Red Hat Product Errata RHSA-2026:9644 - Security Advisory Issued: 2026-04-22 Updated: 2026-04-22 RHSA-2026:9644 - Security Advisory Overview Updated Packages Synopsis Moderate: kernel security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init (CVE-2025-38248) kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981) kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800) kernel: Linux kernel: Denial of Service via unsafe requeue in rxrpc_recvmsg (CVE-2026-23066) kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure (CVE-2026-23144) kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution (CVE-2026-23171) kernel: macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209) kernel: net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204) kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain() (CVE-2026-23231) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2378981 - CVE-2025-38248 kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init BZ - 2404105 - CVE-2025-39981 kernel: Bluetooth: MGMT: Fix possible UAFs BZ - 2429065 - CVE-2025-68800 kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats BZ - 2436805 - CVE-2026-23066 kernel: Linux kernel: Denial of Service via unsafe requeue in rxrpc_recvmsg BZ - 2439872 - CVE-2026-23144 kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure BZ - 2439886 - CVE-2026-23171 kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution BZ - 2439900 - CVE-2026-23209 kernel: macvlan: fix error recovery in macvlan_common_newlink() BZ - 2439931 - CVE-2026-23204 kernel: net/sched: cls_u32: use skb_header_pointer_careful() BZ - 2444376 - CVE-2026-23231 kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain() CVEs CVE-2025-38248 CVE-2025-39981 CVE-2025-68800 CVE-2026-23066 CVE-2026-23144 CVE-2026-23171 CVE-2026-23204 CVE-2026-23209 CVE-2026-23231 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM kernel-5.14.0-284.166.1.el9_2.src.rpm SHA-256: abd8a84a0ff17726b19b31c4637aca99ecd87a1ceeaaf92e193513a55d43f905 x86_64 bpftool-7.0.0-284.166.1.el9_2.x86_64.rpm SHA-256: 1ef4d20756937a6ae94cebb524c5884a6d8827d2b47e628797ce37255d710ebd bpftool-debuginfo-7.0.0-284.166.1.el9_2.x86_64.rpm SHA-256: f5a7f9ce7aede9bfa22720d0da5a7a37a84d3c52eb31fecc18972dd1db5e4849 bpftool-debuginfo-7.0.0-284.166.1.el9_2.x86_64.rpm SHA-256: f5a7f9ce7aede9bfa22720d0da5a7a37a84d3c52eb31fecc18972dd1db5e4849 kernel-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: a03e102e90ea74f422b7bb1a19d6a9b48a322be4bf2dfa0afb8d60bcac0bd894 kernel-abi-stablelists-5.14.0-284.166.1.el9_2.noarch.rpm SHA-256: fde84f8d9d2dfd4eae3746de4b8cdf022e8b09e7976659922b643c4331baaf68 kernel-core-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 3d145b50417bdd7e5aec0976bb69611ee9eeb3d617615fb1e422dab021101cff kernel-debug-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 7a183bfc14a74d4c88edd131e3ffd441f208ebd92c88f0167a2faa1ab89be81d kernel-debug-core-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 22b2025e0abce261e5be759048b177ef9907cccc960a9ad9cde7eeccf10584af kernel-debug-debuginfo-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: de3134d7797cb7ed7a6777a4eba19ecf782f7203dfd356fa83b95d24d70835cc kernel-debug-debuginfo-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: de3134d7797cb7ed7a6777a4eba19ecf782f7203dfd356fa83b95d24d70835cc kernel-debug-devel-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 4eba4213128b9e3169aed0f760584c6e696956a1aa30f98d8e7daf4745203d6b kernel-debug-devel-matched-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 46ce33f6688e7e91554b18cb80869d46a9f43132e270ac81929a1fb4b0358484 kernel-debug-modules-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 408db777fe8152de8f9afaa470d40f0d719400b06cba593810282f28c727e5e7 kernel-debug-modules-core-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: ce3474293b3222f14db279a89dda16699f483ff5811cf7ec869b6014f32a832a kernel-debug-modules-extra-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: ac288d7446bd93c2e57ce7a9fea229ae997b5a7186f50d3c8eabce5e2d33c611 