- Vulnerability/
- USN-7428-2
9/4/2025
USN-7428-2: Linux kernel (FIPS) vulnerabilities
First published: Wed Apr 09 2025(Updated: )
Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23041) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-4.15.0-1134-fips | <4.15.0-1134.145 | 4.15.0-1134.145 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-2080-gcp-fips | <4.15.0-2080.86 | 4.15.0-2080.86 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-2096-azure-fips | <4.15.0-2096.102 | 4.15.0-2096.102 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-2117-aws-fips | <4.15.0-2117.123 | 4.15.0-2117.123 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/linux-image-aws-fips | <4.15.0.2117.111 | 4.15.0.2117.111 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/linux-image-azure-fips | <4.15.0.2096.92 | 4.15.0.2096.92 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/linux-image-fips | <4.15.0.1134.131 | 4.15.0.1134.131 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/linux-image-gcp-fips | <4.15.0.2080.78 | 4.15.0.2080.78 |
| Ubuntu | =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-47101
- https://ubuntu.com/security/CVE-2022-23041
- https://ubuntu.com/security/CVE-2024-50302
- https://ubuntu.com/security/CVE-2024-49948
- https://ubuntu.com/security/CVE-2024-56595
- https://ubuntu.com/security/CVE-2024-49952
- https://ubuntu.com/security/CVE-2024-50265
- https://ubuntu.com/security/CVE-2024-50167
- https://ubuntu.com/security/CVE-2024-35960
- https://ubuntu.com/security/CVE-2025-21700
- https://ubuntu.com/security/CVE-2024-53165
- https://ubuntu.com/security/CVE-2024-56615
- https://ubuntu.com/security/CVE-2024-56658
- https://ubuntu.com/security/CVE-2024-53227
- https://ubuntu.com/security/CVE-2021-47119
- https://ubuntu.com/security/CVE-2025-21702
- https://ubuntu.com/security/CVE-2024-35973
- https://ubuntu.com/security/CVE-2024-46826
- https://ubuntu.com/security/CVE-2024-56600
- https://ubuntu.com/security/CVE-2024-26863
- https://ubuntu.com/security/notices/USN-7173-1
- https://ubuntu.com/security/notices/USN-7173-2
- https://ubuntu.com/security/notices/USN-7195-1
- https://ubuntu.com/security/notices/USN-7195-2
- https://ubuntu.com/security/notices/USN-7173-3
- https://ubuntu.com/security/notices/USN-7413-1
- https://ubuntu.com/security/notices/USN-7428-1
- https://ubuntu.com/security/notices/USN-5467-1
- https://ubuntu.com/security/notices/USN-7276-1
- https://ubuntu.com/security/notices/USN-7277-1
- https://ubuntu.com/security/notices/USN-7288-1
- https://ubuntu.com/security/notices/USN-7289-1
- https://ubuntu.com/security/notices/USN-7291-1
- https://ubuntu.com/security/notices/USN-7288-2
- https://ubuntu.com/security/notices/USN-7289-2
- https://ubuntu.com/security/notices/USN-7293-1
- https://ubuntu.com/security/notices/USN-7294-1
- https://ubuntu.com/security/notices/USN-7295-1
- https://ubuntu.com/security/notices/USN-7289-3
- https://ubuntu.com/security/notices/USN-7305-1
- https://ubuntu.com/security/notices/USN-7289-4
- https://ubuntu.com/security/notices/USN-7308-1
- https://ubuntu.com/security/notices/USN-7294-2
- https://ubuntu.com/security/notices/USN-7294-3
- https://ubuntu.com/security/notices/USN-7310-1
- https://ubuntu.com/security/notices/USN-7294-4
- https://ubuntu.com/security/notices/USN-7331-1
- https://ubuntu.com/security/notices/USN-7388-1
- https://ubuntu.com/security/notices/USN-7389-1
