Red Hat Security Advisory: kernel security update

CVE-2025-38653 — kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al CVE-2025-68183 — kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr CVE-2025-68366 — kernel: nbd: defer config unlock in nbd_genl_connect CVE-2025-68724 — kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id CVE-2025-71089 — kernel: iommu: disable SVA when CONFIG_X86 is set CVE-2026-23392 — kernel: netfilter: nf_tables: release flowtable after rcu grace period on error CVE-2026-23455 — kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() CVE-2026-31408 — kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold CVE-2026-31684 — kernel: net: sched: act_csum: validate nested VLAN headers CVE-2026-31685 — kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets CVE-2026-31709 — kernel: smb: client: validate the whole DACL before rewriting it in cifsacl CVE-2026-43020 — kernel: Bluetooth: MGMT: validate LTK enc_size on load CVE-2026-43023 — kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect() CVE-2026-43027 — kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup CVE-2026-43051 — kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq CVE-2026-43110 — kernel: wifi: brcmfmac: validate bsscfg indices in IF events CVE-2026-43158 — kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks CVE-2026-43190 — kernel: netfilter: xt_tcpmss: check remaining length before reading optlen CVE-2026-43303 — kernel: mm/page_alloc: clear page->private in free_pages_prepare() CVE-2026-46195 — kernel: smb: client: validate dacloffset before building DACL pointers