{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-6.14.0-35", "linux-headers-6.14.0-35-generic", "linux-image-6.14.0-35-generic", "linux-modules-6.14.0-35-generic", "linux-tools-6.14.0-35", "linux-tools-6.14.0-35-generic" ], "removed": [ "linux-headers-6.14.0-34", "linux-headers-6.14.0-34-generic", "linux-image-6.14.0-34-generic", "linux-modules-6.14.0-34-generic", "linux-tools-6.14.0-34", "linux-tools-6.14.0-34-generic" ], "diff": [ "bpftool", "libsframe1", "libxml2", "linux-headers-generic", "linux-headers-virtual", "linux-image-virtual", "linux-libc-dev", "linux-perf", "linux-tools-common", "linux-virtual" ] } }, "diff": { "deb": [ { "name": "bpftool", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": "7.6.0+6.14.0-34.34" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.14.0-35.35", "version": "7.6.0+6.14.0-35.35" }, "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-35.35 -proposed tracker (LP: #2127468)", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300", " - Documentation/hw-vuln: Add VMSCAPE documentation", " - x86/vmscape: Enumerate VMSCAPE bug", " - x86/vmscape: Add conditional IBPB mitigation", " - x86/vmscape: Enable the mitigation", " - x86/bugs: Move cpu_bugs_smt_update() down", " - x86/vmscape: Warn when STIBP is disabled with SMT", " - x86/vmscape: Add old Intel CPUs to affected list", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105)", " - [Config] Enable MITIGATION_VMSCAPE config", "" ], "package": "linux", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 21:09:58 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsframe1", "from_version": { "source_package_name": "binutils", "source_package_version": "2.44-3ubuntu1", "version": "2.44-3ubuntu1" }, "to_version": { "source_package_name": "binutils", "source_package_version": "2.44-3ubuntu1.1", "version": "2.44-3ubuntu1.1" }, "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1182", "url": "https://ubuntu.com/security/CVE-2025-1182", "cve_description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-02-11 09:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-7546", "url": "https://ubuntu.com/security/CVE-2025-7546", "cve_description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1182", "url": "https://ubuntu.com/security/CVE-2025-1182", "cve_description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-02-11 09:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-7546", "url": "https://ubuntu.com/security/CVE-2025-7546", "cve_description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11082.patch: avoid reads of beyond", " .eh_frame section in bfd/elf-eh-frame.c.", " - CVE-2025-11082", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11083.patch: fix in bfd/elfcode.h.", " - CVE-2025-11083", " * SECURITY UPDATE: Buffer overflow", " - debian/patches/CVE-2025-1147.patch: fix treating an ifunc symbol", " as a stab in binutils/nm.c, binutils/testsuite/binutils-all/nm.exp.", " - CVE-2025-1147", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-1148.patch: replace xmalloc with stat_alloc", " in ld parser in multiple files.", " - CVE-2025-1148", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-1182.patch: fix illegal memory", " access in bdf/elflink.c.", " - CVE-2025-1182", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-3198.patch: fix memory leak", " inbinutils/bucomm.c.", " - CVE-2025-3198", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5244.patch: fix segfault", " in bfd/elflink.c", " - CVE-2025-5244", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5245.patch: fix segfault", " in binutils/debug.c", " - CVE-2025-5245", " * SECURITY UPDATE: Heap-based buffer overflow", " - debian/patches/CVE-2025-7545.patch: check size", " of copy_section in binutils/objcopy.c", " - CVE-2025-7545", " * SECURITY UPDATE: Out-of-bounds write", " - debian/patches/CVE-2025-7546.patch: fix in bfd/elf.c.", " - CVE-2025-7546", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-8225.patch: fix in binutils/dwarf.c.", " - CVE-2025-8225", "" ], "package": "binutils", "version": "2.44-3ubuntu1.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Tue, 21 Oct 2025 13:05:12 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libxml2", "from_version": { "source_package_name": "libxml2", "source_package_version": "2.12.7+dfsg+really2.9.14-0.4ubuntu0.3", "version": "2.12.7+dfsg+really2.9.14-0.4ubuntu0.3" }, "to_version": { "source_package_name": "libxml2", "source_package_version": "2.12.7+dfsg+really2.9.14-0.4ubuntu0.4", "version": "2.12.7+dfsg+really2.9.14-0.4ubuntu0.4" }, "cves": [ { "cve": "CVE-2025-7425", "url": "https://ubuntu.com/security/CVE-2025-7425", "cve_description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cve_priority": "medium", "cve_public_date": "2025-07-10 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-7425", "url": "https://ubuntu.com/security/CVE-2025-7425", "cve_description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cve_priority": "medium", "cve_public_date": "2025-07-10 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: libxslt internal memory