USN-8098-8

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - GPIO subsystem; - GPU drivers; - BTRFS file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - SMC sockets; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215)

References

Affected packages

Ubuntu:Pro:FIPS-updates:20.04:LTS / linux-azure-fips

Package

Name: linux-azure-fips
Purl: pkg:deb/ubuntu/linux-azure-fips@5.4.0-1160.166+fips1?arch=source&distro=fips-updates/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.0-1160.166+fips1

Affected versions

5.*

5.4.0-1022.22+fips1

5.4.0-1073.76+fips1

5.4.0-1074.77+fips1

5.4.0-1076.79+fips1

5.4.0-1078.81+fips1

5.4.0-1080.83+fips1

5.4.0-1083.87+fips1

5.4.0-1085.90+fips1

5.4.0-1086.91+fips1

5.4.0-1089.94+fips1

5.4.0-1090.95+fips1

5.4.0-1091.96+fips1

5.4.0-1094.100+fips1

5.4.0-1095.101+fips1

5.4.0-1098.104+fips1

5.4.0-1100.106+fips1

5.4.0-1101.107+fips1

5.4.0-1103.109+fips1

5.4.0-1104.110+fips1

5.4.0-1105.111+fips1

5.4.0-1106.112+fips1

5.4.0-1107.113+fips1

5.4.0-1108.114+fips1

5.4.0-1109.115+fips1

5.4.0-1110.116+fips1

5.4.0-1111.117+fips1

5.4.0-1112.118+fips1

5.4.0-1113.119+fips1

5.4.0-1114.120+fips1

5.4.0-1115.122+fips1

5.4.0-1116.123+fips1

5.4.0-1117.124+fips1

5.4.0-1118.125+fips1

5.4.0-1119.126+fips1

5.4.0-1121.128+fips1

5.4.0-1122.129+fips1

5.4.0-1123.130+fips1

5.4.0-1124.131+fips1

5.4.0-1126.133+fips1

5.4.0-1127.134+fips1

5.4.0-1128.135+fips1

5.4.0-1129.136+fips1

5.4.0-1130.137+fips1

5.4.0-1131.138+fips1

5.4.0-1132.139+fips1

5.4.0-1133.140+fips1

5.4.0-1134.141+fips1

5.4.0-1135.142+fips1

5.4.0-1136.143+fips1

5.4.0-1137.144+fips1

5.4.0-1138.145+fips1

5.4.0-1139.146+fips1

5.4.0-1140.147+fips1

5.4.0-1142.149+fips1

5.4.0-1143.150+fips1

5.4.0-1145.152+fips1

5.4.0-1147.154+fips1

5.4.0-1148.156+fips1

5.4.0-1149.157+fips1

5.4.0-1151.158+fips1

5.4.0-1152.159+fips1

5.4.0-1153.160+fips1

5.4.0-1154.161+fips1

5.4.0-1155.162+fips1

5.4.0-1157.164+fips1

5.4.0-1158.165+fips1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "linux-azure-fips-cloud-tools-5.4.0-1160",
            "binary_version": "5.4.0-1160.166+fips1"
        },
        {
            "binary_name": "linux-azure-fips-headers-5.4.0-1160",
            "binary_version": "5.4.0-1160.166+fips1"
        },
        {
            "binary_name": "linux-azure-fips-tools-5.4.0-1160",
            "binary_version": "5.4.0-1160.166+fips1"
        },
        {
            "binary_name": "linux-buildinfo-5.4.0-1160-azure-fips",
            "binary_version": "5.4.0-1160.166+fips1"
        },
        {
            "binary_name": "linux-cloud-tools-5.4.0-1160-azure-fips",
            "binary_version": "5.4.0-1160.166+fips1"
        },
        {
            "binary_name": "linux-headers-5.4.0-1160-azure-fips",
            "binary_version": "5.4.0-1160.166+fips1"
        },
        {
            "binary_name": "linux-image-unsigned-5.4.0-1160-azure-fips",
            "binary_version": "5.4.0-1160.166+fips1"
        },
        {
            "binary_name": "linux-image-unsigned-hmac-5.4.0-1160-azure-fips",
            "binary_version": "5.4.0-1160.166+fips1"
        },
        {
            "binary_name": "linux-modules-5.4.0-1160-azure-fips",
            "binary_version": "5.4.0-1160.166+fips1"
        },
        {
            "binary_name": "linux-modules-extra-5.4.0-1160-azure-fips",
            "binary_version": "5.4.0-1160.166+fips1"
        },
        {
            "binary_name": "linux-tools-5.4.0-1160-azure-fips",
            "binary_version": "5.4.0-1160.166+fips1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Database specific

cves_map

{
    "cves": [
        {
            "id": "CVE-2021-47599",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-48875",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-49072",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2022-49267",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-49927",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-56640",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "high",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2025-21780",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "high",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2025-40215",
            "severity": [
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:Pro:FIPS-updates:20.04:LTS"
}

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8098-8.json"