INFSA-2025:7903: kernel security update
Information about definition
Identificator: INFSA-2025:7903
Type: security
Release date: 2025-06-10 09:17:53 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2025-21756
A flaw was found in the Linux kernel's VMware network driver, where an improperly timed socket unbinding could result in a use-after-free issue. This flaw allows an attacker who can create and destroy arbitrary connections on virtual connections to read or modify system memory, potentially leading to an escalation of privileges or the compromise of sensitive data.
- CVE-2025-21966
In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature.
- CVE-2025-37749
An out-of-bounds read vulnerability exists in the ppp_sync_txmunge() function in the Linux kernel's PPP subsystem. Insufficient bounds checking on incoming PPP packets may lead to a kernel crash if a packet with an empty or truncated payload is processed.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-21756
|
no information | 7.8 | no information |
|
NIST — CVE-2025-21966
|
no information | 7.0 | no information |
|
NIST — CVE-2025-37749
|
no information | 6.1 | no information |
Updated packages