Red Hat Product Errata RHSA-2026:10108 - Security Advisory Issued: 2026-04-23 Updated: 2026-04-23 RHSA-2026:10108 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981) kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800) kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration (CVE-2026-23097) kernel: Linux kernel: Denial of Service via unsafe requeue in rxrpc_recvmsg (CVE-2026-23066) kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check (CVE-2026-23111) kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure (CVE-2026-23144) kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution (CVE-2026-23171) kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CVE-2026-23193) kernel: net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204) kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain() (CVE-2026-23231) kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2404105 - CVE-2025-39981 kernel: Bluetooth: MGMT: Fix possible UAFs BZ - 2429065 - CVE-2025-68800 kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats BZ - 2436802 - CVE-2026-23097 kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration BZ - 2436805 - CVE-2026-23066 kernel: Linux kernel: Denial of Service via unsafe requeue in rxrpc_recvmsg BZ - 2439687 - CVE-2026-23111 kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check BZ - 2439872 - CVE-2026-23144 kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure BZ - 2439886 - CVE-2026-23171 kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution BZ - 2439887 - CVE-2026-23193 kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() BZ - 2439931 - CVE-2026-23204 kernel: net/sched: cls_u32: use skb_header_pointer_careful() BZ - 2444376 - CVE-2026-23231 kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain() BZ - 2454844 - CVE-2026-31402 kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache CVEs CVE-2025-39981 CVE-2025-68800 CVE-2026-23066 CVE-2026-23097 CVE-2026-23111 CVE-2026-23144 CVE-2026-23171 CVE-2026-23193 CVE-2026-23204 CVE-2026-23231 CVE-2026-31402 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM kernel-5.14.0-427.121.1.el9_4.src.rpm SHA-256: d3da4e7d7af83025d79281ba6fb989bbd567c4203b9e27e2b3b5882442b4ec53 x86_64 bpftool-7.3.0-427.121.1.el9_4.x86_64.rpm SHA-256: 3852ed8f3f8856bc861c150b228450a187780ae95a04a4ec3bc38373f70688f4 bpftool-debuginfo-7.3.0-427.121.1.el9_4.x86_64.rpm SHA-256: 4b20b26839496794028c615587af0e8d49327d20795256b8d6ad62f2fc71d92d bpftool-debuginfo-7.3.0-427.121.1.el9_4.x86_64.rpm SHA-256: 4b20b26839496794028c615587af0e8d49327d20795256b8d6ad62f2fc71d92d bpftool-debuginfo-7.3.0-427.121.1.el9_4.x86_64.rpm SHA-256: 4b20b26839496794028c615587af0e8d49327d20795256b8d6ad62f2fc71d92d bpftool-debuginfo-7.3.0-427.121.1.el9_4.x86_64.rpm SHA-256: 4b20b26839496794028c615587af0e8d49327d20795256b8d6ad62f2fc71d92d kernel-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: aa1a27d4ab037a736b6ab70898a12de0afa44d60a0f22589c402b46d6fc9db26 kernel-abi-stablelists-5.14.0-427.121.1.el9_4.noarch.rpm SHA-256: 7b973e9d6156beefa7193db6bd43faeb81a7092486ca1bbd19d9190695521108 kernel-core-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 2da48a9c932e3d4dffc1a5bb7056b994df2028a6324e4a8639e72f244afe32a1 kernel-debug-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: fb96690a9dfc28e274cd9058cc49193ca67c7a35baccc056f5ae8ad25471eb70 kernel-debug-core-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 30ba67a12ae8f36725ff528f3d0c69ae997fbd49636ae1fc942e42a485d911af kernel-debug-debuginfo-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 9a4c82b0bdd192a5220ec8c28fd5641d7392dff2862724a70821347db2165643 kernel-debug-debuginfo-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 9a4c82b0bdd192a5220ec8c28fd5641d7392dff2862724a70821347db2165643 kernel-debug-debuginfo-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 9a4c82b0bdd192a5220ec8c28fd5641d7392dff2862724a70821347db2165643 kernel-debug-debuginfo-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 9a4c82b0bdd192a5220ec8c28fd5641d7392dff2862724a70821347db2165643 kernel-debug-devel-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 1cc12e26b421592f2da63fbbafcd4feb22cffa354dd3f29f078b03754b9d6371 kernel-debug-devel-matched-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 514c96504dda644aa7401c3f48e88b1fa76b146178d60a178bfe90cfe0ad265a kernel-debug-modules-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 785f1a45b32ccda26d91dfa756d524fcad7e1019adcf708d35d2e35f88aa4c04 kernel-debug-modules-core-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 53151e158cc8a405e674ca7450dfc6e7674fe2f152d188c37d06d24e62cd5fe4 kernel-debug-modules-extra-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: f4c01d19c299e269df147f01848e2870162062dafaa935848d9730e140143254 kernel-debug-uki-virt-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 1b28c5559302f70a47b380f2aa5cae296786a46fbeb73e1d9e46efa6ffc18488 kernel-debuginfo-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 2cd6ec8bb61b8ad784b591318e9408874a97505c0e55940143e761c93367df69 kernel-debuginfo-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 2cd6ec8bb61b8ad784b591318e9408874a97505c0e55940143e761c93367df69 kernel-debuginfo-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 2cd6ec8bb61b8ad784b591318e9408874a97505c0e55940143e761c93367df69 kernel-debuginfo-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 2cd6ec8bb61b8ad784b591318e9408874a97505c0e55940143e761c93367df69 kernel-debuginfo-common-x86_64-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: d6ed86cd7545b7b7e23d0ac5fd12a98402316827ed08fe4d5c661ef3ace2922c kernel-debuginfo-common-x86_64-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: d6ed86cd7545b7b7e23d0ac5fd12a98402316827ed08fe4d5c661ef3ace2922c kernel-debuginfo-common-x86_64-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: d6ed86cd7545b7b7e23d0ac5fd12a98402316827ed08fe4d5c661ef3ace2922c kernel-debuginfo-common-x86_64-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: d6ed86cd7545b7b7e23d0ac5fd12a98402316827ed08fe4d5c661ef3ace2922c kernel-devel-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: b2c966f83042387e587eeab0632cc24a34eb561fb26d95aad4c12d9e2f936112 kernel-devel-matched-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 7394e6bcace22ab12823224d1778b9435b75023f139092c8a9ac7840016cd944 kernel-doc-5.14.0-427.121.1.el9_4.noarch.rpm SHA-256: 8ce80dc31ce846a30015044301a4e3b2cdb657ac0160d66358bd31f4f914a08d kernel-headers-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: f7bb2094585bd8fccfaa61c68fb1dec35a625a28467379774ff300245c4f106d kernel-modules-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 57dfc3861a3ea26ae84f8cb634e34f0cfc68b7144bafac085d28568752ed8ad9 kernel-modules-core-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: e6e6186daa79f93dd621139a9216bdcde00173ec83563a0b179933c7e09570f1 kernel-modules-extra-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: bdda216f93ccae3fc99e40a37202ac78af9d6c4eb8df8d2191caf04559f2b089 kernel-rt-5.14.0-427.121.1.el9_4.x86_64.rpm SHA-256: 101a0c4b1db6c09