ELA-1490-1 linux-6.1 security update

linux kernel update

2025-07-31

Package	linux-6.1
Version	6.1.140-1~deb9u1 (stretch), 6.1.140-1~deb10u1 (buster)
Related CVEs	CVE-2024-26618 CVE-2024-26783 CVE-2024-26807 CVE-2024-28956 CVE-2024-35790 CVE-2024-36903 CVE-2024-36927 CVE-2024-43840 CVE-2024-46751 CVE-2024-53203 CVE-2024-53209 CVE-2024-57945 CVE-2025-21645 CVE-2025-21839 CVE-2025-21931 CVE-2025-22062 CVE-2025-37819 CVE-2025-37890 CVE-2025-37897 CVE-2025-37901 CVE-2025-37903 CVE-2025-37905 CVE-2025-37909 CVE-2025-37911 CVE-2025-37912 CVE-2025-37913 CVE-2025-37914 CVE-2025-37915 CVE-2025-37917 CVE-2025-37921 CVE-2025-37923 CVE-2025-37924 CVE-2025-37927 CVE-2025-37928 CVE-2025-37929 CVE-2025-37930 CVE-2025-37932 CVE-2025-37936 CVE-2025-37947 CVE-2025-37948 CVE-2025-37949 CVE-2025-37951 CVE-2025-37953 CVE-2025-37959 CVE-2025-37961 CVE-2025-37962 CVE-2025-37963 CVE-2025-37964 CVE-2025-37967 CVE-2025-37969 CVE-2025-37970 CVE-2025-37972 CVE-2025-37990 CVE-2025-37991

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

For CPUs affected to ITS (Indirect Target Selection), to fully mitigate the vulnerability it is also necessary to update the intel-microcode packages released in ELA-1425-1.

For details on the Indirect Target Selection (ITS) vulnerability please refer to the VUSec article and the Intel one.

For Debian 10 buster, these problems have been fixed in version 6.1.140-1~deb10u1.

For Debian 9 stretch, these problems have been fixed in version 6.1.140-1~deb9u1.

We recommend that you upgrade your linux-6.1 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.