VMSCAPE CVE-2025-40300

[ginger]

Hi,
Derzeit wird in den Medien über VMSCAPE berichtet.

https://www.tenable.com/cve/CVE-2025-40300

Ein Patch ist bereits im Upstream. Weiß man wann beziehungsweise ob das in pve / pmg kommt?
Danke!

 

[fabian]

ist in arbeit.

 

[ginger]

Vielen Dank an euch!

 

[t.lamprecht]

(using English to ensure anyone else stumbling upon this can understand the content more easily)

We found no issue in the fast tracked QA session we had today and are in process of rolling out kernel packages with the minimal fix included.

That fix is included in the following kernel package and respective versions:

For Debian Trixie based releases, like Proxmox VE 9, Proxmox Backup Server 4 or Proxmox Datacenter Manager Beta:

• Package proxmox-kernel-6.14.11-2-pve-signed in version 6.14.11-2

For Debian Bookworm based releases, like Proxmox VE 8, Proxmox Backup Server 3 or Proxmox Mail Gateway 8:

• Package proxmox-kernel-6.14.8-3-bpo12-pve-signed in version 6.14.8-3~bpo12+1
• Package proxmox-kernel-6.8.12-15-pve-signed in version 6.8.12-15

As of now these packages are available on the test and no-subscription repository.