INFSA-2025:15005: kernel security update
Information about definition
Identificator: INFSA-2025:15005
Type: security
Release date: 2025-10-14 17:53:55 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2025-22058
A memory overflow vulnerability exists within the Linux kernel's networking subsystem. Specifically, an application can set the SO_RCVBUF socket option to its maximum value (INT_MAX), which triggers an integer overflow within the udp_rmem_release() function during socket closure. The udp_destruct_common() purges its receive queue and sums up skb->truesize in the queue. This total is calculated and stored in a local unsigned integer variable. The total size is then passed to udp_rmem_release() to adjust memory accounting. Due to the function taking a signed integer argument, the total size can wrap around, causing a memory overflow condition, potentially leading to system instability.
- CVE-2025-37823
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too.
- CVE-2025-38211
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction.
- CVE-2025-38461
In the Linux kernel, the following vulnerability has been resolved: vsock: Transport assignment may race with module unload.
- CVE-2025-38464
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close().
- CVE-2025-38472
The vulnerability in nf_conntrack can be triggered by an unprivileged user under typical configurations where user and network namespaces are available (e.g., via unshare or CLONE_NEWNET). This enables the user to initiate Netfilter-based networking operations (such as NAT or connection tracking) even if the system had no prior active conntrack entries. Since exploitation does not require elevated privileges beyond what is granted in the default namespace setup with CAP_NET_RAW or similar, the Privileges Required (PR) is assessed as Low. The primary attack vector is remote-triggered packets from user-controlled namespaces that cause conntrack allocation and destruction races, leading to a potential kernel panic.
- CVE-2025-38220
In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-22058
|
no information | 7.1 | no information |
|
NIST — CVE-2025-37823
|
no information | 7.1 | no information |
|
NIST — CVE-2025-38211
|
no information | 7.3 | no information |
|
NIST — CVE-2025-38220
|
no information | 7.0 | no information |
|
NIST — CVE-2025-38461
|
no information | 7.3 | no information |
|
NIST — CVE-2025-38464
|
no information | 7.3 | no information |
|
NIST — CVE-2025-38472
|
no information | 7.1 | no information |
Updated packages
Preparing to download...