Red Hat Security Advisory: kernel security update
🔗 CVE IDs covered (11)
📋 Description
CVE-2025-71116 — kernel: libceph: make decode_pool() more resilient against corrupted osdmaps CVE-2026-22984 — kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done() CVE-2026-22990 — kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() CVE-2026-23455 — kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() CVE-2026-31408 — kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold CVE-2026-31669 — kernel: mptcp: fix slab-use-after-free in __inet_lookup_established CVE-2026-43198 — kernel: tcp: fix potential race in tcp_v6_syn_recv_sock() CVE-2026-43329 — kernel: netfilter: flowtable: strictly check for maximum number of actions CVE-2026-45852 — kernel: RDMA/rxe: Fix double free in rxe_srq_from_init CVE-2026-46090 — kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop CVE-2026-46181 — kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2026:35896
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2429602
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2432389
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2432400
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2454810
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2455334
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2461503
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2467228
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2468124
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2481980
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482166
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482532
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35896.json