AlmaLinux has issued critical security updates for its kernel and kernel-rt packages to mitigate several vulnerabilities. The updates include:

1. ALSA-2025:15429 - Released on September 15, 2025, this update addresses a buffer overflow issue during udmabuf creation (CVE-2025-37803) and converts a mutex to a spinlock in the idpf driver (CVE-2025-38392).

2. ALSA-2025:15661 - Released the following day on September 16, 2025, this update fixes significant vulnerabilities: a use-after-free and double-free error on initialization (CVE-2025-22097), and several other issues involving memory handling and race conditions in the kernel.

3. ALSA-2025:15786 - Also released on September 15, but for the kernel-rt packages, this update addresses vulnerabilities that include notification handling in the net/sched subsystem and the same mutex conversion issue as noted in the first update, alongside memory reference management for GEM handles.

Each update is categorized as important and provides detailed information about the security issues, their CVSS scores, and links to further resources for users to stay informed. Users receiving these notifications are encouraged to stay updated and engage with the AlmaLinux community for support.

Extended Summary:

AlmaLinux continues its commitment to security by promptly addressing vulnerabilities that could affect system stability and security. Users of AlmaLinux 9 and 8 are urged to apply these updates to ensure their systems are protected against potential exploits. The kernel updates not only fix critical issues but also enhance overall system performance and reliability. As the Linux ecosystem evolves, regular updates and community engagement remain essential for maintaining a secure operating environment. Users are reminded to check the AlmaLinux errata page for the latest updates and best practices for system security management

Kernel and Kernel-RT updates for AlmaLinux

AlmaLinux has released several important security updates for kernel and kernel-rt packages to address various vulnerabilities. The first update (ALSA-2025:15429) fixes two vulnerabilities in the Linux kernel, including a buffer overflow during udmabuf creation (CVE-2025-37803). The second update (ALSA-2025:15661) addresses four additional security issues, including the use-after-free and double-free on init error (CVE-2025-22097), while the third update (ALSA-2025:15786) fixes three vulnerabilities in kernel-rt packages.

ALSA-2025:15429: kernel security update (Important)
ALSA-2025:15661: kernel security update (Important)
ALSA-2025:15786: kernel-rt security update (Important)

Kernel and Kernel-RT updates for AlmaLinux @ Linux Compatible