{"id":"RLSA-2026:25121","summary":"Critical: kernel security update","details":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: geneve: Fix use-after-free in geneve_find_dev(). (CVE-2025-21858)\n\n* kernel: smc: Fix use-after-free in tcp_write_timer_handler() (CVE-2023-53781)\n\n* kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)\n\n* kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984)\n\n* kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990)\n\n* kernel: netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)\n\n* kernel: ALSA: 6fire: fix use-after-free on disconnect (CVE-2026-31581)\n\n* kernel: smb: client: fix OOB reads parsing symlink error response (CVE-2026-31613)\n\n* kernel: ip6_tunnel: clear skb2-\u003ecb[] in ip4ip6_err() (CVE-2026-43037)\n\n* kernel: ipv6: icmp: clear skb2-\u003ecb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038)\n\n* kernel: dlm: validate length in dlm_search_rsb_tree (CVE-2026-43125)\n\n* kernel: RDMA/rxe: Fix double free in rxe_srq_from_init (CVE-2026-45852)\n\n* kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (CVE-2026-46181)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-06-12T18:25:53.693366484Z","published":"2026-06-12T18:00:42.192023Z","upstream":["CVE-2023-53781","CVE-2025-21858","CVE-2025-68366","CVE-2026-22984","CVE-2026-22990","CVE-2026-23392","CVE-2026-31581","CVE-2026-31613","CVE-2026-43037","CVE-2026-43038","CVE-2026-43125","CVE-2026-45852","CVE-2026-46181"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25121"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351619"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420279"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424881"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432389"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432400"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451218"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461471"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461480"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464351"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464397"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467234"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482166"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482532"}],"affected":[{"package":{"name":"kernel","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/kernel?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.18.0-553.132.1.el8_10"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2026:25121.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}