INFSA-2025:12527: virt:rhel and virt-devel:rhel security update
Information about definition
Identificator: INFSA-2025:12527
Type: security
Release date: 2025-08-13 13:39:48 UTC
Information about package
Kernel-based Virtual Machine (KVM) offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the virtualized systems.
Vulnerabilities description
- CVE-2025-49133
A flaw was found in libtpms. A heap buffer overflow can occur in the tpms_parse_pssh function when parsing a malformed Public Signature Key Exchange (PSK) structure. A local attacker can trigger this overflow by providing a crafted PSK structure to the library. This can lead to a denial of service or allow for arbitrary code execution.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-49133
|
no information | 5.9 | no information |
Updated packages