INFSA-2025:11428: kernel security update
Information about definition
Identificator: INFSA-2025:11428
Type: security
Release date: 2025-10-14 17:34:00 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2024-57980
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path.
- CVE-2024-58002
A dangling pointer vulnerability was found in the Linux kernel. When an async control is written, a copy of a pointer is made in the file handle that started the operation. If the user closes that file descriptor, its structure will be freed and there will be one dangling pointer per pending async control that the driver will try to use, leading to denial of service of the system.
- CVE-2025-38089
A flaw was found in the Linux kernel, where a specially crafted RPC packet could cause data corruption or trigger a system panic. This flaw allows a remote attacker who can make RPC calls to send an intentionally malformed packet, potentially compromising system integrity or causing a denial of service (DoS).
- CVE-2025-21905
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file.
- CVE-2025-37958
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-57980
|
no information | 4.7 | no information |
|
NIST — CVE-2024-58002
|
no information | 7.0 | no information |
|
NIST — CVE-2025-21905
|
no information | 6.0 | no information |
|
NIST — CVE-2025-37958
|
no information | 4.7 | no information |
|
NIST — CVE-2025-38089
|
no information | 7.1 | no information |
Updated packages
Preparing to download...