Oracle Linux 10 : ELSA-2025-20095-0: / kernel (ELSA-2025-200950)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-200950 advisory. - selftests: tls: add tests for zero-length records CKI Backport Bot RHEL-114328 CVE-2025-39682 - tls: fix handling of zero-length records on the...

SUSE-SU-2025:21093-1 Security update for kernel-livepatch-MICRO-6-0_Update_4

This update for kernel-livepatch-MICRO-6-0Update4 fixes the following issues: - CVE-2025-23145: mptcp: fix NULL pointer in canacceptnewsubflow bsc1242882 - CVE-2024-53141: netfilter: ipset: add missing range check in bitmapipuadt bsc1245778 - CVE-2025-38500: xfrm: interface: fix use-after-free...

SUSE-SU-2025:4265-1 Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.47 fixes various security issues The following security issues were fixed: - CVE-2025-23145: mptcp: fix NULL pointer in canacceptnewsubflow bsc1242882. - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collectmd...

xfrm: interface: fix use-after-free after changing collect_md xfrm interface

...

CVE-2025-38500

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...