Historically, Ubuntu has backported security-critical kernel fixes promptly once identified and merged upstream, especially when there is a confirmed security impact such as information disclosure.
questing is still supported and will likely receive a fix when a CVE is assigned. The kernel team will be notified as I mark this public ** Information type changed from Private Security to Public Security ** CVE added: https://cve.org/CVERecord?id=CVE-2025-38403 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2119601 Title: Backport Request: vmw_vsock_vmci_transport (Version: 1.0.5.0-k) to Ubuntu 25.10 Status in linux package in Ubuntu: New Bug description: Hello Ubuntu team, The current vmw_vsock_vmci_transport driver in older kernels may contain an information disclosure vulnerability due to the usage of an uninitialized memory in vSockets. Fix Commit(s): Commit Id:- 223e2288f4b8 Description:- Fix vsock/vmci: Clear the vmci transport packet properly when initializing it Upstream version:- 6.16 Link:- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=223e2288f4b8 We respectfully request that the updates to the vmw_vsock_vmci_transport driver be backported to the next Ubuntu 25.x release, such as 25.10. These update addresses a security issue. Thank you for your support. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2119601/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
