Red Hat Security Advisory: kernel security update
🔗 CVE IDs covered (20)
📋 Description
CVE-2025-40135 — kernel: ipv6: use RCU in ip6_xmit() CVE-2025-40158 — kernel: ipv6: use RCU in ip6_output() CVE-2025-40170 — kernel: net: use dst_dev_rcu() in sk_setup_caps() CVE-2025-68366 — kernel: nbd: defer config unlock in nbd_genl_connect CVE-2025-68724 — kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id CVE-2025-71089 — kernel: iommu: disable SVA when CONFIG_X86 is set CVE-2025-71116 — kernel: libceph: make decode_pool() more resilient against corrupted osdmaps CVE-2026-22984 — kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done() CVE-2026-22990 — kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() CVE-2026-23216 — kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() CVE-2026-23392 — kernel: netfilter: nf_tables: release flowtable after rcu grace period on error CVE-2026-23455 — kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() CVE-2026-31685 — kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets CVE-2026-43116 — kernel: netfilter: ctnetlink: ensure safe access to master conntrack CVE-2026-43158 — kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks CVE-2026-43190 — kernel: netfilter: xt_tcpmss: check remaining length before reading optlen CVE-2026-43303 — kernel: mm/page_alloc: clear page->private in free_pages_prepare() CVE-2026-46125 — kernel: wifi: mac80211: remove station if connection prep fails CVE-2026-46227 — kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL CVE-2026-46243 — kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions
🔗 References (23)
- selfhttps://access.redhat.com/errata/RHSA-2026:26515
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2414506
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2414521
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2414523
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2424881
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2424886
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2429104
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2429602
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2432389
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2432400
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2440630
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2451218
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2454810
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2461759
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2467005
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2467064
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2467210
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2468091
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2481486
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482564
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482608
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26515.json