The AlmaLinux team has announced two important security updates: one for the kernel (ALSA-2025:15740) and another for Grub2 (ALSA-2025:16154).
The kernel update, applicable to AlmaLinux 9, addresses a moderate-severity vulnerability associated with IPv6 multicast, specifically a delay in the process of putting the multicast context in the function `mld_del_delrec()` (CVE-2025-38550). This update was released on September 25, 2025.
On the other hand, the Grub2 update, which impacts AlmaLinux 10, fixes several vulnerabilities, including integer overflows, use-after-free issues, and out-of-bounds writes, all of which could be exploited through malicious input. The vulnerabilities are as follows:
- An integer overflow that can lead to heap out-of-bounds read and write (CVE-2024-45776).
- An out-of-bounds write in the UFS file system (CVE-2024-45781).
- A use-after-free vulnerability due to hooks not being properly removed on module unload (CVE-2025-0622).
- An integer overflow that could result in heap-based out-of-bounds writes when handling symbolic links (CVE-2025-0677).
- The dump command not being restricted in secure boot mode (CVE-2025-1118).
Both updates are classified as moderate in severity and aim to enhance the security of the operating systems. Users are encouraged to review the detailed information and apply the updates as necessary to mitigate potential security risks.
For those interested in further details, including CVSS scores and acknowledgments related to these vulnerabilities, they can visit the respective links provided in the update notifications. Additionally, users can manage their notification settings or seek assistance through the AlmaLinux community chat.
In summary, it is crucial for AlmaLinux users to remain vigilant about security updates and promptly apply patches to protect their systems from vulnerabilities. Regularly checking for updates and understanding the implications of these fixes can significantly enhance system security and stability in a rapidly evolving cybersecurity landscape
The kernel update, applicable to AlmaLinux 9, addresses a moderate-severity vulnerability associated with IPv6 multicast, specifically a delay in the process of putting the multicast context in the function `mld_del_delrec()` (CVE-2025-38550). This update was released on September 25, 2025.
On the other hand, the Grub2 update, which impacts AlmaLinux 10, fixes several vulnerabilities, including integer overflows, use-after-free issues, and out-of-bounds writes, all of which could be exploited through malicious input. The vulnerabilities are as follows:
- An integer overflow that can lead to heap out-of-bounds read and write (CVE-2024-45776).
- An out-of-bounds write in the UFS file system (CVE-2024-45781).
- A use-after-free vulnerability due to hooks not being properly removed on module unload (CVE-2025-0622).
- An integer overflow that could result in heap-based out-of-bounds writes when handling symbolic links (CVE-2025-0677).
- The dump command not being restricted in secure boot mode (CVE-2025-1118).
Both updates are classified as moderate in severity and aim to enhance the security of the operating systems. Users are encouraged to review the detailed information and apply the updates as necessary to mitigate potential security risks.
For those interested in further details, including CVSS scores and acknowledgments related to these vulnerabilities, they can visit the respective links provided in the update notifications. Additionally, users can manage their notification settings or seek assistance through the AlmaLinux community chat.
In summary, it is crucial for AlmaLinux users to remain vigilant about security updates and promptly apply patches to protect their systems from vulnerabilities. Regularly checking for updates and understanding the implications of these fixes can significantly enhance system security and stability in a rapidly evolving cybersecurity landscape
Kernel and Grub2 updates for AlmaLinux
The AlmaLinux team has released two security updates: one for the kernel (ALSA-2025:15740) and another for grub2 (ALSA-2025:16154). The kernel update, which affects AlmaLinux 9, addresses a moderate-severity vulnerability related to IPv6 multicast. The grub2 update, affecting AlmaLinux 10, fixes multiple vulnerabilities, including integer overflows, use-after-free issues, and out-of-bounds writes that can be triggered by malicious input.
ALSA-2025:15740: kernel security update (Moderate)
ALSA-2025:16154: grub2 security update (Moderate)
