
March Linux Patch Wednesday. Total vulnerabilities: 1083. 879 in the Linux Kernel.
Two vulnerabilities show signs of exploitation in the wild:
Code Injection – GLPI (CVE-2022-35914). An old vulnerability from CISA KEV, but first patched on March 3 in RedOS Linux.
Memory Corruption – Safari (CVE-2025-24201). Fixed in WebKitGTK packages in Linux repositories.
There are 19 vulnerabilities with publicly available exploits. Notable ones:
Remote Code Execution – Apache Tomcat (CVE-2025-24813)
Command Injection – SPIP (CVE-2024-8517)
Memory Corruption – Assimp (CVE-2025-2152)
Memory Corruption – libxml2 (CVE-2025-27113)
The Elevation of Privilege vulnerability in the Linux Kernel (CVE-2022-49264) has no public exploit yet. However, it resembles well-known PwnKit (CVE-2021-4034).