Red Hat Product Errata RHSA-2026:18134 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:18134 - Security Advisory Overview Updated Packages Synopsis Moderate: kernel security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (CVE-2024-56633) kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (CVE-2025-21839) kernel: block: fix resource leak in blk_register_queue() error path (CVE-2025-37980) kernel: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (CVE-2025-38015) kernel: espintcp: remove encap socket caching to avoid reference leak (CVE-2025-38097) kernel: bpf: fix ktls panic with sockmap (CVE-2025-38166) kernel: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (CVE-2025-38202) kernel: bpf: Do not include stack ptr register in precision backtracking bookkeeping (CVE-2025-38279) kernel: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (CVE-2025-38267) kernel: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (CVE-2025-38275) kernel: ftrace: Fix UAF when lookup kallsym after ftrace disabled (CVE-2025-38346) kernel: ACPICA: fix acpi operand cache leak in dswstate.c (CVE-2025-38345) kernel: nvmet: fix memory leak of bio integrity (CVE-2025-38405) kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (CVE-2025-38441) kernel: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (CVE-2025-38470) kernel: fs: writeback: fix use-after-free in __mark_inode_dirty() (CVE-2025-39866) kernel: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() (CVE-2025-40034) kernel: dm: fix NULL pointer dereference in __dm_suspend() (CVE-2025-40134) kernel: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" (CVE-2025-40210) kernel: Linux kernel MPTCP: Privilege escalation or denial of service via use-after-free in timer handling (CVE-2025-40257) kernel: smb: client: fix potential cfid UAF in smb2_query_info_compound (CVE-2025-40320) kernel: wifi: mac80211_hwsim: fix typo in frequency notification (CVE-2026-23040) kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check (CVE-2026-23111) kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild (CVE-2026-23210) kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Fixes BZ - 2334549 - CVE-2024-56633 kernel: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg BZ - 2350585 - CVE-2025-21839 kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop BZ - 2367614 - CVE-2025-37980 kernel: block: fix resource leak in blk_register_queue() error path BZ - 2373343 - CVE-2025-38015 kernel: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc BZ - 2376060 - CVE-2025-38097 kernel: espintcp: remove encap socket caching to avoid reference leak BZ - 2376065 - CVE-2025-38166 kernel: bpf: fix ktls panic with sockmap BZ - 2376382 - CVE-2025-38202 kernel: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() BZ - 2379178 - CVE-2025-38279 kernel: bpf: Do not include stack ptr register in precision backtracking bookkeeping BZ - 2379187 - CVE-2025-38267 kernel: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun BZ - 2379199 - CVE-2025-38275 kernel: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug BZ - 2379237 - CVE-2025-38346 kernel: ftrace: Fix UAF when lookup kallsym after ftrace disabled BZ - 2379239 - CVE-2025-38345 kernel: ACPICA: fix acpi operand cache leak in dswstate.c BZ - 2383399 - CVE-2025-38405 kernel: nvmet: fix memory leak of bio integrity BZ - 2383478 - CVE-2025-38441 kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() BZ - 2383906 - CVE-2025-38470 kernel: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime BZ - 2396940 - CVE-2025-39866 kernel: fs: writeback: fix use-after-free in __mark_inode_dirty() BZ - 2406782 - CVE-2025-40034 kernel: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() BZ - 2414468 - CVE-2025-40134 kernel: dm: fix NULL pointer dereference