INFSA-2025:9302: kernel security update
Information about definition
Identificator: INFSA-2025:9302
Type: security
Release date: 2025-07-25 10:18:30 UTC
Information about package
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Vulnerabilities description
- CVE-2025-21883
A use-after-free vulnerability was discovered in the Linux kernel's Ethernet Connection E800 Series driver, which is responsible for managing network connections. This issue occurs when an attacker with local privileges intentionally triggers this error path, causing an error to occur in the ice_ena_vfs() function, a critical part of this driver.
- CVE-2025-21919
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list.
- CVE-2025-22104
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Use kernel helpers for hex dumps.
- CVE-2025-23150
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split.
- CVE-2025-37738
A use-after-free vulnerability has been discovered in the Linux kernel, specifically within the ext4_xattr_inode_dec_ref_all function (related to the ext4 filesystem's extended attributes). An attacker could exploit this flaw by providing a specially crafted payload, leading to a denial of service condition that compromises system availability.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-21883
|
no information | 6.7 | no information |
|
NIST — CVE-2025-21919
|
no information | 7.0 | no information |
|
NIST — CVE-2025-22104
|
no information | 7.1 | no information |
|
NIST — CVE-2025-23150
|
no information | 7.1 | no information |
|
NIST — CVE-2025-37738
|
no information | 7.1 | no information |
Updated packages