kernel-debug-uki-virt-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 6209a540da741783b460367c62e6ae61aaa7a836908d5b1367f5a0a63074a790 kernel-debuginfo-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 8070f8db120fa02daeed605c0cb1e95c6cdd4a2d7d39fb7e5e9154fa94033c0b kernel-debuginfo-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 8070f8db120fa02daeed605c0cb1e95c6cdd4a2d7d39fb7e5e9154fa94033c0b kernel-debuginfo-common-x86_64-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 4b62feec44c96ce00b03cb54ddd68eb09a8bf91cc0d5f4e0afe8ed526e50eb5c kernel-debuginfo-common-x86_64-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 4b62feec44c96ce00b03cb54ddd68eb09a8bf91cc0d5f4e0afe8ed526e50eb5c kernel-devel-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: c1af0549e2fcf89bc5d49c545eb90f1d38d74a044d757bf59cd421c3580ba5de kernel-devel-matched-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: c74e0333ff05bf1bceacd0da3e4fa959aa28916bf9ab30c9f87f1895049be392 kernel-doc-5.14.0-284.166.1.el9_2.noarch.rpm SHA-256: bb09b76d13ab91dc019b5d5281a57af4f0c0c81fcbe28cfea5c1c904445a0fff kernel-headers-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: da51879e8525c23d13bef0aed217befeb267dd12c6a4886f37cd01a7afcc8755 kernel-modules-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 4d23210cdb3c6d6753f0ce4faa75e24b2ebc57e36d407efb99480d2c024694d9 kernel-modules-core-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 75157edb53b61d9b7b11b87bcfe9cfd62fd1ad7eb4d86c7da2954ece5da49403 kernel-modules-extra-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 7b38947a2a13a340cf09837c3e975c4b018f301bcc11ae32b7662754adcdf4c3 kernel-tools-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 5ec0773704ad18a7a2242da7b812c8a6709cca4bab2a48b52bae5bbcc9151b7f kernel-tools-debuginfo-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 4b7da5a3d617ebb64b47e12872852f9a73f0ce2f79b0e7a9ef62acae770c1862 kernel-tools-debuginfo-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 4b7da5a3d617ebb64b47e12872852f9a73f0ce2f79b0e7a9ef62acae770c1862 kernel-tools-libs-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 76907fb294f18729b7b181cd044b0bba4c05b59cc4317ad3380b2c86d14d7762 kernel-uki-virt-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: ab346c81d95f76a5c0cc2b13cc25c2d3cd11a62bcbc4ed893bfd44a51b2f0e8e perf-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: c450d2019764cb1df6bf3f9fac5ed6beb4743b6736958ba96256a0d9239d7e11 perf-debuginfo-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 90f8ae0586933798d6a6502dd0c5de00be8738236ab24ee3ce59371ade1ae008 perf-debuginfo-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 90f8ae0586933798d6a6502dd0c5de00be8738236ab24ee3ce59371ade1ae008 python3-perf-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: dc410c18ab4bf66d3929dba31a9642ffcf6c6efaa4e2203bbe38453130ed8c50 python3-perf-debuginfo-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 971c3e89da07af67ed2815a4dc1ad43dd68f6dea17e73e748afc4f531f300715 python3-perf-debuginfo-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 971c3e89da07af67ed2815a4dc1ad43dd68f6dea17e73e748afc4f531f300715 rtla-5.14.0-284.166.1.el9_2.x86_64.rpm SHA-256: 6cc207472fcf198435e92b2b001995bb368009425a56ca2f6c14f894fba05a8d Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM kernel-5.14.0-284.166.1.el9_2.src.rpm SHA-256: abd8a84a0ff17726b19b31c4637aca99ecd87a1ceeaaf92e193513a55d43f905 ppc64le bpftool-7.0.0-284.166.1.el9_2.ppc64le.rpm SHA-256: 19a4be1dbfb1d21f2907d6d85bab01e4cc8f7edf19fe80ecafc507a45bc97e8c bpftool-debuginfo-7.0.0-284.166.1.el9_2.ppc64le.rpm SHA-256: a9151159602304b9754a0f4868b25c1af6f6083ce73b8530ff85f34eb9e3d3b4 bpftool-debuginfo-7.0.0-284.166.1.el9_2.ppc64le.rpm SHA-256: a9151159602304b9754a0f4868b25c1af6f6083ce73b8530ff85f34eb9e3d3b4 kernel-5.14.0-284.166.1.el9_2.ppc64le.rpm SHA-256: eb94adbabe87c8567ac589ee3b2dc02448a9f70af09d0628e9c822d064fdf241 kernel-abi-stablelists-5.14.0-284.166.1.el9_2.noarch.rpm SHA-256: fde84f8d9d2dfd4eae3746de4b8cdf