AlmaLinux has issued three kernel security updates for version 8, addressing vulnerabilities with varying severity levels. Two updates (ALSA-2025:16372 and ALSA-2025:16373) are rated as moderate, while one update (ALSA-2025:15785) has been classified as important.
The moderate updates target specific vulnerabilities in the Linux kernel: ALSA-2025:16372 addresses issues related to the vsock transport and a HID core vulnerability, while ALSA-2025:16373 focuses on the Real-Time (RT) Linux Kernel's handling of the same vsock issue. The important update (ALSA-2025:15785) resolves more significant issues, including limitations on USB packet lengths and problems with notification handling and mutex conversions.
- Release Date: September 24, 2025
- Fixes include:
- TOCTOU issue in vsock (CVE-2025-38461)
- Restrictions on unmounted mounts (CVE-2025-38498)
- Hardening of the HID core (CVE-2025-38556)
- [More details here](https://errata.almalinux.org/8/ALSA-2025-16372.html)
2. ALSA-2025:16373 (Moderate)
- Release Date: September 24, 2025
- Fixes include:
- Same vsock TOCTOU issue (CVE-2025-38461)
- [More details here](https://errata.almalinux.org/8/ALSA-2025-16373.html)
3. ALSA-2025:15785 (Important)
- Release Date: September 23, 2025
- Fixes include:
- USB packet length limitations (CVE-2023-53125)
- Notification handling for empty child classes (CVE-2025-38350)
- Mutex to spinlock conversion in idpf (CVE-2025-38392)
- GEM handle reference acquisition for framebuffers (CVE-2025-38449)
- [More details here](https://errata.almalinux.org/8/ALSA-2025-15785.html)
For users of AlmaLinux, it is essential to apply these updates promptly to ensure system security and stability. The AlmaLinux team encourages users to stay informed by subscribing to security update notifications and engaging with the community for any questions or concerns.
The moderate updates target specific vulnerabilities in the Linux kernel: ALSA-2025:16372 addresses issues related to the vsock transport and a HID core vulnerability, while ALSA-2025:16373 focuses on the Real-Time (RT) Linux Kernel's handling of the same vsock issue. The important update (ALSA-2025:15785) resolves more significant issues, including limitations on USB packet lengths and problems with notification handling and mutex conversions.
Summary of Updates:
1. ALSA-2025:16372 (Moderate)- Release Date: September 24, 2025
- Fixes include:
- TOCTOU issue in vsock (CVE-2025-38461)
- Restrictions on unmounted mounts (CVE-2025-38498)
- Hardening of the HID core (CVE-2025-38556)
- [More details here](https://errata.almalinux.org/8/ALSA-2025-16372.html)
2. ALSA-2025:16373 (Moderate)
- Release Date: September 24, 2025
- Fixes include:
- Same vsock TOCTOU issue (CVE-2025-38461)
- [More details here](https://errata.almalinux.org/8/ALSA-2025-16373.html)
3. ALSA-2025:15785 (Important)
- Release Date: September 23, 2025
- Fixes include:
- USB packet length limitations (CVE-2023-53125)
- Notification handling for empty child classes (CVE-2025-38350)
- Mutex to spinlock conversion in idpf (CVE-2025-38392)
- GEM handle reference acquisition for framebuffers (CVE-2025-38449)
- [More details here](https://errata.almalinux.org/8/ALSA-2025-15785.html)
For users of AlmaLinux, it is essential to apply these updates promptly to ensure system security and stability. The AlmaLinux team encourages users to stay informed by subscribing to security update notifications and engaging with the community for any questions or concerns.
Future Considerations
As cybersecurity threats evolve, it is crucial for AlmaLinux users to remain vigilant with regular updates. Users should consider implementing automated update processes or frequently checking for updates to maintain their systems' security posture. Moreover, it may be beneficial to follow community discussions or forums for insights on best practices regarding kernel security and system maintenanceKernel updates for AlmaLinux
Three security updates have been released for AlmaLinux 8: two kernel security updates (ALSA-2025:16372 and ALSA-2025:16373) with a moderate severity rating and one additional kernel security update (ALSA-2025:15785) with an Important severity rating. The first two updates address vulnerabilities in the Linux kernel, including a TOCTOU issue and a HID core vulnerability. The third update addresses four separate issues, including a USB packet length limit and a notification handling bug.
ALSA-2025:16372: kernel security update (Moderate)
ALSA-2025:16373: kernel-rt security update (Moderate)
ALSA-2025:15785: kernel security update (Important)
