INFSA-2025:19932: kernel-rt security update
Information about definition
Identificator: INFSA-2025:19932
Type: security
Release date: 2025-12-07 22:20:59 UTC
Information about package
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Vulnerabilities description
- CVE-2022-50367
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy.
- CVE-2023-53178
This vulnerability is a race condition in the zswap writeback path that can lead to memory corruption when a swap slot is reused while a writeback is still in progress. A local unprivileged user can potentially trigger this issue by applying heavy memory pressure and causing frequent zswap evictions. While exploitation for data leakage or privilege escalation is unlikely, the flaw can result in data integrity issues or system instability under specific conditions.
- CVE-2025-40300
Linux Kernel could allow a local attacker to obtain secrets from a hypervisor in a cloud environment, caused by a flaw in the handling of the branch target buffer (BTB) entries. This vulnerability is known as VMSCAPE.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2022-50367
|
no information | 7.0 | no information |
|
NIST — CVE-2023-53178
|
no information | 7.3 | no information |
|
NIST — CVE-2025-40300
|
no information | 6.5 | no information |
Updated packages
Preparing to download...