CVE-2025-38074: In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq->log_used with vq->mutex The vhost-scsi completion path may access…

CVE-2025-40068 [LOW] Linux kernel (Azure) vulnerabilities Title: Linux kernel (Azure) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that

CVE-2025-37956 [LOW] Linux kernel (Azure) vulnerabilities Title: Linux kernel (Azure) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system

CVE-2025-38476 [LOW] Linux kernel (Azure FIPS) vulnerabilities Title: Linux kernel (Azure FIPS) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the s

CVE-2025-38652 [LOW] Linux kernel (Xilinx) vulnerabilities Title: Linux kernel (Xilinx) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the syste

CVE-2025-38014 [LOW] Linux kernel (IBM) vulnerabilities Title: Linux kernel (IBM) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

CVE-2025-38702 [LOW] Linux kernel (Low Latency) vulnerabilities Title: Linux kernel (Low Latency) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the

CVE-2025-38702 [LOW] Linux kernel (Low Latency NVIDIA) vulnerabilities Title: Linux kernel (Low Latency NVIDIA) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromi

CVE-2025-38702 [LOW] Linux kernel (HWE) vulnerabilities Title: Linux kernel (HWE) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

CVE-2025-38014 [LOW] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This u

CVE-2025-38014 [LOW] Linux kernel (GCP FIPS) vulnerabilities Title: Linux kernel (GCP FIPS) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the sys

CVE-2025-38702 [LOW] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This u

CVE-2025-38702 [LOW] Linux kernel (FIPS) vulnerabilities Title: Linux kernel (FIPS) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

CVE-2025-38014 [LOW] Linux kernel (Real-time) vulnerabilities Title: Linux kernel (Real-time) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the sy

CVE-2025-38702 [LOW] Linux kernel (GCP) vulnerabilities Title: Linux kernel (GCP) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

CVE-2025-38014 [LOW] Linux kernel (Real-time) vulnerabilities Title: Linux kernel (Real-time) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the sy

CVE-2025-38702 [LOW] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This u

CVE-2025-38304 Linux kernel (Raspberry Pi) vulnerabilities Title: Linux kernel (Raspberry Pi) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; -

CVE-2025-38386 Linux kernel (NVIDIA Tegra IGX) vulnerabilities Title: Linux kernel (NVIDIA Tegra IGX) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem;

CVE-2025-38084 Linux kernel (KVM) vulnerabilities Title: Linux kernel (KVM) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block

CVE-2025-38084 Linux kernel (Azure) vulnerabilities Title: Linux kernel (Azure) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD bloc

CVE-2025-38092 Linux kernel (Oracle) vulnerabilities Title: Linux kernel (Oracle) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU

CVE-2025-38071 Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsyste

CVE-2025-38444 Linux kernel (Azure) vulnerabilities Title: Linux kernel (Azure) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD bloc

CVE-2025-38203 Linux kernel (Oracle) vulnerabilities Title: Linux kernel (Oracle) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD blo

CVE-2025-38312 Linux kernel (Azure FIPS) vulnerabilities Title: Linux kernel (Azure FIPS) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD

CVE-2025-38312 Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device

CVE-2025-38203 Linux kernel (Real-time) vulnerabilities Title: Linux kernel (Real-time) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD

CVE-2025-38106 Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsyste

CVE-2025-38203 Linux kernel (FIPS) vulnerabilities Title: Linux kernel (FIPS) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block

CVE-2025-38106 Linux kernel (OEM) vulnerabilities Title: Linux kernel (OEM) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU su

CVE-2025-38082 Linux kernel (Azure) vulnerabilities Title: Linux kernel (Azure) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU

CVE-2025-38082 Linux kernel (Real-time) vulnerabilities Title: Linux kernel (Real-time) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IO

CVE-2025-38074 [MEDIUM] kernel: vhost-scsi: protect vq->log_used with vq->mutex kernel: vhost-scsi: protect vq->log_used with vq->mutex In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq->log_used with vq->mutex The vhost-scsi completion path may access vq->log_base when vq->log_used is already set to false. vhost-thread QEMU-thread vhost_scsi_complete_cmd_work() -> vhost_add_used() -> vhost_add_used_n() if (unlikely(vq->log_used)) QEMU disables vq->log_used via VHOST_SET_VRING_ADDR. mutex_lock(&vq->mutex); vq->log_used = false now! mutex_unlock(&vq->mutex); QEMU gfree(vq->log_base) log_used() -> log_write(vq->log_base) Assuming the VMM is QEMU. The vq->log_base is from QEMU userpace and can be reclaimed via gfree(). As a result, this causes invalid memory writes to QEMU userspace. The control queue path has the same issue. Pa

CVE-2025-38074 [MEDIUM] vhost-scsi: protect vq->log_used with vq->mutex vhost-scsi: protect vq->log_used with vq->mutex FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-38074 [MEDIUM] CVE-2025-38074: linux - In the Linux kernel, the following vulnerability has been resolved: vhost-scsi:... In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq->log_used with vq->mutex The vhost-scsi completion path may access vq->log_base when vq->log_used is already set to false. vhost-thread QEMU-thread vhost_scsi_complete_cmd_work() -> vhost_add_used() -> vhost_add_used_n() if (unlikely(vq->log_used)) QEMU disables vq->log_used via VHOST_SET_VRING_ADDR. mutex_lock(&vq->mutex); vq->log_used = false now! mutex_unlock(&vq->mutex); QEMU gfree(vq->log_base) log_used() -> log_write(vq->log_base) Assuming the VMM is QEMU. The vq->log_base is from QEMU userpace and can be reclaimed via gfree(). As a result, this causes invalid memory writes to QEMU userspace. The control queue path has the same issue. Scope: local bookworm: resolved (fixed in 6.1.147-1) bullsey

