7 Critical Linux Kernel Updates You Must Install Today
This Thursday, Linux stable kernel maintainer Greg Kroah-Hartman unveiled a fresh lineup of seven stable kernel releases. These updates are not just routine maintenance—they tackle a severe security vulnerability in the AEAD socket layer and provide targeted fixes for Xen virtualization users. If you're running any of these kernel series, upgrading immediately is strongly advised to protect your systems from potential exploits. Below, we break down each release, explaining what's changed and why it matters.
1. Kernel 7.0.3 – Xen‑Specific Stability
The 7.0.3 stable release focuses exclusively on correcting issues that affect users of the Xen hypervisor. While this kernel does not include the AEAD socket patches, it resolves several Xen-related bugs that could lead to system instability or data corruption in virtualized environments. For administrators running Linux as a Dom0 or DomU on Xen, this update is essential to maintain reliable operation. If Xen is not in your infrastructure, you can safely skip this kernel, but always check your deployment before deciding.
2. Kernel 6.18.26 – Xen Fixes Only
Similar to the 7.0.3 release, kernel 6.18.26 is a targeted patch for Xen users. It addresses a set of stability and performance issues that were identified in the 6.18 series when running under Xen. No other changes are included, so this kernel is only recommended if you rely on Xen virtualization. For everyone else, your attention should shift to the next kernels that contain the critical AEAD socket vulnerability fix.
3. Kernel 6.12.85 – AEAD Socket Vulnerability Patched
Kernel 6.12.85 is one of five kernels in this batch that include backported fixes for the recently disclosed AEAD socket vulnerability. This flaw could allow an attacker to execute arbitrary code or cause a denial of service by sending crafted packets. All users running the 6.12.x series are urged to upgrade immediately. The patch was carefully integrated to minimize disruption while closing the security gap. If your systems are exposed to untrusted networks, this update is non‑negotiable.
4. Kernel 6.6.137 – Security and Stability Combined
For those on the 6.6 longterm branch, version 6.6.137 brings not only the AEAD socket patch but also a collection of stability fixes backported from newer kernels. This ensures that your system remains secure without sacrificing the proven reliability of the 6.6 series. The update addresses several minor bugs that could affect performance in edge cases. As always, thorough testing is advised before deploying in production, but the security benefits strongly justify the upgrade.
5. Kernel 6.1.170 – Critical Patch for Long‑Term Users
The 6.1.170 release is essential for anyone relying on this popular long‑term support kernel. It incorporates the AEAD socket vulnerability fix along with other important backports. Given the widespread deployment of 6.1 in enterprise environments, the security implications are significant. Delaying the upgrade could expose your infrastructure to remote attacks. Make sure to apply this patch as soon as possible, especially if your machines are internet‑facing.
6. Kernel 5.15.204 – Protecting Older Deployments
Even the 5.15 longterm branch receives the AEAD socket fix in this release. Kernel 5.15.204 is a vital update for organizations that have not yet migrated to newer series but still require security compliance. The backport was handled meticulously to ensure compatibility with older driver versions and configurations. If you manage legacy systems, this kernel closes the vulnerability without forcing a major upgrade. Do not overlook this release—attackers often target older, unpatched kernels.
7. Kernel 5.10.254 – Final Security Barrier
The 5.10.254 stable kernel is the last in this set and targets users of the 5.10 longterm series. It includes the same AEAD socket vulnerability fix found in the other kernels, plus minor bug fixes. Many embedded and IoT devices rely on 5.10, making this update critical for devices that are hard to patch frequently. Although 5.10 is older, the security patch is fully backported. Upgrade your kernel now to ensure your devices remain protected
In summary, these seven stable kernels from Greg Kroah-Hartman serve two main purposes: address a serious security vulnerability affecting the AEAD socket layer and provide Xen‑specific patches for virtualization environments. Regardless of your kernel series, if you are on one of the affected branches, you should plan an upgrade as soon as possible. Stay secure, keep your systems up‑to‑date, and always test changes in a staging environment first.