Linux 7.2 Merge Window Closes with PCI Fix, as CISA Flags Critical PTC Flaw and Miasma Campaign Infects npm

The Linux 7.2 merge window closed this week with a PCI/PCIe subsystem fix that prevented devices from being inadvertently locked to a 2.5 GT/s transfer rate. Separately, CISA added a critical remote code execution vulnerability in PTC Windchill PDMlink and FlexPLM to its Known Exploited Vulnerabilities catalog, citing active exploitation. In parallel, Microsoft uncovered a malicious npm campaign called Miasma that infected over 20 packages to steal developer credentials and secrets.

The PCIe speed fix, merged on June 25, resolves a kernel issue where certain configurations could restrict PCIe devices to the lowest Gen1 speed of 2.5 GT/s, potentially hampering performance for high-throughput workloads like NVMe storage or GPU compute.

CISA Flags Critically Exploited PTC Windchill RCE

CISA added the PTC Windchill vulnerability (CVE number not yet disclosed) to its KEV catalog on June 26 after observing web shell attacks leveraging the flaw. The bug allows attackers to execute arbitrary code remotely on systems running PTC Windchill PDMlink and FlexPLM, which are widely used in manufacturing and product lifecycle management.

• PTC Windchill bug is a remote code execution with no authenticated access required.
• Web shells have been deployed against affected systems, giving attackers persistent remote control.
• All federal civilian executive branch agencies must remediate by July 17, per CISA Binding Operational Directive.
• The vulnerability affects both on-premises and cloud deployments of Windchill.

Miasma Campaign Poisons npm Registry

Microsoft Security reported on June 26 that the Miasma campaign had injected malicious code into more than 20 npm packages, including widely used libraries like Leo Platform and RStreams. The malware harvests environment variables, SSH keys, and cloud provider credentials, then exfiltrates the data to attacker-controlled servers. The campaign also attempts to phish maintainers of other packages for account takeover.

As of Friday, several distributions released large batches of security patches. AlmaLinux updated 25 packages including buildah, coreutils, nginx, and python-urllib3. Debian stable received fixes for Chromium, dnsdist, libssh2, and sogo. Fedora patched httpd, rsync, and strongswan. SUSE fixed kernel issues across multiple SLE versions, and Ubuntu addressed containerd and NSD flaws. Oracle patched 35 packages spanning 389-ds-base, podman, and xorg-x11-server.

Sysadmins should prioritize the PTC Windchill patch given active exploitation. Linux administrators should review the PCIe fix if running 7.2 release candidates on Gen4 or Gen5 hardware. For npm users, Microsoft advises auditing package.json for the known malicious package names and rotating any exposed keys.