The AlmaLinux team has released two security updates: one for the kernel (ALSA-2025:15740) and another for grub2 (ALSA-2025:16154). The kernel update, which affects AlmaLinux 9, addresses a moderate-severity vulnerability related to IPv6 multicast. The grub2 update, affecting AlmaLinux 10, fixes multiple vulnerabilities, including integer overflows, use-after-free issues, and out-of-bounds writes that can be triggered by malicious input.

ALSA-2025:15740: kernel security update (Moderate)
ALSA-2025:16154: grub2 security update (Moderate)

ALSA-2025:15740: kernel security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-09-25

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (CVE-2025-38550)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-15740.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:16154: grub2 security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-09-25

Summary:

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

Security Fix(es):

* grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776)
* grub2: fs/ufs: OOB write in the heap (CVE-2024-45781)
* grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622)
* grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677)
* grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled (CVE-2025-1118)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-16154.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team