corruption", " - debian/patches/CVE-2025-7425.patch: fix heap-use-after-free in", " xmlFreeID caused by atype corruption.", " - CVE-2025-7425", "" ], "package": "libxml2", "version": "2.12.7+dfsg+really2.9.14-0.4ubuntu0.4", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 30 Oct 2025 09:23:37 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-generic", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.14.0-35.35", "" ], "package": "linux-meta", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 22:26:05 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.14.0-35.35", "" ], "package": "linux-meta", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 22:26:05 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.14.0-35.35", "" ], "package": "linux-meta", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 22:26:05 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-libc-dev", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-35.35 -proposed tracker (LP: #2127468)", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300", " - Documentation/hw-vuln: Add VMSCAPE documentation", " - x86/vmscape: Enumerate VMSCAPE bug", " - x86/vmscape: Add conditional IBPB mitigation", " - x86/vmscape: Enable the mitigation", " - x86/bugs: Move cpu_bugs_smt_update() down", " - x86/vmscape: Warn when STIBP is disabled with SMT", " - x86/vmscape: Add old Intel CPUs to affected list", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105)", " - [Config] Enable MITIGATION_VMSCAPE config", "" ], "package": "linux", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 21:09:58 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-perf", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-35.35 -proposed tracker (LP: #2127468)", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300", " - Documentation/hw-vuln: Add VMSCAPE documentation", " - x86/vmscape: Enumerate VMSCAPE bug", " - x86/vmscape: Add conditional IBPB mitigation", " - x86/vmscape: Enable the mitigation", " - x86/bugs: Move cpu_bugs_smt_update() down", " - x86/vmscape: Warn when STIBP is disabled with SMT", " - x86/vmscape: Add old Intel CPUs to affected list", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105)", " - [Config] Enable MITIGATION_VMSCAPE config", "" ], "package": "linux", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 21:09:58 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-common", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-35.35 -proposed tracker (LP: #2127468)", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300", " - Documentation/hw-vuln: Add VMSCAPE documentation", " - x86/vmscape: Enumerate VMSCAPE bug", " - x86/vmscape: Add conditional IBPB mitigation", " - x86/vmscape: Enable the mitigation", " - x86/bugs: Move cpu_bugs_smt_update() down", " - x86/vmscape: Warn when STIBP is disabled with SMT", " - x86/vmscape: Add old Intel CPUs to affected list", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105)", " - [Config] Enable MITIGATION_VMSCAPE config", "" ], "package": "linux", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 21:09:58 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.14.0-35.35", "" ], "package": "linux-meta", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 22:26:05 +0200" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-6.14.0-35", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-35.35 -proposed tracker (LP: #2127468)", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300", " - Documentation/hw-vuln: Add VMSCAPE documentation", " - x86/vmscape: Enumerate VMSCAPE bug", " - x86/vmscape: Add conditional IBPB mitigation", " - x86/vmscape: Enable the mitigation", " - x86/bugs: Move cpu_bugs_smt_update() down", " - x86/vmscape: Warn when STIBP is disabled with SMT", " - x86/vmscape: Add old Intel CPUs to affected list", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105)", " - [Config] Enable MITIGATION_VMSCAPE config", "" ], "package": "linux", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 21:09:58 +0200" } ], "notes": "linux-headers-6.14.0-35 version '6.14.0-35.35' (source package linux version '6.14.0-35.35') was added. linux-headers-6.14.0-35 version '6.14.0-35.35' has the same source package name, linux, as removed package linux-headers-6.14.0-34. As such we can use the source package version of the removed package, '6.14.0-34.34', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-headers-6.14.0-35-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-35.35 -proposed tracker (LP: #2127468)", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300", " - Documentation/hw-vuln: Add VMSCAPE documentation", " - x86/vmscape: Enumerate VMSCAPE bug", " - x86/vmscape: Add conditional IBPB mitigation", " - x86/vmscape: Enable the mitigation", " - x86/bugs: Move cpu_bugs_smt_update() down", " - x86/vmscape: Warn when STIBP is disabled with SMT", " - x86/vmscape: Add old Intel CPUs to affected list", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105)", " - [Config] Enable MITIGATION_VMSCAPE config", "" ], "package": "linux", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 