{"schema_version": "1.7.0", "id": "RLSA-2026:27288", "modified": "2026-06-22T12:06:10.092664Z", "published": "2026-06-22T12:04:59.950683Z", "upstream": ["CVE-2026-31474", "CVE-2026-31641", "CVE-2026-31669", "CVE-2026-31772", "CVE-2026-31786", "CVE-2026-31787", "CVE-2026-43056", "CVE-2026-43260", "CVE-2026-43330", "CVE-2026-46056", "CVE-2026-46125", "CVE-2026-46152", "CVE-2026-46166", "CVE-2026-46173", "CVE-2026-46331"], "summary": "Important: kernel security, bug fix, and enhancement update", "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (CVE-2026-31474)\n\n* kernel: mptcp: fix slab-use-after-free in __inet_lookup_established (CVE-2026-31669)\n\n* kernel: rxrpc: Fix RxGK token loading to check bounds (CVE-2026-31641)\n\n* kernel: xen/privcmd: fix double free via VMA splitting (CVE-2026-31787)\n\n* kernel: Buffer overflow in drivers/xen/sys-hypervisor.c (CVE-2026-31786)\n\n* kernel: net: mana: fix use-after-free in add_adev() error path (CVE-2026-43056)\n\n* kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync (CVE-2026-31772)\n\n* kernel: bnxt_en: Fix RSS context delete logic (CVE-2026-43260)\n\n* kernel: crypto: caam - fix overflow on long hmac keys (CVE-2026-43330)\n\n* kernel: net/sched: act_pedit: extend the writable skb range per key (CVE-2026-46331)\n\n* kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (CVE-2026-46056)\n\n* kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result (CVE-2026-46152)\n\n* kernel: wifi: mac80211: remove station if connection prep fails (CVE-2026-46125)\n\n* kernel: exit: prevent preemption of oopsing TASK_DEAD task (CVE-2026-46173)\n\n* kernel: wifi: mac80211: use safe list iteration in radar detect work (CVE-2026-46166)\n\nBug Fix(es) and Enhancement(s):\n\n* Rocky Linux10.0 - s390/ap: Expose ap_bindings_complete_count counter via sysfs [rhel-10.2.z] (JIRA:Rocky Linux-166047)\n\n* Rocky Linux9.5 crash due to lpfc NULL ndlp->vport [rhel-10.2.z] (JIRA:Rocky Linux-171774)\n\n* objtool static_call check blocks build of out-of-tree livepatch modules on Rocky Linux 10.2 GA kernels ? missing upstream revert f495054bd12e (JIRA:Rocky Linux-178495)\n\n* ibmveth Adapter Freeze with Small MSS [rhel-10.2.z] (JIRA:Rocky Linux-179723)\n\n* rbd: eliminate a race in lock_dwork draining on unmap [rhel-10.2.z] (JIRA:Rocky Linux-183127)\n\n* Rocky Linux10.0 - s390/mm: Add missing secure storage access fixups [rhel-10.2.z] (JIRA:Rocky Linux-183319)\n\n* [Rocky Linux10.2.z] Enable Pretimeout Watchdog Panic Functionality on x86 (JIRA:Rocky Linux-182299)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:10", "name": "kernel", "purl": "pkg:rpm/rocky-linux/kernel?distro=rocky-linux-10&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:6.12.0-211.26.1.el10_2"}], "database_specific": {"yum_repository": "BaseOS"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2026:27288"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467083"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482634"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460646"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479492"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464096"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461548"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464502"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464449"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482645"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461503"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468061"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482181"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482563"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482608"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464092"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}