CVE-2025-15480
Publication date 10 April 2026
Last updated 10 April 2026
Ubuntu priority
Description
In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| subiquity | 25.10 questing | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
Notes
rodrigo-zaiden
related to CVE-2025-14551 against subiquiity. there is no package in Ubuntu for ubuntu-desktop-provision code.