Is there a fix for this issue? How can I solve this issue?
More info? What Rocky version are you using? Just asking a CVE number without any further detail isnāt very helpful.
That said, according to here: https://access.redhat.com/security/cve/cve-2025-21756#cve-affected-packages I only see it affecting RHEL10 and RHEL8. Since Rocky 10 isnāt out, that leaves Rocky 8. Thus, looking at the links from the above one, we find: https://access.redhat.com/errata/RHSA-2025:8056 which shows kernel 4.18.0-553.53 which isnāt out yet since 4.18.0-553-51 is the current one.
I guess it will appear soon.
On first page. RHEL 9 is there (on next page): āFixed in 570-17.1.el9_6ā, https://access.redhat.com/errata/RHSA-2025:7903
(There are also fixes for el9_0, el9_2, and el9_4.)
In other words, Rocky 9.5 does not, nor will have a fix ā the fix will be in Rocky 9.6.
The vulnerability is in āLinux kernelās VMware network driverā, kernel module āvsockā. I presume that the issue is only in virtual machines that run on VMware hypervisor and use that driver?
Looks that way, my KVM VMās donāt have that module loaded, but my VMware ones do. So those not on VMware wonāt have any issues with this Iād expect.
What with the team working on releasing 9.6 and 10.0 at present will mean a little delay on this.
Hi iwalker, Jlehtone
We have a bunch of (~100) servers running Rocky9 and some (>10) hypervisors (libvirt) running Rocky8, ningun server using VMWare. For what you say for R9 I should wait for 9.6 and for R8 I would be covered by the fact that I am not using VMWARE. Do I understand correctly?
Yep pretty much, we need to wait for all the updates to come out for RL8 and RL9.
1 Like
Until then the mitigation is to not load the āvsockā. Can a guest on VMware operate without the vsock? Are there alternative virtual network hardware in VMware?
New kernel arrived today for RL8, so 4.18.0-553.53 is available to address that issue.
Nice, Thank you iwalker