{"id":"USN-7853-2","summary":"linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities","details":"Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered\nthat the Linux kernel contained insufficient branch predictor isolation\nbetween a guest and a userspace hypervisor for certain processors. This\nflaw is known as VMSCAPE. An attacker in a guest VM could possibly use this\nto expose sensitive information from the host OS. (CVE-2025-40300)\n\nSeveral security issues were discovered in the Linux kernel.\nAn attacker could possibly use these to compromise the system.\nThis update corrects flaws in the following subsystems:\n  - DMA engine subsystem;\n  - GPU drivers;\n  - HSI subsystem;\n  - Ethernet team driver;\n  - Ext4 file system;\n  - Timer subsystem;\n  - DCCP (Datagram Congestion Control Protocol);\n  - IPv6 networking;\n  - NET/ROM layer;\n  - SCTP protocol;\n  - USB sound devices;\n(CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,\nCVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,\nCVE-2025-37838, CVE-2025-38352)\n","modified":"2026-02-10T04:50:20Z","published":"2025-10-30T20:03:59Z","related":["UBUNTU-CVE-2023-52574","UBUNTU-CVE-2023-52650","UBUNTU-CVE-2024-41006","UBUNTU-CVE-2024-50006","UBUNTU-CVE-2024-50299","UBUNTU-CVE-2024-53124","UBUNTU-CVE-2024-53150","UBUNTU-CVE-2024-56767","UBUNTU-CVE-2025-37838","UBUNTU-CVE-2025-38352","UBUNTU-CVE-2025-40300"],"upstream":["CVE-2023-52574","CVE-2023-52650","CVE-2024-41006","CVE-2024-50006","CVE-2024-50299","CVE-2024-53124","CVE-2024-53150","CVE-2024-56767","CVE-2025-37838","CVE-2025-38352","CVE-2025-40300","UBUNTU-CVE-2023-52574","UBUNTU-CVE-2023-52650","UBUNTU-CVE-2024-41006","UBUNTU-CVE-2024-50006","UBUNTU-CVE-2024-50299","UBUNTU-CVE-2024-53124","UBUNTU-CVE-2024-53150","UBUNTU-CVE-2024-56767","UBUNTU-CVE-2025-37838","UBUNTU-CVE-2025-38352","UBUNTU-CVE-2025-40300"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7853-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-52574"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-52650"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-41006"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-50006"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-50299"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-53124"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-53150"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-56767"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-37838"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-38352"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-40300"}],"affected":[{"package":{"name":"linux-aws-fips","ecosystem":"Ubuntu:Pro:FIPS-updates:18.04:LTS","purl":"pkg:deb/ubuntu/linux-aws-fips@4.15.0-2124.130?arch=source&distro=fips-updates/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.15.0-2124.130"}]}],"versions":["4.15.0-2000.4","4.15.0-2018.18","4.15.0-2021.21","4.15.0-2022.22","4.15.0-2024.24","4.15.0-2025.25","4.15.0-2026.26","4.15.0-2027.27","4.15.0-2030.31","4.15.0-2031.32","4.15.0-2033.34","4.15.0-2034.35","4.15.0-2035.37","4.15.0-2036.38","4.15.0-2037.39","4.15.0-2038.40","4.15.0-2039.41","4.15.0-2040.42","4.15.0-2041.43","4.15.0-2042.44","4.15.0-2044.46","4.15.0-2045.47","4.15.0-2048.50","4.15.0-2051.53","4.15.0-2052.54","4.15.0-2053.55","4.15.0-2054.56","4.15.0-2055.57","4.15.0-2056.58","4.15.0-2057.59","4.15.0-2059.61","4.15.0-2060.62","4.15.0-2061.63","4.15.0-2063.66","4.15.0-2064.67","4.15.0-2065.68","4.15.0-2066.69","4.15.0-2067.70","4.15.0-2069.72","4.15.0-2072.76","4.15.0-2075.80","4.15.0-2076.81","4.15.0-2078.83","4.15.0-2079.84","4.15.0-2080.85","4.15.0-2081.87","4.15.0-2082.88","4.15.0-2083.89","4.15.0-2085.91","4.15.0-2087.93","4.15.0-2089.95","4.15.0-2090.96","4.15.0-2092.98","4.15.0-2093.99","4.15.0-2094.100","4.15.0-2095.101","4.15.0-2096.102","4.15.0-2097.103","4.15.0-2098.104","4.15.0-2099.105","4.15.0-2100.106","4.15.0-2101.107","4.15.0-2102.108","4.15.0-2103.109","4.15.0-2104.110","4.15.0-2105.111","4.15.0-2106.112","4.15.0-2107.113","4.15.0-2108.114","4.15.0-2109.115","4.15.0-2110.116","4.15.0-2111.117","4.15.0-2112.118","4.15.0-2113.119","4.15.0-2114.120","4.15.0-2115.121","4.15.0-2116.122","4.15.0-2117