Red Hat Security Advisory: kernel security, bug fix, and enhancement update
🔗 CVE IDs covered (17)
📋 Description
CVE-2026-31474 — kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() CVE-2026-31669 — kernel: mptcp: fix slab-use-after-free in __inet_lookup_established CVE-2026-31772 — kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync CVE-2026-31787 — kernel: xen/privcmd: fix double free via VMA splitting CVE-2026-43260 — kernel: bnxt_en: Fix RSS context delete logic CVE-2026-43279 — kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing CVE-2026-43414 — kernel: scsi: qla2xxx: Completely fix fcport double free CVE-2026-45984 — kernel: gfs2: Fix use-after-free in iomap inline data write path CVE-2026-46056 — kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers CVE-2026-46117 — kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() CVE-2026-46125 — kernel: wifi: mac80211: remove station if connection prep fails CVE-2026-46135 — kernel: nvmet-tcp: fix race between ICReq handling and queue teardown CVE-2026-46145 — kernel: RDMA/mana: Validate rx_hash_key_len CVE-2026-46152 — kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result CVE-2026-46166 — kernel: wifi: mac80211: use safe list iteration in radar detect work CVE-2026-46173 — kernel: exit: prevent preemption of oopsing TASK_DEAD task CVE-2026-46331 — kernel: net/sched: act_pedit: extend the writable skb range per key
🔗 References (20)
- selfhttps://access.redhat.com/errata/RHSA-2026:27789
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2460646
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2461503
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464092
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464502
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2467083
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2467215
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2468155
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2479492
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2481922
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482181
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482563
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482576
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482581
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482608
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482634
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482645
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482654
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27789.json