Linux has released security patches for kernel versions 6.18.26, 6.6.137, 6.12.85, 6.1.170, 5.15.204, and 5.10.254 to address two critical Xen memory management vulnerabilities. The first vulnerability allows unprivileged processes to overflow a buffer, potentially crashing systems or leaking sensitive data, while the second can lead to a privilege escalation through double free corruption during memory operations. System administrators and users running Xen virtualization are urged to apply the updates promptly to prevent exploitation of these flaws. Additionally, ensuring that package managers are updated and verifying patch versions before rebooting is crucial for maintaining system stability and security

Linux Kernel 6.18.26., 6.6.137, 6.12.85, 6.1.170, 5.15.204, and 5.10.254 released

A security patch across six stable kernel branches that fixes two Xen memory bugs anyone running virtual machines should install right away. The first flaw lets unprivileged processes overflow a buffer by reading past allocated space when querying hypervisor build identifiers, which easily crashes systems or leaks sensitive data. The second issue triggers a double free corruption whenever userspace splits a memory region during partial unmap operations, giving local attackers a reliable path to escalate privileges. Running the standard package manager update and rebooting before those flaws get weaponized will keep virtualization stacks from turning into playgrounds for exploit writers.

Linux Kernel 6.18.26., 6.6.137, 6.12.85, 6.1.170, 5.15.204, and 5.10.254 released @ Linux Compatible