in __dm_suspend() BZ - 2416307 - CVE-2025-40210 kernel: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" BZ - 2418880 - CVE-2025-40257 kernel: Linux kernel MPTCP: Privilege escalation or denial of service via use-after-free in timer handling BZ - 2419945 - CVE-2025-40320 kernel: smb: client: fix potential cfid UAF in smb2_query_info_compound BZ - 2436806 - CVE-2026-23040 kernel: wifi: mac80211_hwsim: fix typo in frequency notification BZ - 2439687 - CVE-2026-23111 kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check BZ - 2439895 - CVE-2026-23210 kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild BZ - 2448594 - CVE-2026-23243 kernel: Linux kernel: Denial of service and memory corruption in RDMA umad RHEL-108683 - [cifs] remove fallback unlink/rename when overwriting a file by renaming RHEL-120364 - PCI dependencies for 10.2 DRM dependencies backport RHEL-107274 - C10s: add systemd-repart into dracut-virt.conf RHEL-116076 - SCSI updates for 10.2 RHEL-42486 - Network is unavailable after migration on s390x [rhel-10] RHEL-126233 - mdadm fails with "Unable to initialize sysfs" RHEL-114532 - RHEL 10.2 DRM backport to 6.16 (dependencies backport) RHEL-114533 - RHEL 10.2 DRM backport to 6.16 (main backport) RHEL-118599 - [RHEL-10.2] [octeon_ep]not support multiqueue RHEL-116876 - RHEL 10.2 DRM backport to 6.17 (dependencies backport) RHEL-116879 - RHEL 10.2 DRM backport to 6.17 (main backport) RHEL-105431 - RHEL 10.2 Update ahci driver to latest upstream RHEL-101339 - [Broadcom RHEL10.2 FEAT] megaraid_sas driver update RHEL-101343 - [Broadcom RHEL10.2 FEAT] mpt3sas driver update RHEL-107916 - smartpqi - RHEL10.2 update RHEL-135143 - [RHEL10.2] Guest kernel crashes due to memory error injection RHEL-106452 - IPU6 MIPI Camera Support (Lenovo X1 Carbon G12) RHEL-134732 - kernel: netdev UNREGISTER notifications can lead to a needless RTNL lock RHEL-145936 - Add NVIDIA Jetpack and BF DPU keys to RHEL 10 kernel CVEs CVE-2024-56633 CVE-2025-21839 CVE-2025-37980 CVE-2025-38015 CVE-2025-38097 CVE-2025-38166 CVE-2025-38202 CVE-2025-38267 CVE-2025-38275 CVE-2025-38279 CVE-2025-38345 CVE-2025-38346 CVE-2025-38405 CVE-2025-38441 CVE-2025-38470 CVE-2025-39866 CVE-2025-40034 CVE-2025-40134 CVE-2025-40210 CVE-2025-40257 CVE-2025-40320 CVE-2026-23040 CVE-2026-23111 CVE-2026-23210 CVE-2026-23243 References https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM kernel-6.12.0-211.7.1.el10_2.src.rpm SHA-256: ce1b4f2f2746548bf2eb2d867ee245a4e37981dbf43289a43f2ebd44921aa9d5 x86_64 kernel-6.12.0-211.7.1.el10_2.x86_64.rpm SHA-256: 0bf037009e0e91d32875e3cc91f5dbb1918d17d1b401634f6f0f21492edf387e kernel-abi-stablelists-6.12.0-211.7.1.el10_2.noarch.rpm SHA-256: 94c09fc381a41dd863c9dcd91ed511d1f881a4dc271d00ca97ffeb1e210f180e kernel-core-6.12.0-211.7.1.el10_2.x86_64.rpm SHA-256: c459a36a87e37bf9fb22ab51c3967e17303b97182f22f0859e5b53be63c53394 kernel-debug-6.12.0-211.7.1.el10_2.x86_64.rpm SHA-256: 9db4a85b6104ea95515a25599ef9d4b0dfb738e3a5c3f6eabbd5377643e0fc9f kernel-debug-core-6.12.0-211.7.1.el10_2.x86_64.rpm SHA-256: cce87dc54c23481972f60e1be565ac8e37c147fecd042dc3e461f228a8b59f97 kernel-debug-debuginfo-6.12.0-211.7.1.el10_2.x86_64.rpm SHA-256: 1846c13619a068c46c33da0b1c39a01e0f10a6e575ac6796374172da93b1a0de kernel-debug-debuginfo-6.12.0-211.7.1.el10_2.x86_64.rpm SHA-256: 1846c13619a068c46c33da0b1c39a01e0f10a6e575ac6796374172da93b1a0de kernel-debug-debuginfo-6.12.0-211.7.1.el10_2.x86_64.rpm SHA-256: 1846c13619a068c46c33da0b1c39a01e0f10a6e575ac6796374172da93b1a0de kernel-debug-debuginfo-6.12.0-211.7.1.el10_2.x86_64.rpm SHA-256: 1846c13619a068c46c33da0b1c39a01e0f10a6e575ac6796374172da93b1a0de kernel-debug-devel-6.12.0-211.7.1.el10_2.x86_64.rpm SHA-256: 701d620fe15524511371dbbeae33aefe2c6494339f4bf3c3bbda44f2db7c4afd kernel-debug-devel-mat