USN-7860-1: Linux kernel vulnerability
Ubuntu ServerCanonical
USN-7860-1: Linux kernel vulnerability
Publication date: 6 November 2025
Overview: The system could be made to expose sensitive information.
Packages
- linux - Linux kernel
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-aws-6.14 - Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
- linux-gcp-6.14 - Linux kernel for Google Cloud Platform (GCP) systems
- linux-oem-6.14 - Linux kernel for OEM systems
- linux-oracle - Linux kernel for Oracle Cloud systems
- linux-oracle-6.14 - Linux kernel for Oracle Cloud systems
- linux-raspi - Linux kernel for Raspberry Pi systems
- linux-realtime - Linux kernel for Real-time systems
Details
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.
Update instructions
The problem can be corrected by updating your system to the following package versions:
25.04 plucky
- linux-image-6.14.0-1015-realtime – 6.14.0-1015.15
- linux-image-6.14.0-1016-aws – 6.14.0-1016.16
- linux-image-6.14.0-1016-aws-64k – 6.14.0-1016.16
- linux-image-6.14.0-1016-oracle – 6.14.0-1016.16
- linux-image-6.14.0-1016-oracle-64k – 6.14.0-1016.16
- linux-image-6.14.0-1017-raspi – 6.14.0-1017.17
- linux-image-6.14.0-1019-gcp – 6.14.0-1019.20
- linux-image-6.14.0-1019-gcp-64k – 6.14.0-1019.20
- linux-image-6.14.0-35-generic – 6.14.0-35.35
- linux-image-6.14.0-35-generic-64k – 6.14.0-35.35
- linux-image-aws – 6.14.0-1016.16
- linux-image-aws-6.14 – 6.14.0-1016.16
- linux-image-aws-64k – 6.14.0-1016.16
- linux-image-aws-64k-6.14 – 6.14.0-1016.16
- linux-image-gcp – 6.14.0-1019.20
- linux-image-gcp-6.14 – 6.14.0-1019.20
- linux-image-gcp-64k – 6.14.0-1019.20
- linux-image-gcp-64k-6.14 – 6.14.0-1019.20
- linux-image-generic – 6.14.0-35.35
- linux-image-generic-6.14 – 6.14.0-35.35
- linux-image-generic-64k – 6.14.0-35.35
- linux-image-generic-64k-6.14 – 6.14.0-35.35
- linux-image-oracle – 6.14.0-1016.16
- linux-image-oracle-6.14 – 6.14.0-1016.16
- linux-image-oracle-64k – 6.14.0-1016.16
- linux-image-oracle-64k-6.14 – 6.14.0-1016.16
- linux-image-raspi – 6.14.0-1017.17
- linux-image-raspi-6.14 – 6.14.0-1017.17
- linux-image-realtime – 6.14.0-1015.15
- linux-image-realtime-6.14 – 6.14.0-1015.15
- linux-image-virtual – 6.14.0-35.35
- linux-image-virtual-6.14 – 6.14.0-35.35
24.04 LTS noble
- linux-image-6.14.0-1015-oem – 6.14.0-1015.15
- linux-image-6.14.0-1016-aws – 6.14.0-1016.16~24.04.1
- linux-image-6.14.0-1016-aws-64k – 6.14.0-1016.16~24.04.1
- linux-image-6.14.0-1016-oracle – 6.14.0-1016.16~24.04.1
- linux-image-6.14.0-1016-oracle-64k – 6.14.0-1016.16~24.04.1
- linux-image-6.14.0-1019-gcp – 6.14.0-1019.20~24.04.1
- linux-image-6.14.0-1019-gcp-64k – 6.14.0-1019.20~24.04.1
- linux-image-aws – 6.14.0-1016.16~24.04.1
- linux-image-aws-6.14 – 6.14.0-1016.16~24.04.1
- linux-image-aws-64k – 6.14.0-1016.16~24.04.1
- linux-image-aws-64k-6.14 – 6.14.0-1016.16~24.04.1
- linux-image-gcp – 6.14.0-1019.20~24.04.1
- linux-image-gcp-6.14 – 6.14.0-1019.20~24.04.1
- linux-image-gcp-64k – 6.14.0-1019.20~24.04.1
- linux-image-gcp-64k-6.14 – 6.14.0-1019.20~24.04.1
- linux-image-oem-24.04 – 6.14.0-1015.15
- linux-image-oem-24.04a – 6.14.0-1015.15
- linux-image-oem-24.04b – 6.14.0-1015.15
- linux-image-oem-24.04c – 6.14.0-1015.15
- linux-image-oem-6.14 – 6.14.0-1015.15
- linux-image-oracle – 6.14.0-1016.16~24.04.1
- linux-image-oracle-6.14 – 6.14.0-1016.16~24.04.1
- linux-image-oracle-64k – 6.14.0-1016.16~24.04.1
- linux-image-oracle-64k-6.14 – 6.14.0-1016.16~24.04.1
