INFSA-2025:11855: kernel security update
Information about definition
Identificator: INFSA-2025:11855
Type: security
Release date: 2025-10-14 17:39:54 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2025-22091
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix page_size variable overflow.
- CVE-2025-22121
In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all().
- CVE-2025-37797
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling.
- CVE-2025-38110
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access.
- CVE-2025-38088
A denial-of-service vulnerability has been identified in the Linux kernel, stemming from an out-of-bounds overflow. This flaw occurs when the requested memory mapping region size exceeds the allocated region size. An attacker can exploit this by crafting a specially designed file, which, when processed by the kernel, could trigger an overflow. This leads to a system crash, impacting the availability of the affected system.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-22091
|
no information | 7.0 | no information |
|
NIST — CVE-2025-22121
|
no information | 7.1 | no information |
|
NIST — CVE-2025-37797
|
no information | 7.0 | no information |
|
NIST — CVE-2025-38088
|
no information | 7.0 | no information |
|
NIST — CVE-2025-38110
|
no information | 6.0 | no information |
Updated packages
Preparing to download...