Red Hat Product Errata RHSA-2026:9512 - Security Advisory Issued: 2026-04-22 Updated: 2026-04-22 RHSA-2026:9512 - Security Advisory Overview Updated Packages Synopsis Moderate: kernel-rt security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init (CVE-2025-38248) kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981) kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800) kernel: Linux kernel: Denial of Service via unsafe requeue in rxrpc_recvmsg (CVE-2026-23066) kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure (CVE-2026-23144) kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution (CVE-2026-23171) kernel: macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209) kernel: net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204) kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain() (CVE-2026-23231) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Fixes BZ - 2378981 - CVE-2025-38248 kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init BZ - 2404105 - CVE-2025-39981 kernel: Bluetooth: MGMT: Fix possible UAFs BZ - 2429065 - CVE-2025-68800 kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats BZ - 2436805 - CVE-2026-23066 kernel: Linux kernel: Denial of Service via unsafe requeue in rxrpc_recvmsg BZ - 2439872 - CVE-2026-23144 kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure BZ - 2439886 - CVE-2026-23171 kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution BZ - 2439900 - CVE-2026-23209 kernel: macvlan: fix error recovery in macvlan_common_newlink() BZ - 2439931 - CVE-2026-23204 kernel: net/sched: cls_u32: use skb_header_pointer_careful() BZ - 2444376 - CVE-2026-23231 kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain() CVEs CVE-2025-38248 CVE-2025-39981 CVE-2025-68800 CVE-2026-23066 CVE-2026-23144 CVE-2026-23171 CVE-2026-23204 CVE-2026-23209 CVE-2026-23231 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM kernel-rt-5.14.0-284.166.1.rt14.451.el9_2.src.rpm SHA-256: 6dab301f7119a63486e03e54a96bfebffeae307152c77b206f27e97df8b61965 x86_64 kernel-rt-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 96872effac866051325f72249301b6923305176092d16ff2573b26f847731d6b kernel-rt-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 96872effac866051325f72249301b6923305176092d16ff2573b26f847731d6b kernel-rt-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: e9e1010842788450bbd56c323e874e1bd5a76e98d919a42a777889f1342f5981 kernel-rt-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: e9e1010842788450bbd56c323e874e1bd5a76e98d919a42a777889f1342f5981 kernel-rt-debug-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: beae6aac4800374eb2a0e9ded0931505ee3ea16009a64d52efe5d738fbb4573e kernel-rt-debug-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: beae6aac4800374eb2a0e9ded0931505ee3ea16009a64d52efe5d738fbb4573e kernel-rt-debug-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 17de3e1966c0a51da722934dc02a7f5e24aa0c39a5a0b31d36b6c213e40f0cbd kernel-rt-debug-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 17de3e1966c0a51da722934dc02a7f5e24aa0c39a5a0b31d36b6c213e40f0cbd kernel-rt-debug-debuginfo-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: b56374dc62e842022dd9a4289df1cd0e1e06292176aa7fe2df29c9b6ba98dbdc kernel-rt-debug-debuginfo-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: b56374dc62e842022dd9a4289df1cd0e1e06292176aa7fe2df29c9b6ba98dbdc kernel-rt-debug-devel-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: cf4419be3aca57ebde51a657f3c03ae17cb103dfe7c2a1550c62a7fe96b812e1 kernel-rt-debug-devel-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: cf4419be3aca57ebde51a657f3c03ae17cb103dfe7c2a1550c62a7fe96b812e1 kernel-rt-debug-kvm-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: fd0cf1062ad22c63a2dc6edbb1d9a5203382f84b2e153dfc054fb122a07903b4 kernel-rt-debug-modules-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 4637fe20a2c3a7974cc572673641b0ba63f052db826bc0f2d7e5f3f53d5bf8e4 kernel-rt-debug-modules-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 4637fe20a2c3a7974cc572673641b0ba63f052db826bc0f2d7e5f3f53d5bf8e4 