Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Linux Kernel Update Fixes Multiple Security Risks
RLSA-2026:21706
Summary
This Linux kernel update fixes multiple security issues that could allow an attacker to crash your system, steal data, or gain unauthorized access. The update is recommended to ensure the security and stability of your Linux system. Update your Linux kernel to the latest version to protect your system.
What to do
- Update kernel to version 0:4.18.0-553.126.1.el8_10.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Rocky Linux:8 | – | kernel |
< 0:4.18.0-553.126.1.el8_10 Fix: upgrade to 0:4.18.0-553.126.1.el8_10
|
Original title
Important: kernel security update
Original description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981)
* kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183)
* kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (CVE-2025-68347)
* kernel: libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)
* kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243)
* kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270)
* kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)
* kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408)
* kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)
* kernel: net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)
* kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)
* kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)
* kernel: Bluetooth: MGMT: validate LTK enc_size on load (CVE-2026-43020)
* kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CVE-2026-43051)
* kernel: smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)
* kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)
* kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)
* kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981)
* kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183)
* kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (CVE-2025-68347)
* kernel: libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)
* kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243)
* kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270)
* kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)
* kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408)
* kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)
* kernel: net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)
* kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)
* kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)
* kernel: Bluetooth: MGMT: validate LTK enc_size on load (CVE-2026-43020)
* kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CVE-2026-43051)
* kernel: smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)
* kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)
* kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)
* kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
osv CVSS3.1
7.8
- https://errata.rockylinux.org/RLSA-2026:21706 Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2404105 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2422699 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2424879 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2429602 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2448594 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2448745 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2454810 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2455334 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2461107 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2461757 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2461759 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2464369 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2464455 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2464462 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2464476 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2467059 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2467064 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2467210 Third Party Advisory
Published: 31 May 2026 · Updated: 31 May 2026 · First seen: 31 May 2026