- https://ubuntu.com/security/notices/USN-7390-1
- https://ubuntu.com/security/notices/USN-7393-1
- https://ubuntu.com/security/notices/USN-7401-1
- https://ubuntu.com/security/notices/USN-7402-1
- https://ubuntu.com/security/notices/USN-7402-2
- https://ubuntu.com/security/notices/USN-7403-1
- https://ubuntu.com/security/notices/USN-7402-3
- https://ubuntu.com/security/notices/USN-7402-4
- https://ubuntu.com/security/notices/USN-7429-1
- https://ubuntu.com/security/notices/USN-7429-2
- https://ubuntu.com/security/notices/LSN-0111-1
- https://ubuntu.com/security/notices/USN-7402-5
- https://ubuntu.com/security/notices/USN-7451-1
- https://ubuntu.com/security/notices/USN-7458-1
- https://ubuntu.com/security/notices/USN-7166-1
- https://ubuntu.com/security/notices/USN-7166-2
- https://ubuntu.com/security/notices/USN-7166-3
- https://ubuntu.com/security/notices/USN-7186-1
- https://ubuntu.com/security/notices/USN-7186-2
- https://ubuntu.com/security/notices/USN-7194-1
- https://ubuntu.com/security/notices/USN-7166-4
- https://ubuntu.com/security/notices/USN-7301-1
- https://ubuntu.com/security/notices/USN-7303-1
- https://ubuntu.com/security/notices/USN-7304-1
- https://ubuntu.com/security/notices/USN-7303-2
- https://ubuntu.com/security/notices/USN-7311-1
- https://ubuntu.com/security/notices/USN-7303-3
- https://ubuntu.com/security/notices/USN-7384-1
- https://ubuntu.com/security/notices/USN-7385-1
- https://ubuntu.com/security/notices/USN-7386-1
- https://ubuntu.com/security/notices/USN-7384-2
- https://ubuntu.com/security/notices/USN-7379-1
- https://ubuntu.com/security/notices/USN-7380-1
- https://ubuntu.com/security/notices/USN-7381-1
- https://ubuntu.com/security/notices/USN-7382-1
- https://ubuntu.com/security/notices/USN-7387-1
- https://ubuntu.com/security/notices/USN-7387-2
- https://ubuntu.com/security/notices/USN-7387-3
- https://ubuntu.com/security/notices/USN-7391-1
- https://ubuntu.com/security/notices/USN-7392-1
- https://ubuntu.com/security/notices/USN-7392-2
- https://ubuntu.com/security/notices/USN-7392-4
- https://ubuntu.com/security/notices/USN-7392-3
- https://ubuntu.com/security/notices/USN-7379-2
- https://ubuntu.com/security/notices/USN-7407-1
- https://ubuntu.com/security/notices/USN-7415-1
- https://ubuntu.com/security/notices/USN-7421-1
- https://ubuntu.com/security/notices/USN-7459-1
- https://ubuntu.com/security/notices/USN-7463-1
- https://ubuntu.com/security/notices/USN-7449-1
- https://ubuntu.com/security/notices/USN-7450-1
- https://ubuntu.com/security/notices/USN-7452-1
- https://ubuntu.com/security/notices/USN-7453-1
- https://ubuntu.com/security/notices/USN-7449-2
- https://ubuntu.com/security/notices/USN-6893-1
- https://ubuntu.com/security/notices/USN-6896-1
- https://ubuntu.com/security/notices/USN-6898-1
- https://ubuntu.com/security/notices/USN-6893-2
- https://ubuntu.com/security/notices/USN-6896-2
- https://ubuntu.com/security/notices/USN-6898-2
- https://ubuntu.com/security/notices/USN-6896-3
- https://ubuntu.com/security/notices/USN-6898-3
- https://ubuntu.com/security/notices/USN-6896-4
- https://ubuntu.com/security/notices/USN-6896-5
- https://ubuntu.com/security/notices/USN-6893-3
- https://ubuntu.com/security/notices/USN-6898-4
- https://ubuntu.com/security/notices/USN-6917-1
- https://ubuntu.com/security/notices/USN-6918-1
- https://ubuntu.com/security/notices/USN-6919-1
