; – JFS file system; – Network file system (NFS) server daemon; – NTFS3 file system; – SMB network file system; – Memory management; – RDMA verbs API; – Kernel fork() syscall; – Tracing infrastructure; – Watch queue notification mechanism; – Asynchronous Transfer Mode (ATM) subsystem; – Networking core; – IPv4 networking; – IPv6 networking; – Netfilter; – Network traffic control; – SCTP protocol; – TLS protocol; – SoC Audio for Freescale CPUs drivers; (CVE-2025-39728, CVE-2025-23136, CVE-2025-22062, CVE-2025-22035, CVE-2025-22020, CVE-2025-22083, CVE-2025-22071, CVE-2025-22060, CVE-2025-22073, CVE-2025-22044, CVE-2025-22063, CVE-2025-22079, CVE-2025-22057, CVE-2025-22095, CVE-2025-39735, CVE-2025-39682, CVE-2025-22058, CVE-2025-22021, CVE-2025-22018, CVE-2025-22056, CVE-2025-22054, CVE-2025-22080, CVE-2025-22039, CVE-2025-22019, CVE-2025-22038, CVE-2025-22028, CVE-2023-53034, CVE-2024-58092, CVE-2025-38637, CVE-2025-22089, CVE-2025-40114, CVE-2025-22068, CVE-2025-37937, CVE-2025-22070, CVE-2025-22072, CVE-2025-22086, CVE-2025-22050, CVE-2025-22040, CVE-2025-22065, CVE-2025-38575, CVE-2025-22064, CVE-2025-22033, CVE-2025-22041, CVE-2025-22090, CVE-2025-22036, CVE-2025-23138, CVE-2025-22047, CVE-2025-38240, CVE-2025-22066, CVE-2025-22042, CVE-2025-38152, CVE-2025-22055, CVE-2025-22081, CVE-2025-22045, CVE-2025-22053, CVE-2025-22075, CVE-2025-22027, CVE-2025-22025, CVE-2025-22097)

USN-7836-1 fixed vulnerabilities in Bind. This update provides the corresponding fixes for Ubuntu 20.04 LTS. Original advisory details: Zuyao Xu and Xiang Li discovered that Bind incorrectly handled certain malformed DNSKEY records. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. (CVE-2025-8677) Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that Bind incorrectly accepted certain records from answers. A remote attacker could possibly use this issue to perform a cache poisoning attack. (CVE-2025-40778) Amit Klein and Omer Ben Simhon discovered that Bind used a weak PRNG. A remote attacker could possibly use this issue to perform a cache poisoning attack. (CVE-2025-40780)

Hanno Böck discovered that Raptor incorrectly handled memory operations when processing certain input files. An attacker could possibly use this issue to cause Raptor to crash, resulting in a denial of service. (CVE-2020-25713) Pedro Ribeiro discovered that Raptor incorrectly handled parsing certain tuples. An attacker could possibly use this issue to cause Raptor to crash, resulting in a denial of service. (CVE-2024-57822) Pedro Ribeiro discovered that Raptor incorrectly handled parsing certain turtles. An attacker could use this issue to cause Raptor to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-57823)

Hanno Böck discovered that Raptor incorrectly handled memory operations when processing certain input files. An attacker could use this issue to cause Raptor to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-18926) Hanno Böck discovered that Raptor incorrectly handled memory operations when processing certain input files. An attacker could possibly use this issue to cause Raptor to crash, resulting in a denial of service. (CVE-2020-25713)

Barak Gross discovered that some Intel® Xeon® processors with SGX enabled did not properly handle buffer restrictions. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-20053) Avinash Maddy discovered that some Intel® processors did not properly isolate or compartmentalize the stream cache mechanisms. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-20109) Joseph Nuzman discovered that some Intel® Xeon® processors did not properly manage references to active allocate resources. A local authenticated user could potentially use this issue to cause a denial of service (system crash). (CVE-2025-21090) It was discovered that some Intel® Xeon® 6 processors did not properly provide sufficient granularity of access control in the out of band management service module (OOB-MSM). An authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-22839) It was discovered that some Intel® Xeon® 6 Scalable processors did not properly handle a specific sequence of processor instructions, leading to unexpected behavior. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-22840) Joseph Nuzman discovered that some Intel® Xeon® 6 processors with Intel® Trust Domain Extensions (Intel® TDX) did not properly handle overlap between protected memory ranges. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-22889) Avraham Shalev discovered that some Intel® Xeon® processors did not properly provide sufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-24305) Aviv Eisen and Avraham Shalev discovered that some Intel® Xeon® 6 processors when using Intel® SGX or Intel® TDX did not properly protect against out-of-bounds writes in the memory subsystem. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-26403) Aviv Eisen and Avraham Shalev discovered that some Intel® Xeon® 6 processors when using Intel® SGX or Intel® TDX did not properly implement security checks in the DDRIO configuration. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-32086)

It was discovered that sudo-rs incorrectly handled passwords when timeouts occurred and the pwfeedback default was not set. This could result in a partially typed password being output to standard input, contrary to expectations. It was discovered that sudo-rs incorrectly handled the targetpw and rootpw default settings when creating timestamp files. A local attacker could possibly use this issue to bypass authentication in certain configurations.

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – Virtio block driver; – DMA engine subsystem; – GPU drivers; – HSI subsystem; – Media drivers; – Network drivers; – Ethernet team driver; – TTY drivers; – Framebuffer layer; – BTRFS file system; – Ext4 file system; – Network file system (NFS) server daemon; – Timer subsystem; – DCCP (Datagram Congestion Control Protocol); – IPv6 networking; – NET/ROM layer; – Packet sockets; – SCTP protocol; – VMware vSockets driver; – USB sound devices; (CVE-2021-47149, CVE-2021-47294, CVE-2021-47319, CVE-2021-47330, CVE-2021-47589, CVE-2023-52574, CVE-2023-52650, CVE-2024-27078, CVE-2024-35849, CVE-2024-49924, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767, CVE-2025-21796, CVE-2025-37785, CVE-2025-37838, CVE-2025-38352, CVE-2025-38617, CVE-2025-38618)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS.

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS.

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – DMA engine subsystem; – GPU drivers; – HSI subsystem; – Ethernet team driver; – Ext4 file system; – Timer subsystem; – DCCP (Datagram Congestion Control Protocol); – IPv6 networking; – NET/ROM layer; – SCTP protocol; – USB sound devices; (CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767, CVE-2025-37838, CVE-2025-38352)