INFSA-2025:15661: kernel security update
Information about definition
Identificator: INFSA-2025:15661
Type: security
Release date: 2025-09-19 16:04:12 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2025-22097
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error. If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it.
- CVE-2025-38332
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version.
- CVE-2025-38352
A race condition was found in the Linux kernel’s POSIX CPU timer handling, where handle_posix_cpu_timers() may run concurrently with posix_cpu_timer_del() on an exiting task which could result in use-after-free scenarios. An attacker with local user access could use this flaw to crash or escalate their privileges on a system.
- CVE-2025-38449
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-22097
|
no information | 6.7 | no information |
|
NIST — CVE-2025-38332
|
no information | 7.0 | no information |
|
NIST — CVE-2025-38352
|
no information | 7.8 | no information |
|
NIST — CVE-2025-38449
|
no information | 7.3 | no information |
Updated packages
Preparing to download...