AlmaLinux 9 has released updated kernel packages as part of its security updates. The latest update, identified as ALSA-2025:11861, addresses several vulnerabilities classified as moderate in severity. This update was released on July 31, 2025.
- CVE-2024-57980: Fixes a double free issue in the error path of the uvcvideo media driver.
- CVE-2025-21905: Limits the printed string from the firmware file in the iwlwifi driver.
- CVE-2025-22091: Addresses a page_size variable overflow problem in the RDMA/mlx5 subsystem.
- CVE-2025-22121: Resolves an out-of-bounds read in the ext4 file system.
- CVE-2025-22113: Prevents journaling state block updates on errors during journal destruction.
- CVE-2025-22085: Fixes a use-after-free vulnerability when renaming device names in the RDMA core.
- CVE-2025-37797: Corrects a use-after-free vulnerability in the HFSC class handling within net scheduling.
- CVE-2025-37958: Fixes the dereferencing of invalid pmd migration entries in huge memory management.
- CVE-2025-38086: Addresses uninitialized access during MII negotiation for the ch9200 network driver.
- CVE-2025-38110: Fixes potential out-of-bounds read/write access in the mdiobus network subsystem.
For detailed information regarding the impact of these vulnerabilities, including the associated CVSS scores and acknowledgments, users are encouraged to visit the CVE pages referenced in the update.
To access full details, updated packages, and additional information, users can visit the AlmaLinux errata website: [AlmaLinux Errata](https://errata.almalinux.org/9/ALSA-2025-11861.html).
This notification is part of an automatic system for security updates; for questions, users should reach out to the AlmaLinux community chat or manage their notification settings through the provided links.
Key Security Fixes:
The update includes important security fixes for various components of the Linux kernel, specifically targeting the following vulnerabilities:- CVE-2024-57980: Fixes a double free issue in the error path of the uvcvideo media driver.
- CVE-2025-21905: Limits the printed string from the firmware file in the iwlwifi driver.
- CVE-2025-22091: Addresses a page_size variable overflow problem in the RDMA/mlx5 subsystem.
- CVE-2025-22121: Resolves an out-of-bounds read in the ext4 file system.
- CVE-2025-22113: Prevents journaling state block updates on errors during journal destruction.
- CVE-2025-22085: Fixes a use-after-free vulnerability when renaming device names in the RDMA core.
- CVE-2025-37797: Corrects a use-after-free vulnerability in the HFSC class handling within net scheduling.
- CVE-2025-37958: Fixes the dereferencing of invalid pmd migration entries in huge memory management.
- CVE-2025-38086: Addresses uninitialized access during MII negotiation for the ch9200 network driver.
- CVE-2025-38110: Fixes potential out-of-bounds read/write access in the mdiobus network subsystem.
For detailed information regarding the impact of these vulnerabilities, including the associated CVSS scores and acknowledgments, users are encouraged to visit the CVE pages referenced in the update.
To access full details, updated packages, and additional information, users can visit the AlmaLinux errata website: [AlmaLinux Errata](https://errata.almalinux.org/9/ALSA-2025-11861.html).
This notification is part of an automatic system for security updates; for questions, users should reach out to the AlmaLinux community chat or manage their notification settings through the provided links.
Conclusion
Keeping the kernel and underlying system updated is crucial for maintaining security and stability in any Linux-based operating system. AlmaLinux emphasizes the importance of these updates to protect users from potential vulnerabilities that could be exploited if left unaddressed. Regular monitoring of updates and prompt application of security patches is recommended for all AlmaLinux usersKernel updates for AlmaLinux 9
Updated kernel packages have been released for AlmaLinux 9:
ALSA-2025:11861: kernel security update (Moderate)
