SB2025111941 - Ubuntu update for linux-aws-fips

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025111941

SB2025111941 - Ubuntu update for linux-aws-fips

Published: November 19, 2025 Updated: February 6, 2026

Security Bulletin ID SB2025111941
Severity
High
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

High 13% Low 88%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2025-40300)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vcpu_enter_guest() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.


2) Race condition (CVE-ID: CVE-2025-38352)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.

Note, the vulnerability is being actively exploited in the wild against Android devices.


3) Use-after-free (CVE-ID: CVE-2025-37838)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ssip_reset() function in drivers/hsi/clients/ssi_protocol.c. A local user can escalate privileges on the system.


4) Use-after-free (CVE-ID: CVE-2025-21727)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the padata_free_shell() function in kernel/padata.c. A local user can escalate privileges on the system.


5) Use-after-free (CVE-ID: CVE-2024-56664)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sock_map_lookup_sys() function in net/core/sock_map.c. A local user can escalate privileges on the system.


6) Race condition (CVE-ID: CVE-2024-50061)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the cdns_i3c_master_remove() function in drivers/i3c/master/i3c-master-cdns.c. A local user can escalate privileges on the system.


7) Use-after-free (CVE-ID: CVE-2024-35867)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cifs_stats_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.


8) Use-after-free (CVE-ID: CVE-2023-52854)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() function in kernel/padata.c. A local user can escalate privileges on the system.


Remediation

Install update from vendor's website.

References