INFSA-2025:19106: kernel security update
Information about definition
Identificator: INFSA-2025:19106
Type: security
Release date: 2025-11-05 16:36:22 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2025-39730
A flaw out of boundary read in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system.
- CVE-2025-39849
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result().
- CVE-2025-39751
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control.
- CVE-2025-39718
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put().
- CVE-2025-39697
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write.
- CVE-2025-39727
Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a buffer overflow in the setup_clusters() function.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-39697
|
no information | 7.5 | no information |
|
NIST — CVE-2025-39718
|
no information | 7.6 | no information |
|
NIST — CVE-2025-39727
|
no information | 7.3 | no information |
|
NIST — CVE-2025-39730
|
no information | 7.5 | no information |
|
NIST — CVE-2025-39751
|
no information | 7.0 | no information |
|
NIST — CVE-2025-39849
|
no information | 7.5 | no information |
Updated packages
Preparing to download...