INFSA-2025:16354: kernel security update
Information about definition
Identificator: INFSA-2025:16354
Type: security
Release date: 2025-10-14 17:49:57 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2025-37810
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length.
- CVE-2025-38566
A remotely reachable flaw in the SUNRPC NFS-over-TLS server could allow a client to trigger a kernel crash by sending a crafted TLS alert. The issue lies in how the kernel processes TLS control messages, which can lead to use-after-free or invalid memory accesses during alert handling.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-37810
|
no information | 7.1 | no information |
|
NIST — CVE-2025-38566
|
no information | 7.5 | no information |
Updated packages
Preparing to download...