LSN-0118-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF fo...

SUSE-SU-2026:20635-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: - CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel bsc1249205. - CVE-2025-39698: iouring/futex: ensure iofutexwait...

SUSE-SU-2026:20644-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: - CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel bsc1249205. - CVE-2025-39698: iouring/futex: ensure iofutexwait...

MiracleLinux 9 : kernel-5.14.0-570.49.1.el9_6 (AXSA:2025-10930:74)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10930:74 advisory. kernel: netfilter: nfconntrack: fix crash due to removal of uninitialised entry CVE-2025-38472 kernel: smb: client: fix use-after-free in...

Oracle Linux 10 : ELSA-2025-20095-0: / kernel (ELSA-2025-200950)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-200950 advisory. - selftests: tls: add tests for zero-length records CKI Backport Bot RHEL-114328 CVE-2025-39682 - tls: fix handling of zero-length records on the...

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20719)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20719 advisory. - iouring/futex: ensure iofutexwait cleans up properly on failure Jens Axboe Orabug: 38572958 CVE-2025-39698 - fs: writeback: fix use-after-free ...

RLSA-2025:16880 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: nfconntrack: fix crash due to removal of uninitialised entry CVE-2025-38472 kernel: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 kernel: sctp: linearize...

AlmaLinux 10 : kernel (ALSA-2025:16904)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:16904 advisory. kernel: fs: export anoninodemakesecureinode and fix secretmem LSM bypass CVE-2025-38396 kernel: smb: client: fix use-after-free in cifsoplockbreak...

RLSA-2025:16904 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: fs: export anoninodemakesecureinode and fix secretmem LSM bypass CVE-2025-38396 kernel: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 kernel: cifs: Fix the smbdrespons...

Oracle Linux 9 : kernel (ELSA-2025-16880)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-16880 advisory. - iouring/futex: ensure iofutexwait cleans up properly on failure CKI Backport Bot RHEL-114335 CVE-2025-39698 - selftests: tls: add tests for...

kernel: io_uring/futex: ensure io_futex_wait() cleans up properly on failure

In the Linux kernel, the following vulnerability has been resolved: iouring/futex: ensure iofutexwait cleans up properly on failure The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the request isn't marked with REQFASYNCDATA at that point. Those two should...

RHEL 10 : kernel (RHSA-2025:16904)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:16904 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: fs: export...

ALSA-2025:16904 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: fs: export anoninodemakesecureinode and fix secretmem LSM bypass CVE-2025-38396 kernel: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 kernel: cifs: Fix the smbdrespons...

Linux Distros Unpatched Vulnerability : CVE-2025-39698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/futex: ensure iofutexwait cleans up properly on failure The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the reques...

UBUNTU-CVE-2025-39698

In the Linux kernel, the following vulnerability has been resolved: iouring/futex: ensure iofutexwait cleans up properly on failure The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the request isn't marked with REQFASYNCDATA at that point. Those two should...

CVE-2025-39698 io_uring/futex: ensure io_futex_wait() cleans up properly on failure

In the Linux kernel, the following vulnerability has been resolved: iouring/futex: ensure iofutexwait cleans up properly on failure The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the request isn't marked with REQFASYNCDATA at that point. Those two should...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the iouring/futex module not being properly cleaned up when iofutexwait fails...