Red Hat Product Errata RHSA-2026:21209 - Security Advisory Issued: 2026-05-27 Updated: 2026-05-27 RHSA-2026:21209 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: proc: fix UAF in proc_get_inode() (CVE-2025-21999) kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653) kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766) kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366) kernel: scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741) kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243) kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270) kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service (CVE-2026-31419) kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2357134 - CVE-2025-21999 kernel: proc: fix UAF in proc_get_inode() BZ - 2390372 - CVE-2025-38653 kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al BZ - 2394648 - CVE-2025-39766 kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit BZ - 2424881 - CVE-2025-68366 kernel: nbd: defer config unlock in nbd_genl_connect BZ - 2425046 - CVE-2025-68741 kernel: scsi: qla2xxx: Fix improper freeing of purex item BZ - 2448594 - CVE-2026-23243 kernel: Linux kernel: Denial of service and memory corruption in RDMA umad BZ - 2448745 - CVE-2026-23270 kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation BZ - 2457829 - CVE-2026-31419 kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service BZ - 2467059 - CVE-2026-43163 kernel: md/bitmap: fix GPF in write_page caused by resize race CVEs CVE-2025-21999 CVE-2025-38653 CVE-2025-39766 CVE-2025-68366 CVE-2025-68741 CVE-2026-23243 CVE-2026-23270 CVE-2026-31419 CVE-2026-43163 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM kernel-5.14.0-427.127.1.el9_4.src.rpm SHA-256: 124db34ccc7dd08ee1f95e49d9fd30fd57133761b8bdf2cadb208470836bcfad x86_64 bpftool-7.3.0-427.127.1.el9_4.x86_64.rpm SHA-256: 6614a45b461887a0abd51f98abb11a420256f7212c951a0550813afc73783bb8 bpftool-debuginfo-7.3.0-427.127.1.el9_4.x86_64.rpm SHA-256: dd3fad84e101f0181a696ad8dc6479588b23e0052b47053fa257214bad4f24e9 bpftool-debuginfo-7.3.0-427.127.1.el9_4.x86_64.rpm SHA-256: dd3fad84e101f0181a696ad8dc6479588b23e0052b47053fa257214bad4f24e9 bpftool-debuginfo-7.3.0-427.127.1.el9_4.x86_64.rpm SHA-256: dd3fad84e101f0181a696ad8dc6479588b23e0052b47053fa257214bad4f24e9 bpftool-debuginfo-7.3.0-427.127.1.el9_4.x86_64.rpm SHA-256: dd3fad84e101f0181a696ad8dc6479588b23e0052b47053fa257214bad4f24e9 kernel-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 9b82f11d97003fe0c1fa2fb59014a86f559736c6991d5a8d1e0e9d608a15910c kernel-abi-stablelists-5.14.0-427.127.1.el9_4.noarch.rpm SHA-256: 9dfaf4ed660fdd9494ee504b2336990380cac2d83a6794690ad47efb1b288af1 kernel-core-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: deb20449e54a6472b7dd6b9c92b5f82369c1625121a0682053ff8fa855a4e8e9 kernel-debug-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: d143b5d7783019cf3dfc1a42091acb3b1bf12cd804ed3a17e33f43c398de77b4 kernel-debug-core-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 93508c81fb9d89c73de9479ee892cc42977a46102d283499cd44abc3efcc821c kernel-debug-debuginfo-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 630ecb4e8858fa099e4de1adee970be35edba5ff987489d4bec8701100fe7ae0 kernel-debug-debuginfo-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 630ecb4e8858fa099e4de1adee970be35edba5ff987489d4bec8701100fe7ae0 kernel-debug-debuginfo-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 630ecb4e8858fa099e4de1adee970be35edba5ff987489d4bec8701100fe7ae0 kernel-debug-debuginfo-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 630ecb4e8858fa099e4de1adee970be35edba5ff987489d4bec8701100fe7ae0 kernel-debug-devel-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 1352bca0a27294816e332d38c8e03e3fa5ba2778b89f348465fd85eb2aa48050 kernel-debug-devel-matched-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 0bca0cde0779e86aed3c7f7163a65f22ba7448d39b7f8cb9fe56770bd898a5c5 kernel-debug-modules-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 24bb352f9934cf92196b3658f5f51451981de575e42ca1d8735ab48dc1092c17 kernel-debug-modules-core-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: f12324205ef5b907eb2ea05f325cee2e8d2d04a57eb7af96f53a47d9e1a7706c kernel-debug-modules-extra-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 02580248d716c0a84a15b0d4a01e0f7115c097237f56a73f41111d76b4b96c5d kernel-debug-uki-virt-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: cb6435bc8bfaefee657896284909a4cb47a340e650ed766aead2955be4cb1688 kernel-debuginfo-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 6be35ff730705ff98616f682b3b79b864f9f5f1734927c9faa07da75260d0108 kernel-debuginfo-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 6be35ff730705ff98616f682b3b79b864f9f5f1734927c9faa07da75260d0108 kernel-debuginfo-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 6be35ff730705ff98616f682b3b79b864f9f5f1734927c9faa07da75260d0108 kernel-debuginfo-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 6be35ff730705ff98616f682b3b79b864f9f5f1734927c9faa07da75260d0108 kernel-debuginfo-common-x86_64-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 95f3ec58d2a03f1285f0a90248e70a053b0bcce663828765d4f919ba5e8a651d kernel-debuginfo-common-x86_64-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 95f3ec58d2a03f1285f0a90248e70a053b0bcce663828765d4f919ba5e8a651d kernel-debuginfo-common-x86_64-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 95f3ec58d2a03f1285f0a90248e70a053b0bcce663828765d4f919ba5e8a651d kernel-debuginfo-common-x86_64-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 95f3ec58d2a03f1285f0a90248e70a053b0bcce663828765d4f919ba5e8a651d kernel-devel-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 8afd2682d41d6a97219158a7e70d644e8f250c5e155189521e1a323ada5ca7cd kernel-devel-matched-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 509d297c6195e34def3b8d04d01c893e6d6dfee81d8145a6d8113aeefdb9ec69 kernel-doc-5.14.0-427.127.1.el9_4.noarch.rpm SHA-256: 2383d83d4ea28c731dac159e686ef1189ae93aa204e6582da7423fd03860b37a kernel-headers-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 9b126203a48bb2dae491a571eaf49c2d697d1e19f0cb5fd3a85b0ee988104415 kernel-modules-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 6d1f8f7302c6fbd32363c172f96d86ddd6e7cdfdef7222eb2229ba56b792abd7 kernel-modules-core-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 4b1e2dacdbdb352b83fb977c477686df2c982035492200b2097a639f62be7b71 kernel-modules-extra-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: 06c32b865f6d891e36b0c12d202f255c37796c4a43091fc6207f8964a72fd9ac kernel-rt-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: d04594bd3f23405f16d1e4456a7da9ca8cd00272405098444057cf6afc3a7ed2 kernel-rt-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: d04594bd3f23405f16d1e4456a7da9ca8cd00272405098444057cf6afc3a7ed2 kernel-rt-core-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: c3f83e664797823ef0d6c6f315b3ade867bcf365c609c468920deeb8e68a9a02 kernel-rt-core-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: c3f83e664797823ef0d6c6f315b3ade867bcf365c609c468920deeb8e68a9a02 kernel-rt-debug-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: b3e0767e29bdd04bca76075c80c83d8ebf003727c671a70b2a0b74628665885c kernel-rt-debug-5.14.0-427.127.1.el9_4.x86_64.rpm SHA-256: b3e0767e2