USN-7860-4

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7860-4
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7860-4.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7860-4
Upstream
Related
Published
2025-11-07T10:37:29.439476Z
Modified
2025-11-10T10:33:15.070469Z
Summary
linux-intel-iot-realtime, linux-realtime vulnerability
Details

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS.

References

Affected packages

Ubuntu:Pro:22.04:LTS:Realtime:Kernel / linux-intel-iot-realtime

Package

Name
linux-intel-iot-realtime
Purl
pkg:deb/ubuntu/linux-intel-iot-realtime@5.15.0-1088.90?arch=source&distro=realtime/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.0-1088.90

Affected versions

5.*

5.15.0-1021.26
5.15.0-1022.27
5.15.0-1023.28
5.15.0-1024.29
5.15.0-1028.33
5.15.0-1033.35
5.15.0-1034.36
5.15.0-1035.37
5.15.0-1036.38
5.15.0-1037.39
5.15.0-1038.40
5.15.0-1039.41
5.15.0-1040.42
5.15.0-1041.43
5.15.0-1042.44
5.15.0-1043.45
5.15.0-1044.46
5.15.0-1046.48
5.15.0-1047.49
5.15.0-1048.50
5.15.0-1049.51
5.15.0-1050.52
5.15.0-1053.55
5.15.0-1054.56
5.15.0-1055.57
5.15.0-1056.58
5.15.0-1057.59
5.15.0-1058.60
5.15.0-1059.61
5.15.0-1060.62
5.15.0-1061.63
5.15.0-1063.65
5.15.0-1064.66
5.15.0-1066.68
5.15.0-1071.73
5.15.0-1072.74
5.15.0-1073.75
5.15.0-1074.76
5.15.0-1075.77
5.15.0-1076.78
5.15.0-1077.79
5.15.0-1078.80
5.15.0-1079.81
5.15.0-1080.82
5.15.0-1081.83
5.15.0-1082.84
5.15.0-1083.85
5.15.0-1084.86
5.15.0-1085.87
5.15.0-1086.88
5.15.0-1087.89

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-buildinfo-5.15.0-1088-intel-iot-realtime"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-cloud-tools-5.15.0-1088-intel-iot-realtime"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-headers-5.15.0-1088-intel-iot-realtime"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-image-unsigned-5.15.0-1088-intel-iot-realtime"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-intel-iot-realtime-cloud-tools-5.15.0-1088"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-intel-iot-realtime-cloud-tools-common"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-intel-iot-realtime-headers-5.15.0-1088"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-intel-iot-realtime-tools-5.15.0-1088"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-intel-iot-realtime-tools-common"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-intel-iot-realtime-tools-host"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-modules-5.15.0-1088-intel-iot-realtime"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-modules-extra-5.15.0-1088-intel-iot-realtime"
        },
        {
            "binary_version": "5.15.0-1088.90",
            "binary_name": "linux-tools-5.15.0-1088-intel-iot-realtime"
        }
    ]
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:Pro:22.04:LTS:Realtime:Kernel",
    "cves": [
        {
            "id": "CVE-2025-40300",
            "severity": [
                {
                    "score": "high",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}

Ubuntu:Pro:22.04:LTS:Realtime:Kernel / linux-realtime

Package

Name
linux-realtime
Purl
pkg:deb/ubuntu/linux-realtime@5.15.0-1095.104?arch=source&distro=realtime/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.0-1095.104

Affected versions

5.*

5.15.0-1006.6
5.15.0-1007.7
5.15.0-1009.9
5.15.0-1011.11
5.15.0-1014.14
5.15.0-1015.15
5.15.0-1016.16
5.15.0-1019.19
5.15.0-1020.20
5.15.0-1021.21
5.15.0-1022.22
5.15.0-1024.25
5.15.0-1025.28
5.15.0-1028.31
5.15.0-1029.32
5.15.0-1030.33
5.15.0-1032.35
5.15.0-1033.36
5.15.0-1034.37
5.15.0-1036.39
5.15.0-1037.40
5.15.0-1038.41
5.15.0-1039.42
5.15.0-1040.45
5.15.0-1041.46
5.15.0-1042.47
5.15.0-1043.48
5.15.0-1044.49
5.15.0-1045.50
5.15.0-1046.52
5.15.0-1048.54
5.15.0-1049.55
5.15.0-1050.56
5.15.0-1051.57
5.15.0-1052.58
5.15.0-1053.59
5.15.0-1054.60
5.15.0-1055.62
5.15.0-1056.63
5.15.0-1057.64
5.15.0-1058.66
5.15.0-1061.69
5.15.0-1062.70
5.15.0-1063.71
5.15.0-1064.72
5.15.0-1065.73
5.15.0-1066.74
5.15.0-1067.75
5.15.0-1068.76
5.15.0-1069.77
5.15.0-1070.78
5.15.0-1071.79
5.15.0-1072.80
5.15.0-1073.81
5.15.0-1074.82
5.15.0-1075.83
5.15.0-1076.84
5.15.0-1077.85
5.15.0-1078.86
5.15.0-1079.87
5.15.0-1080.88
5.15.0-1081.89
5.15.0-1082.91
5.15.0-1083.92
5.15.0-1084.93
5.15.0-1085.94
5.15.0-1086.95
5.15.0-1087.96
5.15.0-1088.97
5.15.0-1089.98
5.15.0-1090.99
5.15.0-1091.100
5.15.0-1092.101
5.15.0-1093.102
5.15.0-1094.103

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-buildinfo-5.15.0-1095-realtime"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-cloud-tools-5.15.0-1095-realtime"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-headers-5.15.0-1095-realtime"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-image-unsigned-5.15.0-1095-realtime"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-modules-5.15.0-1095-realtime"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-modules-extra-5.15.0-1095-realtime"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-modules-iwlwifi-5.15.0-1095-realtime"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-realtime-cloud-tools-5.15.0-1095"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-realtime-cloud-tools-common"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-realtime-headers-5.15.0-1095"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-realtime-tools-5.15.0-1095"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-realtime-tools-common"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-realtime-tools-host"
        },
        {
            "binary_version": "5.15.0-1095.104",
            "binary_name": "linux-tools-5.15.0-1095-realtime"
        }
    ]
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:Pro:22.04:LTS:Realtime:Kernel",
    "cves": [
        {
            "id": "CVE-2025-40300",
            "severity": [
                {
                    "score": "high",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}