LinuxSecurity.com

The Extended Berkeley Packet Filter (eBPF) was created to make Linux more observable and secure. It extends kernel functionality without requiring new modules or recompilation, enabling precise monitoring, tracing, and policy enforcement at runtime. For defenders, it promised transparency. For attackers, it opened a new space to hide.

Red Hat confirmed a privilege escalation flaw in open-vm-tools (CVE-2025-41244), the utility that keeps Linux guests talking to VMware hosts. It handles the small things '' time sync, clipboard sharing, system events '' the background work that makes virtual machines feel seamless. Most systems run it by default, and most admins forget it's even there once the guest comes online.

Canonical has released a coordinated set of Ubuntu kernel advisories, including USN-7789-2, USN-7792-3, USN-7809-1, USN-7810-1, and USN-7811-1. Each update addresses critical flaws affecting several kernel builds. The patches span cloud environments like AWS, Azure, and GKE, as well as hardware targets such as Tegra IGX and Raspberry Pi.