INFSA-2025:11411: kernel security update
Information about definition
Identificator: INFSA-2025:11411
Type: security
Release date: 2025-07-25 11:05:54 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2024-58002
A dangling pointer vulnerability was found in the Linux kernel. When an async control is written, a copy of a pointer is made in the file handle that started the operation. If the user closes that file descriptor, its structure will be freed and there will be one dangling pointer per pending async control that the driver will try to use, leading to denial of service of the system.
- CVE-2025-38089
A flaw was found in the Linux kernel, where a specially crafted RPC packet could cause data corruption or trigger a system panic. This flaw allows a remote attacker who can make RPC calls to send an intentionally malformed packet, potentially compromising system integrity or causing a denial of service (DoS).
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-58002
|
no information | 7.0 | no information |
|
NIST — CVE-2025-38089
|
no information | 7.1 | no information |
Updated packages