Red Hat Product Errata RHSA-2026:23224 - Security Advisory Issued: 2026-06-04 Updated: 2026-06-04 RHSA-2026:23224 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653) kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766) kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366) kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild (CVE-2026-23210) kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270) kernel: netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392) kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service (CVE-2026-31419) kernel: usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607) kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685) kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037) kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038) kernel: smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709) kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2390372 - CVE-2025-38653 kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al BZ - 2394648 - CVE-2025-39766 kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit BZ - 2424881 - CVE-2025-68366 kernel: nbd: defer config unlock in nbd_genl_connect BZ - 2439895 - CVE-2026-23210 kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild BZ - 2448745 - CVE-2026-23270 kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation BZ - 2451218 - CVE-2026-23392 kernel: netfilter: nf_tables: release flowtable after rcu grace period on error BZ - 2457829 - CVE-2026-31419 kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service BZ - 2461521 - CVE-2026-31607 kernel: usbip: validate number_of_packets in usbip_pack_ret_submit() BZ - 2461759 - CVE-2026-31685 kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets BZ - 2464351 - CVE-2026-43037 kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() BZ - 2464397 - CVE-2026-43038 kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() BZ - 2464476 - CVE-2026-31709 kernel: smb: client: validate the whole DACL before rewriting it in cifsacl BZ - 2467059 - CVE-2026-43163 kernel: md/bitmap: fix GPF in write_page caused by resize race RHEL-174822 - dpll: restore KAPI compatibility in RHEL 9.6.z CVEs CVE-2025-38653 CVE-2025-39766 CVE-2025-68366 CVE-2026-23210 CVE-2026-23270 CVE-2026-23392 CVE-2026-31419 CVE-2026-31607 CVE-2026-31685 CVE-2026-31709 CVE-2026-43037 CVE-2026-43038 CVE-2026-43163 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM kernel-5.14.0-570.119.1.el9_6.src.rpm SHA-256: e226365dc0adaa38d5684887b91bb53b106cae00b6339a2e1f18d1524778b25b x86_64 kernel-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: b673325eaf5e3895a8d46bc07d09781c673a6823ab1c0bb23fec706ccc3a599f kernel-abi-stablelists-5.14.0-570.119.1.el9_6.noarch.rpm SHA-256: d515d18a2535cccabc8596ff676554c894eb6cd7b31a6bec959d5ac0ad1213c6 kernel-core-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 66716164fa5e325d49ef2afb98840689b3752025b52fceb6f02ebfac5351f227 kernel-debug-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 6b7dbae4b6c611ebe6bc49fa40e44625234ef48095bf430d35e54493a81656ce kernel-debug-core-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 1c0e63b582db58b4f69985e165916af73d3442883229307fe6802e2cda187206 kernel-debug-debuginfo-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 0b8f44eaea8aa5ce65b6650ce13bdd08d8fa6848b115bc437a06cc534e5dc0c0 kernel-debug-debuginfo-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 0b8f44eaea8aa5ce65b6650ce13bdd08d8fa6848b115bc437a06cc534e5dc0c0 kernel-debug-debuginfo-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 0b8f44eaea8aa5ce65b6650ce13bdd08d8fa6848b115bc437a06cc534e5dc0c0 kernel-debug-debuginfo-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 0b8f44eaea8aa5ce65b6650ce13bdd08d8fa6848b115bc437a06cc534e5dc0c0 kernel-debug-devel-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: b741602e09d635b7d671c25f0c0691b5d8f7c353832e37e73850bf2f5c3f3a30 kernel-debug-devel-matched-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 9a934fc82639ac046d5a7e55dec8422aa3ff85259ac980693e440bf604f81031 kernel-debug-modules-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 959d574d6b098f8405abe8ee695305c31769593679ffe52b4fbb2a256673b37b kernel-debug-modules-core-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 0073e58a385c1a53372dcb6d6a0fef94a28c90a60e024c85c84a54d0007c96f2 kernel-debug-modules-extra-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 1849f7f9555f683824f5cef97b2244c858b7d603fa03a336369ace1525c8ce33 kernel-debug-uki-virt-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 77467347132d6445ab37ac8e1eaaed643f7fb089c4c1c346f4797264640fff02 kernel-debuginfo-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 22f91a2587f1961314f0e6652487aefc6652d6a586cd4cd544aa924f33832fa2 kernel-debuginfo-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 22f91a2587f1961314f0e6652487aefc6652d6a586cd4cd544aa924f33832fa2 kernel-debuginfo-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 22f91a2587f1961314f0e6652487aefc6652d6a586cd4cd544aa924f33832fa2 kernel-debuginfo-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 22f91a2587f1961314f0e6652487aefc6652d6a586cd4cd544aa924f33832fa2 kernel-debuginfo-common-x86_64-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 535db38177095688f3e03bd7970c78ea8017c61f8b3835dec573d1e48f841eaf kernel-debuginfo-common-x86_64-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 535db38177095688f3e03bd7970c78ea8017c61f8b3835dec573d1e48f841eaf kernel-debuginfo-common-x86_64-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 535db38177095688f3e03bd7970c78ea8017c61f8b3835dec573d1e48f841eaf kernel-debuginfo-common-x86_64-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 535db38177095688f3e03bd7970c78ea8017c61f8b3835dec573d1e48f841eaf kernel-devel-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 761e7527835150e903c28e201bdf3453c8e399a167de8c884344b2261fe05979 kernel-devel-matched-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: aebcedcee308b388eacfadb6b3b8854ca1d70c8c92a924b15e5d22554aac5a2c kernel-doc-5.14.0-570.119.1.el9_6.noarch.rpm SHA-256: 9da72cfff0003fe0b8b688a7461a3280b61b5293a7d2a3dedf01c91080312bca kernel-headers-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 8eb85256c3dcc1a738ace27f4bc0bf9ea13b8fc36dcfce4cfbb4f7260f0c5951 kernel-modules-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 1146e065e5ae003524d8dd721407728db3be7ee451474a9a926fb2b37246c936 kernel-modules-core-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: f5eb6c846bcc1a3fff83c600dd64997d89c702f842eb6c94086aab2391a3b81c kernel-modules-extra-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 7cd81a9842c6df149866879afc60a407492b2f9b199dc831477d0fc2e65037be kernel-rt-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: fb047c604957e0394a01801bbdca41112b66a2b6e8d9832cc746fcc269c7044f kernel-rt-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: fb047c604957e0394a01801bbdca41112b66a2b6e8d9832cc746fcc269c7044f kernel-rt-core-5.14.0-570.119.1.el9_6.x86_64.rpm SHA-256: 8ce37d