Hi,
Is CVE-2025-38352 fixed in the latest CentOS Stream 9 kernel (kernel-5.14.0-617.el9) ? The corresponding Red Hat advisory is RHSA-2025:15661 - Security Advisory - Red Hat Customer Portal. We tried looking at the changelog for the kernel package but it does not seem to mention it. Is there a better place to look?
Thanks,
-Mat
I see that CVE mentioned as fixed in the changelog of kernel-5.14.0-618.el9. As best I can tell, here is the timeline for that build going through the pipeline.
If you’re trying to look up something like this in the future, my recommendation is to start with the pull requests in GitLab. Copy the CVE identifier into the search box, and if an MR references it (they usually do, but not always) it will show up there. Make sure to check under the Merged or All tab, not just Open. I think that’s the best way to quickly identify situations like “this has been proposed but not merged yet” or “this is merged but not published yet”. From there you can dig further into Koji builds or Jenkins pushes as needed.