{"id":"USN-7937-1","summary":"linux-azure-fips vulnerabilities","details":"Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered\nthat the Linux kernel contained insufficient branch predictor isolation\nbetween a guest and a userspace hypervisor for certain processors. This\nflaw is known as VMSCAPE. An attacker in a guest VM could possibly use this\nto expose sensitive information from the host OS. (CVE-2025-40300)\n\nSeveral security issues were discovered in the Linux kernel.\nAn attacker could possibly use these to compromise the system.\nThis update corrects flaws in the following subsystems:\n  - Cryptographic API;\n  - ACPI drivers;\n  - DMA engine subsystem;\n  - GPU drivers;\n  - HSI subsystem;\n  - Hardware monitoring drivers;\n  - InfiniBand drivers;\n  - Mailbox framework;\n  - Network drivers;\n  - Ethernet team driver;\n  - AFS file system;\n  - Ceph distributed file system;\n  - Ext4 file system;\n  - Network file system (NFS) server daemon;\n  - NILFS2 file system;\n  - File systems infrastructure;\n  - KVM subsystem;\n  - L3 Master device support module;\n  - Timer subsystem;\n  - Tracing infrastructure;\n  - Memory management;\n  - Appletalk network protocol;\n  - DCCP (Datagram Congestion Control Protocol);\n  - IPv6 networking;\n  - Netfilter;\n  - NET/ROM layer;\n  - Open vSwitch;\n  - SCTP protocol;\n  - USB sound devices;\n(CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2023-52574,\nCVE-2023-52650, CVE-2024-41006, CVE-2024-49935, CVE-2024-49963,\nCVE-2024-50006, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179,\nCVE-2024-50299, CVE-2024-53090, CVE-2024-53112, CVE-2024-53124,\nCVE-2024-53150, CVE-2024-53217, CVE-2024-56767, CVE-2024-58083,\nCVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791,\nCVE-2025-21811, CVE-2025-21855, CVE-2025-37838, CVE-2025-37958,\nCVE-2025-38352, CVE-2025-38666, CVE-2025-39964, CVE-2025-40018)\n","modified":"2026-02-10T04:50:47Z","published":"2025-12-16T00:21:35Z","related":["UBUNTU-CVE-2021-47385","UBUNTU-CVE-2022-49026","UBUNTU-CVE-2022-49390","UBUNTU-CVE-2023-52574","UBUNTU-CVE-2023-52650","UBUNTU-CVE-2024-41006","UBUNTU-CVE-2024-49935","UBUNTU-CVE-2024-49963","UBUNTU-CVE-2024-50006","UBUNTU-CVE-2024-50067","UBUNTU-CVE-2024-50095","UBUNTU-CVE-2024-50179","UBUNTU-CVE-2024-50299","UBUNTU-CVE-2024-53090","UBUNTU-CVE-2024-53112","UBUNTU-CVE-2024-53124","UBUNTU-CVE-2024-53150","UBUNTU-CVE-2024-53217","UBUNTU-CVE-2024-56767","UBUNTU-CVE-2024-58083","UBUNTU-CVE-2025-21715","UBUNTU-CVE-2025-21722","UBUNTU-CVE-2025-21761","UBUNTU-CVE-2025-21791","UBUNTU-CVE-2025-21811","UBUNTU-CVE-2025-21855","UBUNTU-CVE-2025-37838","UBUNTU-CVE-2025-37958","UBUNTU-CVE-2025-38352","UBUNTU-CVE-2025-38666","UBUNTU-CVE-2025-39964","UBUNTU-CVE-2025-40018","UBUNTU-CVE-2025-40300"],"upstream":["CVE-2021-47385","CVE-2022-49026","CVE-2022-49390","CVE-2023-52574","CVE-2023-52650","CVE-2024-41006","CVE-2024-49935","CVE-2024-49963","CVE-2024-50006","CVE-2024-50067","CVE-2024-50095","CVE-2024-50179","CVE-2024-50299","CVE-2024-53090","CVE-2024-53112","CVE-2024-53124","CVE-2024-53150","CVE-2024-53217","CVE-2024-56767","CVE-2024-58083","CVE-2025-21715","CVE-2025-21722","CVE-2025-21761","CVE-2025-21791","CVE-2025-21811","CVE-2025-21855","CVE-2025-37838","CVE-2025-37958","CVE-2025-38352","CVE-2025-38666","CVE-2025-39964","CVE-2025-40018","CVE-2025-40300","UBUNTU-CVE-2021-47385","UBUNTU-CVE-2022-49026","UBUNTU-CVE-2022-49390","UBUNTU-CVE-2023-52574","UBUNTU-CVE-2023-52650","UBUNTU-CVE-2024-41006","UBUNTU-CVE-2024-49935","UBUNTU-CVE-2024-49963","UBUNTU-CVE-2024-50006","UBUNTU-CVE-2024-50067","UBUNTU-CVE-2024-50095","UBUNTU-CVE-2024-50179","UBUNTU-CVE-2024-50299","UBUNTU-CVE-2024-53090","UBUNTU-CVE-2024-53112","UBUNTU-CVE-2024-53124","UBUNTU-CVE-2024-53150","UBUNTU-CVE-2024-53217","UBUNTU-CVE-2024-56767","UBUNTU-CVE-2024-58083","UBUNTU-CVE-2025-21715","UBUNTU-CVE-2025-21722","UBUNTU-CVE-2025-21761","UBUNTU-CVE-2025-21791","UBUNTU-CVE-2025-21811","UBUNTU-CVE-2025-21855","UBUNTU-CVE-2025-37838","UBUNTU-CVE-2025-37958","UBUNTU-CVE-2025-38352","UBUNTU-CVE-2025-38666","UBUNTU-CVE-2025-39964","UBUNTU-CVE-2025-40018","UBUNTU-CVE-2025-40300"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7937-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-47385"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-49026"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-49390"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-52574"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-52650"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-41006"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-49935"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-49963"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-50006"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-50067"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-50095"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-50179"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-50299"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-53090"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-53112"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-53124"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-53150"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-53217"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-56767"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-58083"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-21715"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