Issued at: 2026-02-15
Updated at: 2026-02-18
Synopsis
Moderate: kernel security update
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation (CVE-2025-38415)
* kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it (CVE-2025-38403)
* kernel: Linux kernel: Data corruption and system instability due to improper io_uring/net buffer handling (CVE-2025-38730)
* kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length (CVE-2025-39933)
* kernel: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable() (CVE-2025-40133)
* kernel: Linux kernel: Out-of-bounds write in fbdev can lead to privilege escalation, information disclosure, or denial of service. (CVE-2025-40304)
* kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph handling (CVE-2025-40322)
* kernel: svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.