INFSA-2025:18281: kernel security update

Information about definition

Identificator: INFSA-2025:18281

Type: security

Release date: 2025-10-31 14:19:47 UTC

Information about package

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Vulnerabilities description

  • CVE-2022-50087

    In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails.

  • CVE-2025-22026

    In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register().

  • CVE-2025-38566

    A remotely reachable flaw in the SUNRPC NFS-over-TLS server could allow a client to trigger a kernel crash by sending a crafted TLS alert. The issue lies in how the kernel processes TLS control messages, which can lead to use-after-free or invalid memory accesses during alert handling.

  • CVE-2025-38571

    In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts.

  • CVE-2025-39817

    In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare.

  • CVE-2025-39841

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path.

  • CVE-2025-39849

    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result().

Severity level

CVE Score CVSS 2.0 Score CVSS 3.x Score CVSS 4.0
no information 7.0 no information
no information 7.1 no information
no information 7.5 no information
no information 7.5 no information
no information 7.0 no information
no information 7.0 no information
no information 7.5 no information
Critical, important, moderate, low

Updated packages

loader icon Preparing to download...
Architecture: Download