.123","4.15.0-2118.124","4.15.0-2119.125","4.15.0-2120.126","4.15.0-2121.127","4.15.0-2122.128","4.15.0-2123.129"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-aws-fips-headers-4.15.0-2124","binary_version":"4.15.0-2124.130"},{"binary_name":"linux-aws-fips-tools-4.15.0-2124","binary_version":"4.15.0-2124.130"},{"binary_name":"linux-buildinfo-4.15.0-2124-aws-fips","binary_version":"4.15.0-2124.130"},{"binary_name":"linux-headers-4.15.0-2124-aws-fips","binary_version":"4.15.0-2124.130"},{"binary_name":"linux-image-unsigned-4.15.0-2124-aws-fips","binary_version":"4.15.0-2124.130"},{"binary_name":"linux-image-unsigned-hmac-4.15.0-2124-aws-fips","binary_version":"4.15.0-2124.130"},{"binary_name":"linux-modules-4.15.0-2124-aws-fips","binary_version":"4.15.0-2124.130"},{"binary_name":"linux-modules-extra-4.15.0-2124-aws-fips","binary_version":"4.15.0-2124.130"},{"binary_name":"linux-tools-4.15.0-2124-aws-fips","binary_version":"4.15.0-2124.130"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2023-52574","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-52650","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-41006","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-50006","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-50299","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2024-53124","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-53150","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2024-56767","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-37838","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-38352","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2025-40300","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:FIPS-updates:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7853-2.json"}},{"package":{"name":"linux-fips","ecosystem":"Ubuntu:Pro:FIPS-updates:18.04:LTS","purl":"pkg:deb/ubuntu/linux-fips@4.15.0-1141.153?arch=source&distro=fips-updates/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.15.0-1141.153"}]}],"versions":["4.15.0-1027.32","4.15.0-1029.34","4.15.0-1034.39","4.15.0-1035.40","4.15.0-1037.42","4.15.0-1038.43","4.15.0-1039.44","4.15.0-1040.45","4.15.0-1041.46","4.15.0-1044.50","4.15.0-1045.52","4.15.0-1046.53","4.15.0-1048.55","4.15.0-1049.56","4.15.0-1050.58","4.15.0-1051.59","4.15.0-1052.60","4.15.0-1053.61","4.15.0-1054.62","4.15.0-1055.63","4.15.0-1056.64","4.15.0-1057.65","4.15.0-1058.66","4.15.0-1059.67","4.15.0-1060.68","4.15.0-1063.71","4.15.0-1066.75","4.15.0-1067.76","4.15.0-1068.77","4.15.0-1069.78","4.15.0-1070.79","4.15.0-1071.80","4.15.0-1072.81","4.15.0-1073.82","4.15.0-1075.84","4.15.0-1076.85","4.15.0-1078.87","4.15.0-1080.89","4.15.0-1081.90","4.15.0-1083.92","4.15.0-1084.93","4.15.0-1085.94","4.15.0-1087.96","4.15.0-1090.100","4.15.0-1093.104","4.15.0-1094.105","4.15.0-1096.107","4.15.0-1097.108","4.15.0-1098.109","4.15.0-1099.110","4.15.0-1100.111","4.15.0-1103.114","4.15.0-1104.115","4.15.0-1105.116","4.15.0-1107.118","4.15.0-1108.119","4.15.0-1109.120","4.15.0-1110.121","4.15.0-1111.122","4.15.0-1112.123","4.15.0-1113.124","4.15.0-1114.125","4.15.0-1115.126","4.15.0-1116.127","4.15.0-1117.128","4.15.0-1118.129","4.15.0-1119.130","4.15.0-1121.132","4.15.0-1122.133","4.15.0-1123.134","4.15.0-1124.135","4.15.0-1125.136","4.15.0-1126.137","4.15.0-1127.138","4.15.0-1128.139","4.15.0-1129.140","4.15.0-1130.141","4.15.0-1131.142","4.15.0-1132.143","4.15.0-1133.144","4.15.0-1134.145","4.15.0-1135.146","4.15.0-1136.147","4.15.0-1137.148","4.15.0-1138.149","4.15.0-1139.150","4.15.0-1140.151"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-buildinfo-4.15.0-1141-fips","binary_version":"4.15.0-1141.153"},{"binary_name":"linux-fips-headers-4.15.0-1141","binary_version":"4.15.0-1141.153"},{"binary_name":"linux-fips-tools-4.15.0-1141","binary_version":"4.15.0-1141.153"},{"binary_name":"linux-fips-tools-host","binary_version":"4.15.0-1141.153"},{"binary_name":"linux-headers-4.15.0-1141-fips","binary_version":"4.15.0-1141.153"},{"binary_name":"linux-image-4.15.0-1141-fips","binary_version":"4.15.0-1141.153"},{"binary_name":"linux-image-hmac-4.15.0-1141-fips","binary_version":"4.15.0-1141.153"},{"binary_name":"linux-image