Red Hat Product Errata RHSA-2026:25217 - Security Advisory Issued: 2026-06-11 Updated: 2026-06-11 RHSA-2026:25217 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CVE-2026-23216) kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service (CVE-2026-31419) kernel: net: openvswitch: Avoid releasing netdev before teardown completes (CVE-2026-31508) kernel: ALSA: 6fire: fix use-after-free on disconnect (CVE-2026-31581) kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037) kernel: net: mana: fix use-after-free in add_adev() error path (CVE-2026-43056) kernel: netfilter: ctnetlink: ensure safe access to master conntrack (CVE-2026-43116) kernel: dlm: validate length in dlm_search_rsb_tree (CVE-2026-43125) kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (CVE-2026-43501) kernel: RDMA/rxe: Fix double free in rxe_srq_from_init (CVE-2026-45852) kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (CVE-2026-46181) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.8 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2440630 - CVE-2026-23216 kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() BZ - 2457829 - CVE-2026-31419 kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service BZ - 2460641 - CVE-2026-31508 kernel: net: openvswitch: Avoid releasing netdev before teardown completes BZ - 2461471 - CVE-2026-31581 kernel: ALSA: 6fire: fix use-after-free on disconnect BZ - 2464351 - CVE-2026-43037 kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() BZ - 2464449 - CVE-2026-43056 kernel: net: mana: fix use-after-free in add_adev() error path BZ - 2467005 - CVE-2026-43116 kernel: netfilter: ctnetlink: ensure safe access to master conntrack BZ - 2467234 - CVE-2026-43125 kernel: dlm: validate length in dlm_search_rsb_tree BZ - 2480457 - CVE-2026-43501 kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows BZ - 2482166 - CVE-2026-45852 kernel: RDMA/rxe: Fix double free in rxe_srq_from_init BZ - 2482532 - CVE-2026-46181 kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() CVEs CVE-2026-23216 CVE-2026-31419 CVE-2026-31508 CVE-2026-31581 CVE-2026-43037 CVE-2026-43056 CVE-2026-43116 CVE-2026-43125 CVE-2026-43501 CVE-2026-45852 CVE-2026-46181 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM kernel-5.14.0-687.15.1.el9_8.src.rpm SHA-256: 8ce483bf91ae557e41adb16f277f48d70c42c182085ed2a3a4f41cff36919102 x86_64 kernel-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 47174183b4bc5bd80fe3f412e03536dbe211861e17e51b16160a4848616738ec kernel-abi-stablelists-5.14.0-687.15.1.el9_8.noarch.rpm SHA-256: 91747bc3d0524d249f6a0be9e5ae3ccea9b1b62cce0f18d5e335604593b0978a kernel-core-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 801c482039c62c56c48092632513ace3765ca68681e97232e620e4983b86d844 kernel-debug-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 798e60ed84c92fd2d72fba39a2605a0da6454a5f59fcf8e421aafbba2a7d0a37 kernel-debug-core-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 979edf8f47f1b90cda1beae81b10de9811b3f6fd989ea3965ef059e637bc2795 kernel-debug-debuginfo-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 65e7b0d33ae3f8e2386dbecc48ea8732e074f6bf77be41577df0c6220f4b5326 kernel-debug-debuginfo-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 65e7b0d33ae3f8e2386dbecc48ea8732e074f6bf77be41577df0c6220f4b5326 kernel-debug-debuginfo-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 65e7b0d33ae3f8e2386dbecc48ea8732e074f6bf77be41577df0c6220f4b5326 kernel-debug-debuginfo-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 65e7b0d33ae3f8e2386dbecc48ea8732e074f6bf77be41577df0c6220f4b5326 kernel-debug-devel-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 04e7a15fa52a6e65e203cc00ec569487fc7c6fb6dc99400d82f22a4cf32b8d34 kernel-debug-devel-matched-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 636ff6ba566857e87af6d269186fca0d260095450caab8e11f85a348101de928 kernel-debug-modules-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: c506ec1181e7ca17565580b6f6c990e466efc7df51699c93f4d7d34f5772ded7 kernel-debug-modules-core-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 081feeea3d3da4c863f54c41c259c5ef43227d4b3d5baa8bdd532f360018d792 kernel-debug-modules-extra-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: cf11d81bf4b9bfc30d5ffde2a7f1b7207bcd150983b7cf73cdfebdb5877db51d kernel-debug-uki-virt-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 0abf80bbfef3e6ed303459a21cbd5101ba0c12ec46422b7c45e9f3ca8a885528 kernel-debuginfo-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 2ad168684894372d5e12e32fcfabbdc5375496038416b1e34b7472f7e95b1380 kernel-debuginfo-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 2ad168684894372d5e12e32fcfabbdc5375496038416b1e34b7472f7e95b1380 kernel-debuginfo-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 2ad168684894372d5e12e32fcfabbdc5375496038416b1e34b7472f7e95b1380 kernel-debuginfo-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 2ad168684894372d5e12e32fcfabbdc5375496038416b1e34b7472f7e95b1380 kernel-debuginfo-common-x86_64-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 300e3cd9a313c8a65561281fccc34847e64c62366d9d7fbd68cf0e714726dbf9 kernel-debuginfo-common-x86_64-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 300e3cd9a313c8a65561281fccc34847e64c62366d9d7fbd68cf0e714726dbf9 kernel-debuginfo-common-x86_64-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 300e3cd9a313c8a65561281fccc34847e64c62366d9d7fbd68cf0e714726dbf9 kernel-debuginfo-common-x86_64-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 300e3cd9a313c8a65561281fccc34847e64c62366d9d7fbd68cf0e714726dbf9 kernel-devel-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 1112fce7d7c0f6b51c31f57204daeb3e2d07d9668bc1072fc4048cb2d798bdac kernel-devel-matched-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: bafc8b7a8026a0cf51c3ca1e777cc8d2307fa80b0e1f000c58c93d61c3c754b1 kernel-doc-5.14.0-687.15.1.el9_8.noarch.rpm SHA-256: 33aa8228079af2ee2200ea1559440ddfdbad1bba7fa67259ab6a0f3cbcf806bf kernel-headers-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 363ae85f369c866bed2c4cf08ebd2c6a95935c18b57126eee9f0251e014d6de1 kernel-modules-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 107fe7fb2ce8f81298d87f2e931f55160599493502d1ec493c976f0424f281c4 kernel-modules-core-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: c0dafb01da67d508ee3d546ea55799ed3cad4b86aa16d6aa4312d71c81c45ba2 kernel-modules-extra-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: b26e96188fe6ae567b2d7a425ea541e79f478603038e482906e8a2d3183970fd kernel-rt-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 79e0a0fe8d98281bcc5c485a3f348a9971e906b2780f21eea5f861fe34f1dd62 kernel-rt-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 79e0a0fe8d98281bcc5c485a3f348a9971e906b2780f21eea5f861fe34f1dd62 kernel-rt-core-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 448883bd6ca6e48311fa2361114e8a3444781728ced9c45dcf63e295b6189301 kernel-rt-core-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: 448883bd6ca6e48311fa2361114e8a3444781728ced9c45dcf63e295b6189301 kernel-rt-debug-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: cdb5475116fe711b999962b7d7e720e87ad4970ae0ecd168fa96a2be048d59fd kernel-rt-debug-5.14.0-687.15.1.el9_8.x86_64.rpm SHA-256: cdb5475116fe711b999962b7d7e720e87ad4970ae0ecd168fa96a2be048d59fd kernel-rt-debug-core-5.14.0-687.15.1.