INFSA-2025:18318: kernel security update
Information about definition
Identificator: INFSA-2025:18318
Type: security
Release date: 2025-10-31 14:28:52 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2025-38351
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush.
- CVE-2025-38614
A local unprivileged user can trigger this issue by creating deeply nested chains of epoll file descriptors using the standard epoll_create and epoll_ctl syscalls. No special capabilities or elevated rights are required — any user with the ability to open file descriptors can exploit it. This can lead to excessive kernel stack usage and ultimately a denial of service (system crash).
- CVE-2025-38571
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts.
- CVE-2025-39817
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare.
- CVE-2025-39841
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path.
- CVE-2025-38572
In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment().
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-38351
|
no information | 7.3 | no information |
|
NIST — CVE-2025-38571
|
no information | 7.5 | no information |
|
NIST — CVE-2025-38572
|
no information | 7.4 | no information |
|
NIST — CVE-2025-38614
|
no information | 6.2 | no information |
|
NIST — CVE-2025-39817
|
no information | 7.0 | no information |
|
NIST — CVE-2025-39841
|
no information | 7.0 | no information |
Updated packages
Preparing to download...