INFSA-2025:11456: kernel-rt security update
Information about definition
Identificator: INFSA-2025:11456
Type: security
Release date: 2025-07-25 11:09:31 UTC
Information about package
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Vulnerabilities description
- CVE-2024-50154
A use-after-free (UAF) vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket (reqsk) timers during handshake handling. This issue stems from a race condition caused by relying on timer_pending() in reqsk_queue_unlink(). This could result in the timer continuing to run after the socket (req->sk) is freed, allowing BPF programs to access invalid memory.
- CVE-2025-38086
In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-50154
|
no information | 7.0 | no information |
|
NIST — CVE-2025-38086
|
no information | 7.0 | no information |
Updated packages