There are two separate security updates for AlmaLinux: one for AlmaLinux 10 (ALSA-2025:22854) and another for AlmaLinux 8 (ALSA-2025:22760). The kernel package in AlmaLinux 10 has been updated to fix several vulnerabilities, including oops due to an uninitialized variable and possible UAFs. Meanwhile, the abrt security update for AlmaLinux 8 fixes a command-injection vulnerability that could lead to local privilege escalation.

ALSA-2025:22854: kernel security update (Moderate)
ALSA-2025:22760: abrt security update (Important)

ALSA-2025:22854: kernel security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-12-10

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: cifs: Fix oops due to uninitialised variable (CVE-2025-38737)
* kernel: can: j1939: implement NETDEV_UNREGISTER notification handler (CVE-2025-39925)
* kernel: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (CVE-2025-39982)
* kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981)
* kernel: net/mlx5: fs, fix UAF in flow counter release (CVE-2025-39979)
* kernel: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue (CVE-2025-39983)
* kernel: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (CVE-2025-40047)
* kernel: iommu/vt-d: Disallow dirty tracking if incoherent page walk (CVE-2025-40058)
* kernel: ice: ice_adapter: release xa entry on adapter allocation failure (CVE-2025-40185)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-22854.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:22760: abrt security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-12-10

Summary:

The Automatic Bug Reporting Tool (ABRT) recognizes defects in applications and creates bug reports that help maintainers fix the defects. ABRT uses a plug-in system to extend its functionality.

Security Fix(es):

* abrt: Command-injection in ABRT leading to local privilege escalation (CVE-2025-12744)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-22760.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team