Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Linux kernel security update fixes multiple issues
RLSA-2026:21745
Summary
This update addresses 14 security vulnerabilities in the Linux kernel, which could allow attackers to crash systems, steal sensitive information, or gain unauthorized access. Affected systems should be updated as soon as possible to prevent potential attacks. If you are running a Linux system with the kernel-rt package, you should apply this update to ensure the security of your system.
What to do
- Update kernel-rt to version 0:4.18.0-553.126.1.rt7.467.el8_10.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Rocky Linux:8 | – | kernel-rt |
< 0:4.18.0-553.126.1.rt7.467.el8_10 Fix: upgrade to 0:4.18.0-553.126.1.rt7.467.el8_10
|
Original title
Important: kernel-rt security update
Original description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981)
* kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183)
* kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (CVE-2025-68347)
* kernel: libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)
* kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243)
* kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270)
* kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)
* kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408)
* kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)
* kernel: net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)
* kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)
* kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)
* kernel: Bluetooth: MGMT: validate LTK enc_size on load (CVE-2026-43020)
* kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CVE-2026-43051)
* kernel: smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)
* kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)
* kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)
* kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981)
* kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183)
* kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (CVE-2025-68347)
* kernel: libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)
* kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243)
* kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270)
* kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)
* kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408)
* kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)
* kernel: net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)
* kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)
* kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)
* kernel: Bluetooth: MGMT: validate LTK enc_size on load (CVE-2026-43020)
* kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CVE-2026-43051)
* kernel: smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)
* kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)
* kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)
* kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
osv CVSS3.1
7.8
- https://errata.rockylinux.org/RLSA-2026:21745 Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2404105 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2422699 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2424879 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2429602 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2448594 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2448745 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2454810 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2455334 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2461107 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2461757 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2461759 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2464369 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2464455 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2464462 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2464476 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2467059 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2467064 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2467210 Third Party Advisory
Published: 31 May 2026 · Updated: 31 May 2026 · First seen: 31 May 2026