- https://ubuntu.com/security/notices/USN-6927-1
- https://ubuntu.com/security/notices/USN-7019-1
- https://ubuntu.com/security/notices/USN-7445-1
- https://ubuntu.com/security/notices/USN-7448-1
- https://ubuntu.com/security/notices/USN-7455-1
- https://ubuntu.com/security/notices/USN-7455-2
- https://ubuntu.com/security/notices/USN-7455-3
- https://ubuntu.com/security/notices/USN-7460-1
- https://ubuntu.com/security/notices/USN-7461-1
- https://ubuntu.com/security/notices/USN-7461-2
- https://ubuntu.com/security/notices/USN-7462-1
- https://ubuntu.com/security/notices/USN-7462-2
- https://ubuntu.com/security/notices/USN-7455-4
- https://ubuntu.com/security/notices/USN-7383-1
- https://ubuntu.com/security/notices/USN-7383-2
- https://ubuntu.com/security/notices/USN-7322-1
- https://ubuntu.com/security/notices/USN-7323-1
- https://ubuntu.com/security/notices/USN-7323-2
- https://ubuntu.com/security/notices/USN-7406-1
- https://ubuntu.com/security/notices/USN-7406-2
- https://ubuntu.com/security/notices/USN-7406-3
- https://ubuntu.com/security/notices/USN-7408-1
- https://ubuntu.com/security/notices/USN-7408-2
- https://ubuntu.com/security/notices/USN-7406-4
- https://ubuntu.com/security/notices/USN-7406-5
- https://ubuntu.com/security/notices/USN-7408-3
- https://ubuntu.com/security/notices/USN-7408-4
- https://ubuntu.com/security/notices/USN-7420-1
- https://ubuntu.com/security/notices/USN-7406-6
- https://ubuntu.com/security/notices/USN-7154-1
- https://ubuntu.com/security/notices/USN-7155-1
- https://ubuntu.com/security/notices/USN-7156-1
- https://ubuntu.com/security/notices/USN-7154-2
- https://ubuntu.com/security/notices/USN-7196-1
- https://ubuntu.com/security/notices/USN-6816-1
- https://ubuntu.com/security/notices/USN-6817-1
- https://ubuntu.com/security/notices/USN-6820-1
- https://ubuntu.com/security/notices/USN-6821-1
- https://ubuntu.com/security/notices/USN-6821-2
- https://ubuntu.com/security/notices/USN-6817-2
- https://ubuntu.com/security/notices/USN-6820-2
- https://ubuntu.com/security/notices/USN-6828-1
- https://ubuntu.com/security/notices/USN-6821-3
- https://ubuntu.com/security/notices/USN-6821-4
- https://ubuntu.com/security/notices/USN-6817-3
- https://ubuntu.com/security/notices/USN-6871-1
- https://ubuntu.com/security/notices/USN-6878-1
- https://ubuntu.com/security/notices/USN-6892-1
- https://ubuntu.com/security/notices/USN-7428-2 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-7428-2?
USN-7428-2 is classified as a high severity vulnerability due to its potential for unauthorized access to memory pages of guest VMs.
How do I fix USN-7428-2?
To mitigate USN-7428-2, you should update to the recommended kernel version 4.15.0-1134.145 or higher on affected Ubuntu 18.04 systems.
What specific systems are affected by USN-7428-2?
USN-7428-2 affects various Ubuntu 18.04 systems running certain Xen para-virtualization device frontends.
What are the possible impacts of USN-7428-2?
An attacker exploiting USN-7428-2 could gain access to sensitive memory of a guest VM or cause a denial of service.
Who discovered USN-7428-2?
USN-7428-2 was discovered by security researchers Demi Marie Obenour and Simon Gaiser.
- agent/source
- agent/title
- agent/last-modified-date
- agent/type
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/references
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/18.04