-21722"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-21761"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-21791"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-21811"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-21855"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-37838"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-37958"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-38352"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-38666"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-39964"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-40018"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-40300"}],"affected":[{"package":{"name":"linux-azure-fips","ecosystem":"Ubuntu:Pro:FIPS-updates:18.04:LTS","purl":"pkg:deb/ubuntu/linux-azure-fips@4.15.0-2104.110?arch=source&distro=fips-updates/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.15.0-2104.110"}]}],"versions":["4.15.0-1002.2","4.15.0-2006.7","4.15.0-2007.8","4.15.0-2008.9","4.15.0-2009.10","4.15.0-2012.14","4.15.0-2013.15","4.15.0-2015.17","4.15.0-2016.18","4.15.0-2017.20","4.15.0-2018.21","4.15.0-2020.23","4.15.0-2021.24","4.15.0-2022.25","4.15.0-2023.26","4.15.0-2024.27","4.15.0-2025.28","4.15.0-2026.29","4.15.0-2027.30","4.15.0-2030.33","4.15.0-2033.37","4.15.0-2034.38","4.15.0-2035.39","4.15.0-2036.40","4.15.0-2037.41","4.15.0-2038.42","4.15.0-2039.43","4.15.0-2041.45","4.15.0-2042.46","4.15.0-2043.47","4.15.0-2045.49","4.15.0-2046.50","4.15.0-2047.51","4.15.0-2048.52","4.15.0-2049.53","4.15.0-2050.54","4.15.0-2053.58","4.15.0-2056.62","4.15.0-2057.63","4.15.0-2059.65","4.15.0-2060.66","4.15.0-2062.68","4.15.0-2066.72","4.15.0-2067.73","4.15.0-2068.74","4.15.0-2070.76","4.15.0-2071.77","4.15.0-2072.78","4.15.0-2073.79","4.15.0-2074.80","4.15.0-2075.81","4.15.0-2076.82","4.15.0-2077.83","4.15.0-2078.84","4.15.0-2079.85","4.15.0-2080.86","4.15.0-2081.87","4.15.0-2082.88","4.15.0-2084.90","4.15.0-2085.91","4.15.0-2086.92","4.15.0-2087.93","4.15.0-2088.94","4.15.0-2089.95","4.15.0-2090.96","4.15.0-2091.97","4.15.0-2092.98","4.15.0-2093.99","4.15.0-2094.100","4.15.0-2095.101","4.15.0-2096.102","4.15.0-2097.103","4.15.0-2098.104","4.15.0-2099.105","4.15.0-2100.106","4.15.0-2101.107","4.15.0-2102.108"],"ecosystem_specific":{"binaries":[{"binary_version":"4.15.0-2104.110","binary_name":"linux-azure-fips-cloud-tools-4.15.0-2104"},{"binary_version":"4.15.0-2104.110","binary_name":"linux-azure-fips-headers-4.15.0-2104"},{"binary_version":"4.15.0-2104.110","binary_name":"linux-azure-fips-tools-4.15.0-2104"},{"binary_version":"4.15.0-2104.110","binary_name":"linux-buildinfo-4.15.0-2104-azure-fips"},{"binary_version":"4.15.0-2104.110","binary_name":"linux-cloud-tools-4.15.0-2104-azure-fips"},{"binary_version":"4.15.0-2104.110","binary_name":"linux-headers-4.15.0-2104-azure-fips"},{"binary_version":"4.15.0-2104.110","binary_name":"linux-image-unsigned-4.15.0-2104-azure-fips"},{"binary_version":"4.15.0-2104.110","binary_name":"linux-image-unsigned-hmac-4.15.0-2104-azure-fips"},{"binary_version":"4.15.0-2104.110","binary_name":"linux-modules-4.15.0-2104-azure-fips"},{"binary_version":"4.15.0-2104.110","binary_name":"linux-modules-extra-4.15.0-2104-azure-fips"},{"binary_version":"4.15.0-2104.110","binary_name":"linux-tools-4.15.0-2104-azure-fips"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7937-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-47385"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2022-49026"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2022-49390"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-52574"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-52650"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-41006"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-49935"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-49963"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-50006"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-50067"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-50095"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-50179"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2024-50299"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-53090"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-53112"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-53124"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2024-53150"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2024-53217"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-56767"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2024-58083"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2025-21715"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2025-21722"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2025-21761"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2025-21791"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2025-21811"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2025-21855"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2025-37838"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2025-37958"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2025-38352"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2025-38666"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2025-39964"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2025-40018"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2025-40300"}],"ecosystem":"Ubuntu:Pro:FIPS-updates:18.04:LTS"}}}],"schema_version":"1.7.3"}