Several security issues were fixed in Valkey.
Software Description:
- valkey: Persistent key-value database with network interface
Details:
Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly
handled memory when running Lua scripts. An authenticated attacker could
use this vulnerability to trigger a use-after-free condition, and
potentially achieve remote code execution on the Valkey server.
(CVE-2025-49844)
It was discovered that Valkey incorrectly handled memory when running Lua
scripts. An authenticated attacker could use this vulnerability to trigger
a integer overflow condition, and potentially achieve remote code execution
on the Valkey server. (CVE-2025-46817)
It was discovered that Valkey incorrectly handled Lua objects. An
authenticated attacker could possibly use this issue to escalate their
privileges. (CVE-2025-46818)
It was discovered that Valkey incorrectly handled memory when running Lua
scripts. An authenticated attacker could use this...
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 valkey-server 8.1.4+dfsg1-0ubuntu0.2 Ubuntu 25.04 valkey-server 8.0.6+dfsg1-0ubuntu0.2 Ubuntu 24.04 LTS valkey-server 7.2.11+dfsg1-0ubuntu0.2 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7893-1
CVE-2025-46817, CVE-2025-46818, CVE-2025-46819, CVE-2025-49112,
CVE-2025-49844
Get the latest Linux and open source security news straight to your inbox.