Red Hat Security Advisory: kernel security update

CVE-2025-38653 — kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al CVE-2025-39766 — kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit CVE-2025-68366 — kernel: nbd: defer config unlock in nbd_genl_connect CVE-2026-23210 — kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild CVE-2026-23270 — kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation CVE-2026-23392 — kernel: netfilter: nf_tables: release flowtable after rcu grace period on error CVE-2026-31419 — kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31607 — kernel: usbip: validate number_of_packets in usbip_pack_ret_submit() CVE-2026-31685 — kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets CVE-2026-31709 — kernel: smb: client: validate the whole DACL before rewriting it in cifsacl CVE-2026-43037 — kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() CVE-2026-43038 — kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() CVE-2026-43163 — kernel: md/bitmap: fix GPF in write_page caused by resize race