| Package | atop |
|---|---|
| Version | 2.4.0-3+deb10u1 (buster) |
| Related CVEs | CVE-2025-31160 |
It was discovered that Atop, a monitor tool for system resources and process activity, always tried to connect to the port of atopgpud (an additional daemon gathering GPU statistics not shipped in Debian) while performing insufficient sanitising of the data read from this port.
With this update, additional validation is added and by default atop no longer tries to connect to the atopgpud daemon port unless explicitly enabled via -k.
For Debian 10 buster, these problems have been fixed in version 2.4.0-3+deb10u1.
We recommend that you upgrade your atop packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.