[LOW] linux-azure-6.8 vulnerabilities linux-azure-6.8 vulnerabilities Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores,

CVE-2024-36331 [LOW] linux-azure-fips vulnerabilities linux-azure-fips vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architectur

CVE-2024-36331 [LOW] linux-azure vulnerabilities linux-azure vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; -

CVE-2024-36331 [LOW] linux-ibm, linux-ibm-6.8 vulnerabilities linux-ibm, linux-ibm-6.8 vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 arc

CVE-2024-36331 [LOW] linux-xilinx vulnerabilities linux-xilinx vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; -

CVE-2024-36331 [LOW] linux-hwe-6.8, linux-lowlatency-hwe-6.8 vulnerabilities linux-hwe-6.8, linux-lowlatency-hwe-6.8 vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsyste

CVE-2024-36331 [LOW] linux-gcp, linux-gke vulnerabilities linux-gcp, linux-gke vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 archite

CVE-2024-36331 [LOW] linux-nvidia-lowlatency vulnerabilities linux-nvidia-lowlatency vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 arch

CVE-2024-36331 [LOW] linux-lowlatency vulnerabilities linux-lowlatency vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architectur

CVE-2024-36331 [LOW] linux-gcp-fips vulnerabilities linux-gcp-fips vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture;

CVE-2024-36331 [LOW] linux-aws-fips, linux-fips vulnerabilities linux-aws-fips, linux-fips vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 a

CVE-2024-36331 [LOW] linux-realtime, linux-raspi-realtime vulnerabilities linux-realtime, linux-raspi-realtime vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

CVE-2024-36331 [LOW] linux-aws, linux-aws-6.8, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities linux-aws, linux-aws-6.8, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise th

CVE-2024-36331 [LOW] linux-gcp-6.8 vulnerabilities linux-gcp-6.8 vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture;

CVE-2024-36331 [LOW] linux-realtime-6.8 vulnerabilities linux-realtime-6.8 vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architect

CVE-2024-36331 [LOW] linux, linux-raspi vulnerabilities linux, linux-raspi vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architect

linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlate linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-xilinx-zynqmp vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; -

linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime vulnerabilities linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsystem; - Multipl

linux-raspi vulnerabilities linux-raspi vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MTD

linux-nvidia-tegra-igx vulnerabilities linux-nvidia-tegra-igx vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controllers subsystem; - x86

linux-kvm vulnerabilities linux-kvm vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controllers subsystem; - x86 platform dri

linux-oracle-6.14 vulnerabilities linux-oracle-6.14 vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver;

linux-azure-5.15 vulnerabilities linux-azure-5.15 vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controllers subsystem; - x86 platf

linux-aws-6.14, linux-hwe-6.14 vulnerabilities linux-aws-6.14, linux-hwe-6.14 vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware

linux-azure vulnerabilities linux-azure vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controllers subsystem; - x86 platform d

linux-oracle-5.15 vulnerabilities linux-oracle-5.15 vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controllers subsystem; - x86 plat

linux-intel-iot-realtime, linux-realtime vulnerabilities linux-intel-iot-realtime, linux-realtime vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controller

linux-azure-fips vulnerabilities linux-azure-fips vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controllers subsystem; - x86 platf

linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controll

linux-realtime-6.14 vulnerabilities linux-realtime-6.14 vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Drive

linux-azure vulnerabilities linux-azure vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MTD

linux-oem-6.14 vulnerabilities linux-oem-6.14 vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; -

CVE-2025-38074 [MEDIUM] CVE-2025-38074: In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq->log_used with vq->mutex The vhost-scsi completion path may In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq->log_used with vq->mutex The vhost-scsi completion path may access vq->log_base when vq->log_used is already set to false. vhost-thread QEMU-thread vhost_scsi_complete_cmd_work() -> vhost_add_used() -> vhost_add_used_n() if (unlikely(vq->log_used)) QEMU disables vq->log_used via VHOST_SET_VRING_ADDR. mutex_lock(&vq->mutex); vq->log_used = false now! mutex_unlock(&vq->mutex); QEMU gfree(vq->log_base) log_used() -> log_write(vq->log_base) Assuming the VMM is QEMU. The vq->log_base is from QEMU userpace and can be reclaimed via gfree(). As a result, this causes invalid memory writes to QEMU userspace. The control queue path has the same issue.

CVE-2025-38074 [MEDIUM] GHSA-7p5h-9pp6-5wqc: In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq->log_used with vq->mutex The vhost-scsi completion path m In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq->log_used with vq->mutex The vhost-scsi completion path may access vq->log_base when vq->log_used is already set to false. vhost-thread QEMU-thread vhost_scsi_complete_cmd_work() -> vhost_add_used() -> vhost_add_used_n() if (unlikely(vq->log_used)) QEMU disables vq->log_used via VHOST_SET_VRING_ADDR. mutex_lock(&vq->mutex); vq->log_used = false now! mutex_unlock(&vq->mutex); QEMU gfree(vq->log_base) log_used() -> log_write(vq->log_base) Assuming the VMM is QEMU. The vq->log_base is from QEMU userpace and can be reclaimed via gfree(). As a result, this causes invalid memory writes to QEMU userspace. The control queue path has the same issue.