Weekly Kernel Updates: Seven New Stable Versions Address Critical Vulnerability

Introduction

On Thursday, Greg Kroah-Hartman, the prominent Linux kernel maintainer, announced the release of seven new stable kernel versions. These updates, spanning multiple long-term support (LTS) branches as well as the latest stable series, address a recently disclosed security flaw—the AEAD socket vulnerability—and include specific fixes for Xen hypervisor users. The affected kernels are 7.0.3, 6.18.26, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254. This article breaks down what these releases mean for system administrators and end users alike.

Details of the Release

Kernel Versions and Branches

The seven kernels represent a mix of the very latest mainline branch (7.0.x) and several LTS branches that are still actively maintained. Notably, the 7.0.3 and 6.18.26 kernels contain only fixes specific to Xen hypervisor users. In contrast, the remaining five kernels—6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254—incorporate backported patches that address the AEAD socket vulnerability. According to Kroah-Hartman, all users of these latter kernel series must upgrade to the latest point release to ensure system security.

Why Two Kernels Are Xen-Only

The 7.0.3 and 6.18.26 updates are unusual because they carry only Xen-related fixes. This suggests that the AEAD socket vulnerability either does not affect these kernel series, or that a separate update path was needed for Xen users due to interaction with paravirtualized drivers. In any case, administrators running Xen on these kernel versions are strongly advised to apply the update.

The AEAD Socket Vulnerability

The AEAD (Authenticated Encryption with Associated Data) socket vulnerability is a security issue that was recently disclosed. While details remain limited, it affects the kernel’s handling of certain cryptographic operations within network sockets, potentially allowing an attacker to cause a denial of service or, in worse cases, execute arbitrary code. Because the flaw exists in common code paths, backported fixes were prepared for all active LTS branches. The inclusion of these fixes in the newly released kernels is critical—users running older stable kernels should prioritize the upgrade.

Upgrade Recommendations

Who Should Upgrade?

If you are running any of the following kernel series, you should upgrade to the latest point release immediately:

• 6.12.x → 6.12.85
• 6.6.x → 6.6.137
• 6.1.x → 6.1.170
• 5.15.x → 5.15.204
• 5.10.x → 5.10.254

For users on the 7.0.x or 6.18.x series, only Xen hypervisor users need to upgrade to 7.0.3 or 6.18.26 respectively. Non-Xen users on these two branches may not require immediate action, but staying current is always recommended.

How to Upgrade

The standard procedure involves downloading the new kernel source from kernel.org or, more commonly, updating via your distribution’s package manager. Most major Linux distributions will soon (or have already) pushed these versions to their repositories. Use the appropriate command for your package manager:

1. Debian/Ubuntu: sudo apt update && sudo apt upgrade
2. RHEL/CentOS/Fedora: sudo dnf upgrade
3. Arch Linux: sudo pacman -Syu

After installation, a system reboot is required to load the new kernel.

Conclusion

The release of seven stable kernels in a single day underscores the Linux kernel community’s commitment to security and stability. The AEAD socket vulnerability fix is particularly important for users on the five affected LTS branches, while the Xen-specific updates ensure that virtualized environments remain secure. By heeding Greg Kroah-Hartman’s advice and upgrading promptly, users can protect their systems from potential exploits.

As always, regular kernel updates are a key component of a robust security posture. Stay tuned for further announcements as the development cycle continues.