Seven New Stable Kernels Released
Greg Kroah-Hartman, the Linux kernel maintainer, announced the release of seven new stable kernels on Thursday: 7.0.3, 6.18.26, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254. The most significant update addresses a critical security vulnerability in the AEAD socket subsystem, affecting multiple kernel series.
Urgent Upgrade Required for Most Users
While the 7.0.3 and 6.18.26 kernels contain fixes exclusively for Xen hypervisor users, the remaining five kernels include backported patches for the recently disclosed AEAD socket vulnerability. Kroah-Hartman strongly advises all users of those kernel series to upgrade immediately.
"Users of the 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254 kernels must upgrade as soon as possible to protect their systems," said Kroah-Hartman in the release announcement.
Background: The AEAD Socket Vulnerability
The AEAD (Authenticated Encryption with Associated Data) socket vulnerability is a recently uncovered security flaw that could allow attackers to compromise system integrity. The vulnerability affects how Linux handles certain encryption operations within the network stack, potentially enabling privilege escalation or denial-of-service attacks.
Security researchers have not yet disclosed full technical details, but the kernel team acted swiftly to produce backported patches for older but widely used stable series. The vulnerability underscores the ongoing challenge of maintaining security across multiple kernel versions.
What This Means for System Administrators
This release significantly impacts organizations running Linux servers, desktops, or embedded systems. Systems using kernel versions 6.12.x, 6.6.x, 6.1.x, 5.15.x, or 5.10.x should be updated to the new point releases without delay.
For Xen users, the 7.0.3 and 6.18.26 kernels address specific Xen-related issues, though they do not contain the AEAD fix. Administrators running Xen should weigh their own risk assessment and apply updates as needed.
Recommended action: Check your current kernel version with uname -r and update to the appropriate new stable release via your distribution's package manager or kernel.org.