Greg Kroah-Hartman Releases Seven New Stable Linux Kernels with Critical Security Patches

Overview of the Latest Kernel Updates

On Thursday, renowned Linux kernel maintainer Greg Kroah-Hartman announced the release of seven new stable kernels, addressing both general stability improvements and a critical security flaw. The kernels span multiple long-term support (LTS) and current series, reflecting the ongoing commitment to keeping the Linux ecosystem secure and reliable. Among these releases, two are targeted specifically at Xen hypervisor users, while the other five include backported fixes for a recently disclosed vulnerability in the AEAD socket subsystem.

Details of the Seven Stable Kernels

The newly released kernels are: 7.0.3, 6.18.26, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254. Each version corresponds to a different kernel branch, ensuring that users across various systems can apply the necessary updates.

Kernels 7.0.3 and 6.18.26: Targeted Xen Fixes

The first two kernels—7.0.3 and 6.18.26—are notable for containing fixes exclusively for users of the Xen hypervisor. These updates address specific issues that affect virtualized environments running on Xen, improving stability and security without introducing other changes. Administrators running Xen-based systems should prioritize these updates.

The Remaining Five Kernels: AEAD Vulnerability Patches

The other five kernels—6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254—carry backported patches for the recently disclosed AEAD socket vulnerability. This security flaw, which affects the kernel's handling of authenticated encryption with associated data (AEAD) sockets, could potentially allow attackers to compromise system integrity. By backporting the fix to these popular LTS and stable branches, Kroah-Hartman ensures that a wide range of users are protected.

Understanding the AEAD Socket Vulnerability

The AEAD socket vulnerability is a kernel-level issue that has drawn attention from security researchers and system administrators alike. AEAD is a cryptographic primitive used to provide both confidentiality and integrity for data transmitted over network sockets. A flaw in the kernel's implementation could lead to memory corruption or information disclosure, making it a serious threat. The exact details of the vulnerability have not been fully disclosed, but the urgency of the patches suggests a high severity rating.

Kroah-Hartman's advisory explicitly states that all users of the other kernel series must upgrade. This underscores the critical nature of the flaw and the importance of applying these updates without delay.

Why Immediate Upgrades Are Essential

Security vulnerabilities in the Linux kernel can have far-reaching consequences, especially on servers and cloud infrastructure. The AEAD socket vulnerability, if exploited, could allow an attacker to gain elevated privileges or disrupt network communications. By releasing these five patched kernels, Kroah-Hartman provides a straightforward path to mitigation.

For users of the 7.0.3 and 6.18.26 kernels, the need to upgrade depends on whether you use Xen. If you do, the fixes are crucial; if not, those kernels contain no other changes and can be skipped. However, for all other versions, upgrading is strongly recommended to protect against the AEAD flaw.

How to Update Your Linux System

Upgrading to the latest stable kernel is typically managed through your distribution's package manager. For example, on Ubuntu or Debian, you can run:

• sudo apt update
• sudo apt upgrade linux-image-$(uname -r)

On Red Hat-based systems (Fedora, CentOS), use sudo dnf upgrade kernel. After installation, a system reboot is required to load the new kernel. Always verify the kernel version with uname -r after reboot.

If you compile your own kernel, you can download the source tarballs from kernel.org and apply the patches manually.

About Greg Kroah-Hartman and Stable Kernel Releases

Greg Kroah-Hartman is a leading Linux kernel developer and the maintainer of the stable kernel branch. His role involves cherry-picking critical fixes from the mainline development tree and backporting them to supported stable and LTS kernels. This process ensures that users receive important security and stability updates without having to adopt the latest (and sometimes less tested) mainline version.

These seven releases continue the tradition of regular, reliable updates that keep Linux systems secure. For detailed information on each kernel, including the full changelog, visit the Linux Weekly News or the official kernel archives.

Conclusion

The release of seven new stable kernels marks a significant moment for Linux security. With two Xen-specific updates and five vulnerability-fixing releases, Greg Kroah-Hartman has provided necessary patches for a wide range of users. The AEAD socket vulnerability underscores the continuous need for vigilance and prompt updates. All users, especially those running the affected kernel series, should upgrade as soon as possible to maintain system integrity and security.