Red Hat Security Advisory: kernel security update
🔗 CVE IDs covered (18)
📋 Description
CVE-2025-39981 — kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-68183 — kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr CVE-2025-68347 — kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events CVE-2025-71116 — kernel: libceph: make decode_pool() more resilient against corrupted osdmaps CVE-2026-23243 — kernel: Linux kernel: Denial of service and memory corruption in RDMA umad CVE-2026-23270 — kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation CVE-2026-23455 — kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() CVE-2026-31408 — kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold CVE-2026-31532 — kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() CVE-2026-31684 — kernel: net: sched: act_csum: validate nested VLAN headers CVE-2026-31685 — kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets CVE-2026-31709 — kernel: smb: client: validate the whole DACL before rewriting it in cifsacl CVE-2026-43020 — kernel: Bluetooth: MGMT: validate LTK enc_size on load CVE-2026-43027 — kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup CVE-2026-43051 — kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq CVE-2026-43158 — kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks CVE-2026-43163 — kernel: md/bitmap: fix GPF in write_page caused by resize race CVE-2026-43190 — kernel: netfilter: xt_tcpmss: check remaining length before reading optlen
🔗 References (21)
- selfhttps://access.redhat.com/errata/RHSA-2026:21706
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2404105
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2422699
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2424879
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2429602
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2448594
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2448745
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2454810
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2455334
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2461107
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2461757
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2461759
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464369
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464455
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464462
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464476
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2467059
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2467064
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2467210
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21706.json