Due to the current reports on the CVE-2025-38352 security vulnerability, here is a question for the forum:
Does anyone have any current information on Rocky Linux 8.10, specifically kernel 4.18.0-553.72.1.el8, regarding the above issue?
I cannot find any information on whether this security vulnerability has been fixed in the current kernel (updated today).
Please refrain from suggesting that I upgrade to Rocky 9.
Regards
The first place to check is what Red Hat says (about RHEL). For that CVE that is: cve-details
All RHEL (except 6) are Affected. That is not fixed yet. Rocky 8 shares the issue with RHEL 8.
Red Hat has no mitigation to offer, and notes that there are known exploits. They must be busy with making a fix.
In this case that would not help either, as el9 is just as affected as el8.
OK, I’m busy waiting.
Regarding Rocky 9: We also use a machine with kernel 5.14.0-570.37.1.el9. On this machine, the kernel parameter CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y is effective.
If I understand correctly, this means that the problem does not occur.
Regards
RedHat has released a fix.
See here:
https://access.redhat.com/errata/RHSA-2025:15471
Waiting for Rocky…
Yes, and if you read Rocky website, normal updates appear in 24-48 hours after they are released upstream by RHEL.
Since they were released yesterday you need to reset your expectations and be more patient.