SB2025121742 - Ubuntu update for linux-azure-fips
Published: December 17, 2025 Updated: February 6, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 23 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2025-40300)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vcpu_enter_guest() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2025-40018)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ip_vs_ftp_exit() and ip_vs_ftp_init() functions in net/netfilter/ipvs/ip_vs_ftp.c. A local user can escalate privileges on the system.
3) Use-after-free (CVE-ID: CVE-2025-39993)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the display_open(), send_packet(), vfd_write(), lcd_write() and imon_disconnect() functions in drivers/media/rc/imon.c. A local user can escalate privileges on the system.
4) Input validation error (CVE-ID: CVE-2025-39964)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/crypto/if_alg.h. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2025-38666)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_RWLOCK(), __aarp_expire(), aarp_purge() and aarp_proxy_probe_network() functions in net/appletalk/aarp.c. A local user can escalate privileges on the system.
6) Race condition (CVE-ID: CVE-2025-38352)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.
Note, the vulnerability is being actively exploited in the wild against Android devices.
7) Improper locking (CVE-ID: CVE-2025-37958)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_huge_pmd_locked() and split_huge_pmd_locked() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2025-37838)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ssip_reset() function in drivers/hsi/clients/ssi_protocol.c. A local user can escalate privileges on the system.
9) Use-after-free (CVE-ID: CVE-2025-21855)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmvnic_xmit() and netif_stop_subqueue() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can escalate privileges on the system.
10) Use-after-free (CVE-ID: CVE-2025-21727)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the padata_free_shell() function in kernel/padata.c. A local user can escalate privileges on the system.
11) Use-after-free (CVE-ID: CVE-2024-56664)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sock_map_lookup_sys() function in net/core/sock_map.c. A local user can escalate privileges on the system.
12) Use-after-free (CVE-ID: CVE-2024-53218)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_do_shutdown() function in fs/f2fs/file.c. A local user can escalate privileges on the system.
13) Improper locking (CVE-ID: CVE-2024-53090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the afs_deferred_free_worker(), afs_alloc_call(), afs_put_call(), afs_wake_up_call_waiter() and afs_wake_up_async_call() functions in fs/afs/rxrpc.c. A local user can perform a denial of service (DoS) attack.
14) Infinite loop (CVE-ID: CVE-2024-50196)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ocelot_irq_handler() function in drivers/pinctrl/pinctrl-ocelot.c. A local user can perform a denial of service (DoS) attack.
15) Improper locking (CVE-ID: CVE-2024-50095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.
16) Use-after-free (CVE-ID: CVE-2024-50067)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uprobe_buffer_init(), prepare_uprobe_buffer() and __uprobe_trace_func() functions in kernel/trace/trace_uprobe.c. A local user can escalate privileges on the system.
17) Race condition (CVE-ID: CVE-2024-50061)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the cdns_i3c_master_remove() function in drivers/i3c/master/i3c-master-cdns.c. A local user can escalate privileges on the system.
18) Race condition (CVE-ID: CVE-2024-49935)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the exit_round_robin() function in drivers/acpi/acpi_pad.c. A local user can perform a denial of service (DoS) attack.
19) Use-after-free (CVE-ID: CVE-2024-47691)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_shutdown() function in fs/f2fs/super.c, within the f2fs_ioc_abort_atomic_write(), f2fs_do_shutdown() and f2fs_ioc_shutdown() functions in fs/f2fs/file.c. A local user can escalate privileges on the system.
20) Use-after-free (CVE-ID: CVE-2024-35867)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_stats_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
21) Use-after-free (CVE-ID: CVE-2023-52854)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() function in kernel/padata.c. A local user can escalate privileges on the system.
22) Use-after-free (CVE-ID: CVE-2022-49390)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macsec_dev_init() and macsec_free_netdev() functions in drivers/net/macsec.c. A local user can escalate privileges on the system.
23) Double free (CVE-ID: CVE-2022-49026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the e100_xmit_prepare() function in drivers/net/ethernet/intel/e100.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.