{"id":"USN-7937-1","summary":"linux-azure-fips vulnerabilities","details":"Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered\nthat the Linux kernel contained insufficient branch predictor isolation\nbetween a guest and a userspace hypervisor for certain processors. This\nflaw is known as VMSCAPE. An attacker in a guest VM could possibly use this\nto expose sensitive information from the host OS. (CVE-2025-40300)\n\nSeveral security issues were discovered in the Linux kernel.\nAn attacker could possibly use these to compromise the system.\nThis update corrects flaws in the following subsystems:\n  - Cryptographic API;\n  - ACPI drivers;\n  - DMA engine subsystem;\n  - GPU drivers;\n  - HSI subsystem;\n  - Hardware monitoring drivers;\n  - InfiniBand drivers;\n  - Mailbox framework;\n  - Network drivers;\n  - Ethernet team driver;\n  - AFS file system;\n  - Ceph distributed file system;\n  - Ext4 file system;\n  - Network file system (NFS) server daemon;\n  - NILFS2 file system;\n  - File systems infrastructure;\n  - KVM subsystem;\n  - L3 Master device support module;\n  - Timer subsystem;\n  - Tracing infrastructure;\n  - Memory management;\n  - Appletalk network protocol;\n  - DCCP (Datagram Congestion Control Protocol);\n  - IPv6 networking;\n  - Netfilter;\n  - NET/ROM layer;\n  - Open vSwitch;\n  - SCTP protocol;\n  - USB sound devices;\n(CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2023-52574,\nCVE-2023-52650, CVE-2024-41006, CVE-2024-49935, CVE-2024-49963,\nCVE-2024-50006, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179,\nCVE-2024-50299, CVE-2024-53090, CVE-2024-53112, CVE-2024-53124,\nCVE-2024-53150, CVE-2024-53217, CVE-2024-56767, CVE-2024-58083,\nCVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791,\nCVE-2025-21811, CVE-2025-21855, CVE-2025-37838, CVE-2025-37958,\nCVE-2025-38352, CVE-2025-38666, CVE-2025-39964, CVE-2025-40018)\n","modified":"2026-05-23T01:34:18.450635790Z","published":"2025-12-16T00:21:35Z","related":["UBUNTU-CVE-2021-47385","UBUNTU-CVE-2022-49026","UBUNTU-CVE-2022-49390","UBUNTU-CVE-2023-52574","UBUNTU-CVE-2023-52650","UBUNTU-CVE-2024-41006","UBUNTU-CVE-2024-49935","UBUNTU-CVE-2024-49963","UBUNTU-CVE-2024-50006","UBUNTU-CVE-2024-50067","UBUNTU-CVE-2024-50095","UBUNTU-CVE-2024-50179","UBUNTU-CVE-2024-50299","UBUNTU-CVE-2024-53090","UBUNTU-CVE-2024-53112","UBUNTU-CVE-2024-53124","UBUNTU-CVE-2024-53150","UBUNTU-CVE-2024-53217","UBUNTU-CVE-2024-56767","UBUNTU-CVE-2024-58083","UBUNTU-CVE-2025-21715","UBUNTU-CVE-2025-21722","UBUNTU-CVE-2025-21761","UBUNTU-CVE-2025-21791","UBUNTU-CVE-2025-21811","UBUNTU-CVE-2025-21855","UBUNTU-CVE-2025-37838","UBUNTU-CVE-2025-37958","UBUNTU-CVE-2025-38352","UBUNTU-CVE-2025-38666","UBUNTU-CVE-2025-39964","UBUNTU-CVE-2025-40018","UBUNTU-CVE-2025-40300"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7937-1"}],"affected":[{"package":{"name":"linux-azure-fips","ecosystem":"Ubuntu:Pro:FIPS-updates:18.04:LTS","purl":"pkg:deb/ubuntu/linux-azure-fips?arch=source&distro=fips-updates%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.15.0-2104.110"}]}],"versions":["4.15.0-1002.2","4.15.0-2006.7","4.15.0-2007.8","4.15.0-2008.9","4.15.0-2009.10","4.15.0-2012.14","4.15.0-2013.15","4.15.0-2015.17","4.15.0-2016.18","4.15.0-2017.20","4.15.0-2018.21","4.15.0-2020.23","4.15.0-2021.24","4.15.0-2022.25","4.15.0-2023.26","4.15.0-2024.27","4.15.0-2025.28","4.15.0-2026.29","4.15.0-2027.30","4.15.0-2030.33","4.15.0-2033.37","4.15.0-2034.38","4.15.0-2035.39","4.15.0-2036.40","4.15.0-2037.41","4.15.0-2038.42","4.15.0-2039.43","4.15.0-2041.45","4.15.0-2042.46","4.15.0-2043.47","4.15.0-2045.49","4.15.0-2046.50","4.15.0-2047.51","4.15.0-2048.52","4.15.0-2049.53","4.15.0-2050.54","4.15.0-2053.58","4.15.0-2056.62","4.15.0-2057.63","4.15.0-2059.65","4.15.0-2060.66","4.15.0-2062.68","4.15.0-2066.72","4.15.0-2067.73","4.15.0-2068.74","4.15.0-2070.76","4.15.0-2071.77","4.15.0-2072.78","4.15.0-2073.79","4.15.0-2074.80","4.15.0-2075.81","4.15.0-2076.82","4.15.0-2077.83","4.15.0-2078.84","4.15.0-2079.85","4.15.0-2080.86","4.15.0-2081.87","4.15.0-2082.88","4.15.0-2084.90","4.15.0-2085.91","4.15.0-2086.92","4.15.0-2087.93","4.15.0-2088.94","4.15.0-2089.95","4.15.0-2090.96","4.15.0-2091.97","4.15.0-2092.98","4.15.0-2093.99","4.15.0-2094.100","4.15.0-2095.101","4.15.0-2096.102","4.15.0-2097.103","4.15.0-2098.104","4.15.0-2099.105","4.15.0-2100.106","4.15.0-2101.107","4.15.0-2102.108"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-azure-fips-cloud-tools-4.15.0-2104","binary_version":"4.15.0-2104.110"},{"binary_name":"linux-azure-fips-headers-4.15.0-2104","binary_version":"4.15.0-2104.110"},{"binary_name":"linux-azure-fips-tools-4.15.0-2104","binary_version":"4.15.0-2104.110"},{"binary_name":"linux-buildinfo-4.15.0-2104-azure-fips","binary_version":"4.15.0-2104.110"},{"binary_name":"linux-cloud-tools-4.15.0-2104-azure-fips","binary_version":"4.15.0-2104.110"},{"binary_name":"linux-headers-4.15.0-2104-azure-fips","binary_version":"4.15.0-2104.110"},{"binary_name":"linux-image-unsigned-4.15.0-2104-azure-fips","binary_version":"4.15.0-2104.110"},{"binary_name":"linux-image-unsigned-hmac-4.15.0-2104-azure-fips","binary_version":"4.15.0-2104.110"},{"binary_name":"linux-modules-4.15.0-2104-azure-fips","binary_version":"4.15.0-2104.110"},{"binary_name":"linux-modules-extra-4.15.0-2104-azure-fips","binary_version":"4.15.0-2104.110"},{"binary_name":"linux-tools-4.15.0-2104-azure-fips","binary_version":"4.15.0-2104.110"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:FIPS-updates:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7937-1.json"}}],"schema_version":"1.7.5"}