INFSA-2025:8643: kernel security update
Information about definition
Identificator: INFSA-2025:8643
Type: security
Release date: 2025-07-07 11:12:03 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2025-21920
In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type.
- CVE-2025-21926
In the Linux kernel, the following vulnerability has been resolved: net: gso: fix ownership in __udp_gso_segment.
- CVE-2025-21997
In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem().
- CVE-2025-22055
In the Linux kernel, the following vulnerability has been resolved: net: fix geneve_opt length integer overflow struct.
- CVE-2025-37785
A flaw was found in the ext4 module in the Linux kernel. An out-of-bounds read can be triggered when a corrupted ext4 filesystem is mounted due to a missing check, resulting in a denial of service that causes the system to freeze or become unusable.
- CVE-2025-37943
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-21920
|
no information | 7.1 | no information |
|
NIST — CVE-2025-21926
|
no information | 7.0 | no information |
|
NIST — CVE-2025-21997
|
no information | 7.1 | no information |
|
NIST — CVE-2025-22055
|
no information | 7.1 | no information |
|
NIST — CVE-2025-37785
|
no information | 5.5 | no information |
|
NIST — CVE-2025-37943
|
no information | 7.0 | no information |
Updated packages