Red Hat Product Errata RHSA-2026:21556 - Security Advisory Issued: 2026-05-28 Updated: 2026-05-28 RHSA-2026:21556 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653) kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183) kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366) kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CVE-2025-68724) kernel: iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089) kernel: netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392) kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455) kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408) kernel: net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684) kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685) kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027) kernel: Bluetooth: MGMT: validate LTK enc_size on load (CVE-2026-43020) kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CVE-2026-43051) kernel: smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709) kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect() (CVE-2026-43023) kernel: wifi: brcmfmac: validate bsscfg indices in IF events (CVE-2026-43110) kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190) kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158) kernel: mm/page_alloc: clear page->private in free_pages_prepare() (CVE-2026-43303) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.8 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2390372 - CVE-2025-38653 kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al BZ - 2422699 - CVE-2025-68183 kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr BZ - 2424881 - CVE-2025-68366 kernel: nbd: defer config unlock in nbd_genl_connect BZ - 2424886 - CVE-2025-68724 kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id BZ - 2429104 - CVE-2025-71089 kernel: iommu: disable SVA when CONFIG_X86 is set BZ - 2451218 - CVE-2026-23392 kernel: netfilter: nf_tables: release flowtable after rcu grace period on error BZ - 2454810 - CVE-2026-23455 kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() BZ - 2455334 - CVE-2026-31408 kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold BZ - 2461757 - CVE-2026-31684 kernel: net: sched: act_csum: validate nested VLAN headers BZ - 2461759 - CVE-2026-31685 kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets BZ - 2464369 - CVE-2026-43027 kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup BZ - 2464455 - CVE-2026-43020 kernel: Bluetooth: MGMT: validate LTK enc_size on load BZ - 2464462 - CVE-2026-43051 kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq BZ - 2464476 - CVE-2026-31709 kernel: smb: client: validate the whole DACL before rewriting it in cifsacl BZ - 2464496 - CVE-2026-43023 kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect() BZ - 2467014 - CVE-2026-43110 kernel: wifi: brcmfmac: validate bsscfg indices in IF events BZ - 2467064 - CVE-2026-43190 kernel: netfilter: xt_tcpmss: check remaining length before reading optlen BZ - 2467210 - CVE-2026-43158 kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks BZ - 2468091 - CVE-2026-43303 kernel: mm/page_alloc: clear page->private in free_pages_prepare() CVEs CVE-2025-38653 CVE-2025-68183 CVE-2025-68366 CVE-2025-68724 CVE-2025-71089 CVE-2026-23392 CVE-2026-23455 CVE-2026-31408 CVE-2026-31684 CVE-2026-31685 CVE-2026-31709 CVE-2026-43020 CVE-2026-43023 CVE-2026-43027 CVE-2026-43051 CVE-2026-43110 CVE-2026-43158 CVE-2026-43190 CVE-2026-43303 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM kernel-5.14.0-687.12.1.el9_8.src.rpm SHA-256: f267770f4dbc8dde065d4544eb49e5f739b63306c0ea30f95182c923c71add6a x86_64 kernel-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 1573e4415cd36e6d56bfe1fe157849abf3a31e59dd281fb1cebc3508ebbf6de4 kernel-abi-stablelists-5.14.0-687.12.1.el9_8.noarch.rpm SHA-256: f4afeafb580bbe7e31de0fdfebc68963b3f78c09b2f30fd8972e70f09e1ac43c kernel-core-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 43575d7f4b9d74000d76fb2ac1315b1d5075169790af80d19912f19d59d3cf81 kernel-debug-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 2330582c89f529fba6a44c4215d8e852921f8114c2659d3491aae33edc5ca489 kernel-debug-core-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: f0962e18892b37f4e4dbe213ffbc9e733ffec4b99119b9242748e9684af3afc9 kernel-debug-debuginfo-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 915057a0746f179e34b8f0bbac43f88617a6b55dea47df3d24e92b62407c7afc kernel-debug-debuginfo-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 915057a0746f179e34b8f0bbac43f88617a6b55dea47df3d24e92b62407c7afc kernel-debug-debuginfo-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 915057a0746f179e34b8f0bbac43f88617a6b55dea47df3d24e92b62407c7afc kernel-debug-debuginfo-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 915057a0746f179e34b8f0bbac43f88617a6b55dea47df3d24e92b62407c7afc kernel-debug-devel-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 7905245be776a9e8049626465c6808905284045aa09a24c1e24aa74101cb545d kernel-debug-devel-matched-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 5db28d75a4fe3cff55cb827ba51954f9228b4bb8965cb193da3e25f40d0c8fe9 kernel-debug-modules-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 7bba6d0ef3e53484e56a3a855511318e4fe2dc0a702aa2b0886b46fd8e518b48 kernel-debug-modules-core-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 6160322fd7edc4b9d5be3679ff8fbea8f911e36c053a676860cf0ff499cfc7d0 kernel-debug-modules-extra-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 156be4ed48b8d3234459d775a622b78018e256cce47ce8ee720e6b28c3b0cd40 kernel-debug-uki-virt-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 4d4f89a4b50efb361afc683fa8e0268fe558807263f0d5ef0c03ad7880e6adcf kernel-debuginfo-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 677e4cc5eb232007c958c2d5b7b29f31f7e092fd2bec04d2d5b3924999274dd2 kernel-debuginfo-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 677e4cc5eb232007c958c2d5b7b29f31f7e092fd2bec04d2d5b3924999274dd2 kernel-debuginfo-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 677e4cc5eb232007c958c2d5b7b29f31f7e092fd2bec04d2d5b3924999274dd2 kernel-debuginfo-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 677e4cc5eb232007c958c2d5b7b29f31f7e092fd2bec04d2d5b3924999274dd2 kernel-debuginfo-common-x86_64-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 6b767c37cb112533e94630d1a4e50d54577b27bc8eff485d78657fe90b9ed6a3 kernel-debuginfo-common-x86_64-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 6b767c37cb112533e94630d1a4e50d54577b27bc8eff485d78657fe90b9ed6a3 kernel-debuginfo-common-x86_64-5.14.0-687.12.1.el9_8.x86_64.rpm SHA-256: 6b767c37cb112533e94630d1a4e50d54577b27bc8eff485d78657fe90b9ed6a3 kernel-debuginfo-commo