{"id":"RLSA-2026:27288","summary":"Important: kernel security, bug fix, and enhancement update","details":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (CVE-2026-31474)\n\n* kernel: mptcp: fix slab-use-after-free in __inet_lookup_established (CVE-2026-31669)\n\n* kernel: rxrpc: Fix RxGK token loading to check bounds (CVE-2026-31641)\n\n* kernel: xen/privcmd: fix double free via VMA splitting (CVE-2026-31787)\n\n* kernel: Buffer overflow in drivers/xen/sys-hypervisor.c (CVE-2026-31786)\n\n* kernel: net: mana: fix use-after-free in add_adev() error path (CVE-2026-43056)\n\n* kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync (CVE-2026-31772)\n\n* kernel: bnxt_en: Fix RSS context delete logic (CVE-2026-43260)\n\n* kernel: crypto: caam - fix overflow on long hmac keys (CVE-2026-43330)\n\n* kernel: net/sched: act_pedit: extend the writable skb range per key (CVE-2026-46331)\n\n* kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (CVE-2026-46056)\n\n* kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result (CVE-2026-46152)\n\n* kernel: wifi: mac80211: remove station if connection prep fails (CVE-2026-46125)\n\n* kernel: exit: prevent preemption of oopsing TASK_DEAD task (CVE-2026-46173)\n\n* kernel: wifi: mac80211: use safe list iteration in radar detect work (CVE-2026-46166)\n\nBug Fix(es) and Enhancement(s):\n\n* Rocky Linux10.0 - s390/ap: Expose ap_bindings_complete_count counter via sysfs [rhel-10.2.z] (JIRA:Rocky Linux-166047)\n\n* Rocky Linux9.5 crash due to lpfc NULL ndlp-\u003evport [rhel-10.2.z] (JIRA:Rocky Linux-171774)\n\n* objtool static_call check blocks build of out-of-tree livepatch modules on Rocky Linux 10.2 GA kernels ? missing upstream revert f495054bd12e (JIRA:Rocky Linux-178495)\n\n* ibmveth Adapter Freeze with Small MSS [rhel-10.2.z] (JIRA:Rocky Linux-179723)\n\n* rbd: eliminate a race in lock_dwork draining on unmap [rhel-10.2.z] (JIRA:Rocky Linux-183127)\n\n* Rocky Linux10.0 - s390/mm: Add missing secure storage access fixups [rhel-10.2.z] (JIRA:Rocky Linux-183319)\n\n* [Rocky Linux10.2.z] Enable Pretimeout Watchdog Panic Functionality on x86 (JIRA:Rocky Linux-182299)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-06-22T12:30:18.917382321Z","published":"2026-06-22T12:04:59.950683Z","upstream":["CVE-2026-31474","CVE-2026-31641","CVE-2026-31669","CVE-2026-31772","CVE-2026-31786","CVE-2026-31787","CVE-2026-43056","CVE-2026-43260","CVE-2026-43330","CVE-2026-46056","CVE-2026-46125","CVE-2026-46152","CVE-2026-46166","CVE-2026-46173","CVE-2026-46331"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:27288"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467083"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482634"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460646"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479492"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464096"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461548"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464502"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464449"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482645"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461503"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468061"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482181"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482563"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482608"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464092"}],"affected":[{"package":{"name":"kernel","ecosystem":"Rocky Linux:10","purl":"pkg:rpm/rocky-linux/kernel?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.12.0-211.26.1.el10_2"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2026:27288.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}