INFSA-2025:13961: kernel-rt security update
Information about definition
Identificator: INFSA-2025:13961
Type: security
Release date: 2025-08-27 16:27:33 UTC
Information about package
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Vulnerabilities description
- CVE-2025-38250
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush().
- CVE-2025-22097
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error. If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it.
- CVE-2025-37914
A use-after-free vulnerability was found in the Linux kernel’s netem qdisc. This issue occurs when it incorrectly manages duplicated packets in classful parent qdiscs. This leads to a corrupted internal state and eventual dereferencing of freed memory, resulting in unpredictable behavior, system instability, or a crash.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-22097
|
no information | 6.7 | no information |
|
NIST — CVE-2025-37914
|
no information | 7.0 | no information |
|
NIST — CVE-2025-38250
|
no information | 7.3 | no information |
Updated packages