Ubuntu Security Notices
USN-7860-1

USN-7860-1: Linux kernel vulnerability

Publication date

6 November 2025

Overview

The system could be made to expose sensitive information.

Releases

25.04 24.04 LTS

Packages

linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-aws-6.14 - Linux kernel for Amazon Web Services (AWS) systems
linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
linux-gcp-6.14 - Linux kernel for Google Cloud Platform (GCP) systems
linux-oem-6.14 - Linux kernel for OEM systems
linux-oracle - Linux kernel for Oracle Cloud systems
linux-oracle-6.14 - Linux kernel for Oracle Cloud systems
linux-raspi - Linux kernel for Raspberry Pi systems
linux-realtime - Linux kernel for Real-time systems

Details

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release	Package Version
25.04 plucky	linux-image-6.14.0-1015-realtime – 6.14.0-1015.15
	linux-image-6.14.0-1016-aws – 6.14.0-1016.16
	linux-image-6.14.0-1016-aws-64k – 6.14.0-1016.16
	linux-image-6.14.0-1016-oracle – 6.14.0-1016.16
	linux-image-6.14.0-1016-oracle-64k – 6.14.0-1016.16
	linux-image-6.14.0-1017-raspi – 6.14.0-1017.17
	linux-image-6.14.0-1019-gcp – 6.14.0-1019.20
	linux-image-6.14.0-1019-gcp-64k – 6.14.0-1019.20
	linux-image-6.14.0-35-generic – 6.14.0-35.35
	linux-image-6.14.0-35-generic-64k – 6.14.0-35.35
	linux-image-aws – 6.14.0-1016.16
	linux-image-aws-6.14 – 6.14.0-1016.16
	linux-image-aws-64k – 6.14.0-1016.16
	linux-image-aws-64k-6.14 – 6.14.0-1016.16
	linux-image-gcp – 6.14.0-1019.20
	linux-image-gcp-6.14 – 6.14.0-1019.20
	linux-image-gcp-64k – 6.14.0-1019.20
	linux-image-gcp-64k-6.14 – 6.14.0-1019.20
	linux-image-generic – 6.14.0-35.35
	linux-image-generic-6.14 – 6.14.0-35.35
	linux-image-generic-64k – 6.14.0-35.35
	linux-image-generic-64k-6.14 – 6.14.0-35.35
	linux-image-oracle – 6.14.0-1016.16
	linux-image-oracle-6.14 – 6.14.0-1016.16
	linux-image-oracle-64k – 6.14.0-1016.16
	linux-image-oracle-64k-6.14 – 6.14.0-1016.16
	linux-image-raspi – 6.14.0-1017.17
	linux-image-raspi-6.14 – 6.14.0-1017.17
	linux-image-realtime – 6.14.0-1015.15
	linux-image-realtime-6.14 – 6.14.0-1015.15
	linux-image-virtual – 6.14.0-35.35
	linux-image-virtual-6.14 – 6.14.0-35.35
24.04 LTS noble	linux-image-6.14.0-1015-oem – 6.14.0-1015.15
	linux-image-6.14.0-1016-aws – 6.14.0-1016.16~24.04.1
	linux-image-6.14.0-1016-aws-64k – 6.14.0-1016.16~24.04.1
	linux-image-6.14.0-1016-oracle – 6.14.0-1016.16~24.04.1
	linux-image-6.14.0-1016-oracle-64k – 6.14.0-1016.16~24.04.1
	linux-image-6.14.0-1019-gcp – 6.14.0-1019.20~24.04.1
	linux-image-6.14.0-1019-gcp-64k – 6.14.0-1019.20~24.04.1
	linux-image-aws – 6.14.0-1016.16~24.04.1
	linux-image-aws-6.14 – 6.14.0-1016.16~24.04.1
	linux-image-aws-64k – 6.14.0-1016.16~24.04.1
	linux-image-aws-64k-6.14 – 6.14.0-1016.16~24.04.1
	linux-image-gcp – 6.14.0-1019.20~24.04.1
	linux-image-gcp-6.14 – 6.14.0-1019.20~24.04.1
	linux-image-gcp-64k – 6.14.0-1019.20~24.04.1
	linux-image-gcp-64k-6.14 – 6.14.0-1019.20~24.04.1
	linux-image-oem-24.04 – 6.14.0-1015.15
	linux-image-oem-24.04a – 6.14.0-1015.15
	linux-image-oem-24.04b – 6.14.0-1015.15
	linux-image-oem-24.04c – 6.14.0-1015.15
	linux-image-oem-6.14 – 6.14.0-1015.15
	linux-image-oracle – 6.14.0-1016.16~24.04.1
	linux-image-oracle-6.14 – 6.14.0-1016.16~24.04.1
	linux-image-oracle-64k – 6.14.0-1016.16~24.04.1
	linux-image-oracle-64k-6.14 – 6.14.0-1016.16~24.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

CVE-2025-40300

CVE-2025-40300

Have additional questions?

Talk to a member of the team ›