-unsigned-4.15.0-1141-fips","binary_version":"4.15.0-1141.153"},{"binary_name":"linux-image-unsigned-hmac-4.15.0-1141-fips","binary_version":"4.15.0-1141.153"},{"binary_name":"linux-modules-4.15.0-1141-fips","binary_version":"4.15.0-1141.153"},{"binary_name":"linux-modules-extra-4.15.0-1141-fips","binary_version":"4.15.0-1141.153"},{"binary_name":"linux-tools-4.15.0-1141-fips","binary_version":"4.15.0-1141.153"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2023-52574","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-52650","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-41006","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-50006","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-50299","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2024-53124","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-53150","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2024-56767","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-37838","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-38352","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2025-40300","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:FIPS-updates:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7853-2.json"}},{"package":{"name":"linux-gcp-fips","ecosystem":"Ubuntu:Pro:FIPS-updates:18.04:LTS","purl":"pkg:deb/ubuntu/linux-gcp-fips@4.15.0-2087.93?arch=source&distro=fips-updates/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.15.0-2087.93"}]}],"versions":["4.15.0-2013.14","4.15.0-2016.18","4.15.0-2017.19","4.15.0-2018.20","4.15.0-2019.21","4.15.0-2020.22","4.15.0-2021.23","4.15.0-2022.24","4.15.0-2024.26","4.15.0-2025.27","4.15.0-2026.28","4.15.0-2028.31","4.15.0-2029.32","4.15.0-2030.33","4.15.0-2031.34","4.15.0-2032.35","4.15.0-2034.37","4.15.0-2037.41","4.15.0-2040.45","4.15.0-2041.46","4.15.0-2043.48","4.15.0-2044.49","4.15.0-2045.50","4.15.0-2047.52","4.15.0-2050.55","4.15.0-2052.57","4.15.0-2054.59","4.15.0-2055.60","4.15.0-2056.61","4.15.0-2057.62","4.15.0-2058.63","4.15.0-2059.64","4.15.0-2060.65","4.15.0-2061.66","4.15.0-2062.67","4.15.0-2063.68","4.15.0-2064.69","4.15.0-2065.70","4.15.0-2066.71","4.15.0-2067.72","4.15.0-2068.73","4.15.0-2069.74","4.15.0-2070.75","4.15.0-2071.76","4.15.0-2072.77","4.15.0-2073.78","4.15.0-2074.79","4.15.0-2075.80","4.15.0-2076.81","4.15.0-2077.83","4.15.0-2078.84","4.15.0-2079.85","4.15.0-2080.86","4.15.0-2081.87","4.15.0-2082.88","4.15.0-2083.89","4.15.0-2084.90","4.15.0-2085.91","4.15.0-2086.92"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-buildinfo-4.15.0-2087-gcp-fips","binary_version":"4.15.0-2087.93"},{"binary_name":"linux-gcp-fips-headers-4.15.0-2087","binary_version":"4.15.0-2087.93"},{"binary_name":"linux-gcp-fips-tools-4.15.0-2087","binary_version":"4.15.0-2087.93"},{"binary_name":"linux-headers-4.15.0-2087-gcp-fips","binary_version":"4.15.0-2087.93"},{"binary_name":"linux-image-unsigned-4.15.0-2087-gcp-fips","binary_version":"4.15.0-2087.93"},{"binary_name":"linux-image-unsigned-hmac-4.15.0-2087-gcp-fips","binary_version":"4.15.0-2087.93"},{"binary_name":"linux-modules-4.15.0-2087-gcp-fips","binary_version":"4.15.0-2087.93"},{"binary_name":"linux-modules-extra-4.15.0-2087-gcp-fips","binary_version":"4.15.0-2087.93"},{"binary_name":"linux-tools-4.15.0-2087-gcp-fips","binary_version":"4.15.0-2087.93"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2023-52574","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-52650","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-41006","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-50006","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-50299","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2024-53124","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-53150","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2024-56767","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-37838","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-38352","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2025-40300","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:FIPS-updates:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7853-2.json"}}],"schema_version":"1.7.3"}