In the ever-evolving world of Linux, staying up-to-date with kernel releases is crucial for security and performance. Recently, three new stable kernels were released by Greg Kroah-Hartman. These updates bring a host of important fixes across the kernel tree, though notably missing a patch for a recently disclosed local-privilege-escalation vulnerability. Below, we answer key questions about these releases.
- Which stable kernels were released?
- Who announced these kernel releases?
- What is the Fragnesia vulnerability and why didn't these kernels include a patch?
- What kind of fixes are included in these kernel updates?
- Are there any security implications from the missing Fragnesia patch?
- How do these kernel versions relate to the mainline or LTS branches?
- What should users do after learning about these kernel updates?
Which stable kernels were released?
On Thursday, Greg Kroah-Hartman announced the release of three stable kernels: version 7.0.7, version 6.18.30, and version 6.12.88. These are part of the ongoing maintenance cycle of the Linux kernel, providing incremental patches and improvements over their respective earlier releases. Each version targets a specific branch: 7.0.x is the latest upstream stable series, 6.18.x is a long-term support (LTS) branch, and 6.12.x is also an LTS branch. Users on these branches are encouraged to upgrade to the latest point release to benefit from accumulated fixes.
Who announced these kernel releases?
The releases were announced by Greg Kroah-Hartman, the longtime Linux kernel maintainer responsible for the stable and long-term support kernel branches. Kroah-Hartman regularly publishes new stable kernel versions as part of the Linux kernel's release model, ensuring that critical bug fixes and security patches reach users in a timely manner. His announcement included details on the version numbers and a brief note about the absence of a specific exploit patch.
What is the Fragnesia vulnerability and why didn't these kernels include a patch?
The Fragnesia vulnerability is a local-privilege-escalation (LPE) exploit that was disclosed on May 13. It allows an attacker with local access to gain elevated privileges on the system. Despite its severity, the three newly released stable kernels do not include a patch for Fragnesia. This is likely because the fix either wasn't ready for inclusion in the stable branches at the time of release, or it required more extensive testing before being backported. Kernel maintainers often delay patches to ensure stability, especially for complex exploits. Users concerned about Fragnesia should monitor future kernel updates for the patch.
What kind of fixes are included in these kernel updates?
All three kernels include many other important fixes throughout the tree, spanning drivers, filesystems, networking, architecture-specific code, and core kernel subsystems. While the exact changelog varies per version, typical fixes address memory leaks, race conditions, deadlocks, hardware compatibility issues, and security vulnerabilities not related to Fragnesia. The breadth of fixes underscores the importance of staying current with stable releases, as they cumulatively improve system stability and reliability. Users can review the full changelogs on the Linux Kernel Mailing List or the kernel.org git repository.
Are there any security implications from the missing Fragnesia patch?
Yes, there is a notable security concern: systems running these kernels remain vulnerable to the Fragnesia local-privilege-escalation exploit until a future kernel update includes the fix. However, the risk is mitigated because the exploit requires local access—an attacker must already have a user account on the machine. For many environments, particularly servers with limited local user access, this reduces the attack surface. Nevertheless, administrators should treat this seriously and plan to apply the upcoming patch as soon as it becomes available. Meanwhile, other security fixes in these kernels still improve the overall security posture against different attack vectors.
How do these kernel versions relate to the mainline or LTS branches?
Version 7.0.7 belongs to the latest stable series, which includes the most recent features and improvements. Versions 6.18.30 and 6.12.88 are part of the Long-Term Support (LTS) branches, which receive backported fixes for several years. LTS kernels are popular in enterprise and production environments where stability and long maintenance cycles are prioritized. Each branch follows its own release cadence: the 7.0.x series moves faster, while 6.18.x and 6.12.x focus on critical updates. Users should choose the branch that matches their need for features versus stability.
What should users do after learning about these kernel updates?
As always, users are advised to upgrade to the latest stable kernel version for their branch. This can be done via package managers (e.g., apt upgrade on Debian/Ubuntu, yum update on RHEL/CentOS) or by compiling from source. Before upgrading, it's wise to check the changelogs for any known regressions and test in a non-production environment if possible. For those particularly concerned about Fragnesia, consider applying workarounds or restricting local user privileges until the official patch is released. The kernel releases demonstrate the community's commitment to ongoing stability and security.