USN-7455-2: Linux kernel (FIPS) vulnerabilities

Releases

• Ubuntu 22.04 LTS

Packages

• linux-aws-fips - Linux kernel for Amazon Web Services (AWS) systems with FIPS
• linux-fips - Linux kernel with FIPS
• linux-gcp-fips - Linux kernel for Google Cloud Platform (GCP) systems with FIPS

Details

Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

• Network drivers;
• File systems infrastructure;
• NTFS3 file system;
• Ethernet bridge;
• Ethtool driver;
• IPv6 networking;
• Network traffic control;
• VMware vSockets driver;
  (CVE-2024-26837, CVE-2025-21993, CVE-2025-21702, CVE-2025-21700,
  CVE-2025-21701, CVE-2024-50248, CVE-2024-56651, CVE-2024-46826,
  CVE-2024-50256, CVE-2025-21756, CVE-2025-21703)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04

• linux-image-5.15.0-1081-gcp-fips - 5.15.0-1081.90+fips1
  Available with Ubuntu Pro
• linux-image-5.15.0-1082-aws-fips - 5.15.0-1082.89+fips1
  Available with Ubuntu Pro
• linux-image-5.15.0-138-fips - 5.15.0-138.148+fips1
  Available with Ubuntu Pro
• linux-image-aws-fips - 5.15.0.1082.78
  Available with Ubuntu Pro
• linux-image-fips - 5.15.0.138.78
  Available with Ubuntu Pro
• linux-image-gcp-fips - 5.15.0.1081.71
  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

• CVE-2024-26837
• CVE-2024-56651
• CVE-2025-21993
• CVE-2025-21702
• CVE-2024-50256
• CVE-2025-21701
• CVE-2025-21756
• CVE-2022-0995
• CVE-2024-50248
• CVE-2025-21700
• CVE-2024-46826
• CVE-2025-21703

Related notices

• USN-7455-1
• USN-7455-3
• USN-7459-1
• USN-7460-1
• USN-7379-1
• USN-7380-1
• USN-7381-1
• USN-7382-1
• USN-7379-2
• USN-7449-1
• USN-7452-1
• USN-7450-1
• USN-7451-1
• USN-7453-1
• USN-7461-1
• USN-7461-2
• USN-7462-1
• USN-7462-2
• USN-7463-1
• USN-7449-2
• USN-7445-1
• USN-7448-1
• USN-7428-1
• USN-7428-2
• USN-7429-1
• USN-7429-2
• USN-7276-1
• USN-7277-1
• USN-7310-1
• LSN-0111-1
• USN-7154-1
• USN-7155-1
• USN-7156-1
• USN-7154-2
• USN-7196-1