INFSA-2025:19409: kernel security update
Information about definition
Identificator: INFSA-2025:19409
Type: security
Release date: 2025-11-11 15:33:04 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2022-50367
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy.
- CVE-2023-53494
A use-after-free in the XTS skcipher template where -EBUSY from the crypto backend (with MAY_BACKLOG) was not treated like -EINPROGRESS, causing request data to be freed while still referenced. Impact is kernel memory corruption (high integrity/availability impact).
- CVE-2025-39702
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by timing attack in MAC comparison.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2022-50367
|
no information | 7.0 | no information |
|
NIST — CVE-2023-53494
|
no information | 7.8 | no information |
|
NIST — CVE-2025-39702
|
no information | 7.1 | no information |
Updated packages
Preparing to download...