21:09:58 +0200" } ], "notes": "linux-headers-6.14.0-35-generic version '6.14.0-35.35' (source package linux version '6.14.0-35.35') was added. linux-headers-6.14.0-35-generic version '6.14.0-35.35' has the same source package name, linux, as removed package linux-headers-6.14.0-34. As such we can use the source package version of the removed package, '6.14.0-34.34', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-image-6.14.0-35-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.14.0-34.34", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.14.0-35.35", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 22:26:14 +0200" } ], "notes": "linux-image-6.14.0-35-generic version '6.14.0-35.35' (source package linux-signed version '6.14.0-35.35') was added. linux-image-6.14.0-35-generic version '6.14.0-35.35' has the same source package name, linux-signed, as removed package linux-image-6.14.0-34-generic. As such we can use the source package version of the removed package, '6.14.0-34.34', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-6.14.0-35-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-35.35 -proposed tracker (LP: #2127468)", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300", " - Documentation/hw-vuln: Add VMSCAPE documentation", " - x86/vmscape: Enumerate VMSCAPE bug", " - x86/vmscape: Add conditional IBPB mitigation", " - x86/vmscape: Enable the mitigation", " - x86/bugs: Move cpu_bugs_smt_update() down", " - x86/vmscape: Warn when STIBP is disabled with SMT", " - x86/vmscape: Add old Intel CPUs to affected list", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105)", " - [Config] Enable MITIGATION_VMSCAPE config", "" ], "package": "linux", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 21:09:58 +0200" } ], "notes": "linux-modules-6.14.0-35-generic version '6.14.0-35.35' (source package linux version '6.14.0-35.35') was added. linux-modules-6.14.0-35-generic version '6.14.0-35.35' has the same source package name, linux, as removed package linux-headers-6.14.0-34. As such we can use the source package version of the removed package, '6.14.0-34.34', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-tools-6.14.0-35", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-35.35 -proposed tracker (LP: #2127468)", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300", " - Documentation/hw-vuln: Add VMSCAPE documentation", " - x86/vmscape: Enumerate VMSCAPE bug", " - x86/vmscape: Add conditional IBPB mitigation", " - x86/vmscape: Enable the mitigation", " - x86/bugs: Move cpu_bugs_smt_update() down", " - x86/vmscape: Warn when STIBP is disabled with SMT", " - x86/vmscape: Add old Intel CPUs to affected list", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105)", " - [Config] Enable MITIGATION_VMSCAPE config", "" ], "package": "linux", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 21:09:58 +0200" } ], "notes": "linux-tools-6.14.0-35 version '6.14.0-35.35' (source package linux version '6.14.0-35.35') was added. linux-tools-6.14.0-35 version '6.14.0-35.35' has the same source package name, linux, as removed package linux-headers-6.14.0-34. As such we can use the source package version of the removed package, '6.14.0-34.34', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-tools-6.14.0-35-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-35.35 -proposed tracker (LP: #2127468)", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300", " - Documentation/hw-vuln: Add VMSCAPE documentation", " - x86/vmscape: Enumerate VMSCAPE bug", " - x86/vmscape: Add conditional IBPB mitigation", " - x86/vmscape: Enable the mitigation", " - x86/bugs: Move cpu_bugs_smt_update() down", " - x86/vmscape: Warn when STIBP is disabled with SMT", " - x86/vmscape: Add old Intel CPUs to affected list", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105)", " - [Config] Enable MITIGATION_VMSCAPE config", "" ], "package": "linux", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 21:09:58 +0200" } ], "notes": "linux-tools-6.14.0-35-generic version '6.14.0-35.35' (source package linux version '6.14.0-35.35') was added. linux-tools-6.14.0-35-generic version '6.14.0-35.35' has the same source package name, linux, as removed package linux-headers-6.14.0-34. As such we can use the source package version of the removed package, '6.14.0-34.34', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-6.14.0-34", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-6.14.0-34-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-6.14.0-34-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-6.14.0-34-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-6.14.0-34", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-6.14.0-34-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-34.34", "version": "6.14.0-34.34" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.04 plucky image from daily image serial 20251024 to 20251102", "from_series": "plucky", "to_series": "plucky", "from_serial": "20251024", "to_serial": "20251102", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }