INFSA-2025:8057: kernel-rt security update
Information about definition
Identificator: INFSA-2025:8057
Type: security
Release date: 2025-06-09 06:23:33 UTC
Information about package
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Vulnerabilities description
- CVE-2024-40906
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always stop health timer during driver removal.
- CVE-2024-44970
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink.
- CVE-2025-21756
A flaw was found in the Linux kernel's VMware network driver, where an improperly timed socket unbinding could result in a use-after-free issue. This flaw allows an attacker who can create and destroy arbitrary connections on virtual connections to read or modify system memory, potentially leading to an escalation of privileges or the compromise of sensitive data.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-40906
|
no information | 7.3 | no information |
|
NIST — CVE-2024-44970
|
no information | 7.1 | no information |
|
NIST — CVE-2025-21756
|
no information | 7.8 | no information |
Updated packages