CVE-2025-38498 do_change_type(): refuse to operate on unmounted/not ours mounts

In the Linux kernel, the following vulnerability has been resolved: dochangetype: refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount2...

RockyLinux 8 : kernel (RLSA-2025:3893)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:3893 advisory. kernel: xen: Xen hypercall page unsafe against speculative attacks Xen Security Advisory 466 CVE-2024-53241 kernel: ALSA: usb-audio: Fix out of bounds...

Oracle Linux 9 : kernel (ELSA-2025-11861)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-11861 advisory. - netsched: hfsc: Fix a UAF vulnerability in class handling Davide Caratti RHEL-95853 CVE-2025-37797 - ext4: fix out-of-bound read in...

CVE-2025-43189

This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to read kernel memory...

USN-7671-2 linux-azure, linux-azure-5.4, linux-azure-fips, linux-raspi, linux-raspi-5.4 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ACPI drivers; - GPU drivers; - SMB network file system; - Memory management; - Netfilter; - Network traffic control...

RLSA-2025:4341 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: kobjectuevent: Fix OOB access within zapmodaliasenv CVE-2024-42292 kernel: ipvs: properly dereference pe in ipvsaddservice CVE-2024-42322 kernel: bonding: fix null pointer deref in...

RLSA-2025:11456 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: tcp/dccp: Don't use timerpending in reqskqueueunlink. CVE-2024-50154 kernel: net: ch9200: fix uninitialised access during...

RLSA-2025:8056 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/mlx5: Always stop health timer during driver removal CVE-2024-40906 kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink CVE-2024-44970 kernel: vsock: Keep the binding until...

RLSA-2025:8246 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: wifi: rtw89: Fix array index mistake in rtw89stainfogetiter CVE-2024-43842 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

kernel security update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

RLSA-2025:8743 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: um: Fix out-of-bounds read in LDT setup CVE-2022-49395 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refe...

RLSA-2025:3893 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: xen: Xen hypercall page unsafe against speculative attacks Xen Security Advisory 466 CVE-2024-53241 kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources...

kernel security update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

RLSA-2025:2473 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: HID: core: zero-initialize the report buffer CVE-2024-50302 kernel: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices CVE-2024-53197 kernel: scsi:...

RLSA-2025:9580 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: cifs: fix double free race when mount fails in cifsgetroot CVE-2022-48919 kernel: security/keys: fix slab-out-of-bounds in keytaskpermission CVE-2024-50301 kernel: idpf: fix idpfvccoreini...

RLSA-2025:11455 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tcp/dccp: Don't use timerpending in reqskqueueunlink. CVE-2024-50154 kernel: net: ch9200: fix uninitialised access during miinwayrestart CVE-2025-38086 For more details about the security...

kernel security update

5.14.0-570.30.1.0.16.OL9 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys lis...

CVE-2025-38488

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

CVE-2025-38476

In the Linux kernel, the following vulnerability has been resolved: rpl: Fix use-after-free in rpldosrhinline. Running lwtdstcacherefloop.sh in selftest with KASAN triggers the splat below 0. rpldosrhinline fetches ipv6hdrskb and accesses it after skbcowhead, which is illegal as the header could ...

CVE-2025-38492 netfs: Fix race between cache write completion and ALL_QUEUED being set

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALLQUEUED being set When netfslib is issuing subrequests, the subrequests start processing immediately and may complete before we reach the end of the issuing function. At the en...