kernel-rt-debug-modules-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: b4695518b1d42e3c99e56635ada48656b38d253c80e27a8efa0c6d6d5fb7e510 kernel-rt-debug-modules-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: b4695518b1d42e3c99e56635ada48656b38d253c80e27a8efa0c6d6d5fb7e510 kernel-rt-debug-modules-extra-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 22e9a0a25ffb66635660ce44dff1c1881e0fabb06cd1153e58c098aa91d189c4 kernel-rt-debug-modules-extra-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 22e9a0a25ffb66635660ce44dff1c1881e0fabb06cd1153e58c098aa91d189c4 kernel-rt-debuginfo-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: e8c87d17d37585eab6c204f7b9e7c7d19ad216962d5ea39e7e73b398c05789b8 kernel-rt-debuginfo-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: e8c87d17d37585eab6c204f7b9e7c7d19ad216962d5ea39e7e73b398c05789b8 kernel-rt-debuginfo-common-x86_64-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: d1d05e051da9a2f5210cdd093084c3ca79536a7145f783e2a7d700a2ba90b9b0 kernel-rt-debuginfo-common-x86_64-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: d1d05e051da9a2f5210cdd093084c3ca79536a7145f783e2a7d700a2ba90b9b0 kernel-rt-devel-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 910fa700fea6113d720b2b0a7165a97bfdb8c49444d140d4c9faa8d6416bc34f kernel-rt-devel-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 910fa700fea6113d720b2b0a7165a97bfdb8c49444d140d4c9faa8d6416bc34f kernel-rt-kvm-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 0693a95038e764934f341ad1847c16f8d843361d2f87cbd152526c5e78d56cc8 kernel-rt-modules-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 5ca8eb8be65faafc110a1aa6b39b207c671ebea5e4c18ddd000d9bf47d548f98 kernel-rt-modules-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 5ca8eb8be65faafc110a1aa6b39b207c671ebea5e4c18ddd000d9bf47d548f98 kernel-rt-modules-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 0cd7b130aedb1c4a8023331187cd3dfab6dc71f5214e7a4a693232f3799525a4 kernel-rt-modules-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 0cd7b130aedb1c4a8023331187cd3dfab6dc71f5214e7a4a693232f3799525a4 kernel-rt-modules-extra-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 1ddeb77d0acfadb91b1a837707b99d1a9337adead0e382dc2161858fd12ac122 kernel-rt-modules-extra-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 1ddeb77d0acfadb91b1a837707b99d1a9337adead0e382dc2161858fd12ac122 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM kernel-rt-5.14.0-284.166.1.rt14.451.el9_2.src.rpm SHA-256: 6dab301f7119a63486e03e54a96bfebffeae307152c77b206f27e97df8b61965 x86_64 kernel-rt-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 96872effac866051325f72249301b6923305176092d16ff2573b26f847731d6b kernel-rt-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 96872effac866051325f72249301b6923305176092d16ff2573b26f847731d6b kernel-rt-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: e9e1010842788450bbd56c323e874e1bd5a76e98d919a42a777889f1342f5981 kernel-rt-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: e9e1010842788450bbd56c323e874e1bd5a76e98d919a42a777889f1342f5981 kernel-rt-debug-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: beae6aac4800374eb2a0e9ded0931505ee3ea16009a64d52efe5d738fbb4573e kernel-rt-debug-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: beae6aac4800374eb2a0e9ded0931505ee3ea16009a64d52efe5d738fbb4573e kernel-rt-debug-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 17de3e1966c0a51da722934dc02a7f5e24aa0c39a5a0b31d36b6c213e40f0cbd kernel-rt-debug-core-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: 17de3e1966c0a51da722934dc02a7f5e24aa0c39a5a0b31d36b6c213e40f0cbd kernel-rt-debug-debuginfo-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: b56374dc62e842022dd9a4289df1cd0e1e06292176aa7fe2df29c9b6ba98dbdc kernel-rt-debug-debuginfo-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: b56374dc62e842022dd9a4289df1cd0e1e06292176aa7fe2df29c9b6ba98dbdc kernel-rt-debug-devel-5.14.0-284.166.1.rt14.451.el9_2.x86_64.rpm SHA-256: cf4419be3aca57ebde51a657f3c03ae17cb103dfe7c2a1550c62a7fe96b81