{"schema_version": "1.7.0", "id": "RLSA-2026:27789", "modified": "2026-06-25T12:06:36.927877Z", "published": "2026-06-25T12:03:37.665962Z", "upstream": ["CVE-2026-31474", "CVE-2026-31669", "CVE-2026-31772", "CVE-2026-31787", "CVE-2026-43260", "CVE-2026-43279", "CVE-2026-43414", "CVE-2026-45984", "CVE-2026-46056", "CVE-2026-46117", "CVE-2026-46125", "CVE-2026-46135", "CVE-2026-46145", "CVE-2026-46152", "CVE-2026-46166", "CVE-2026-46173", "CVE-2026-46331"], "summary": "Important: kernel security, bug fix, and enhancement update", "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (CVE-2026-31474)\n\n* kernel: mptcp: fix slab-use-after-free in __inet_lookup_established (CVE-2026-31669)\n\n* kernel: xen/privcmd: fix double free via VMA splitting (CVE-2026-31787)\n\n* kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync (CVE-2026-31772)\n\n* kernel: bnxt_en: Fix RSS context delete logic (CVE-2026-43260)\n\n* kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing (CVE-2026-43279)\n\n* kernel: scsi: qla2xxx: Completely fix fcport double free (CVE-2026-43414)\n\n* kernel: net/sched: act_pedit: extend the writable skb range per key (CVE-2026-46331)\n\n* kernel: gfs2: Fix use-after-free in iomap inline data write path (CVE-2026-45984)\n\n* kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (CVE-2026-46056)\n\n* kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result (CVE-2026-46152)\n\n* kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() (CVE-2026-46117)\n\n* kernel: RDMA/mana: Validate rx_hash_key_len (CVE-2026-46145)\n\n* kernel: wifi: mac80211: remove station if connection prep fails (CVE-2026-46125)\n\n* kernel: exit: prevent preemption of oopsing TASK_DEAD task (CVE-2026-46173)\n\n* kernel: wifi: mac80211: use safe list iteration in radar detect work (CVE-2026-46166)\n\n* kernel: nvmet-tcp: fix race between ICReq handling and queue teardown (CVE-2026-46135)\n\nBug Fix(es) and Enhancement(s):\n\n* Rocky Linux9.4 - s390/ap: Expose ap_bindings_complete_count counter via sysfs [rhel-9.8.z] (JIRA:Rocky Linux-166048)\n\n* [Rocky Linux 9.8] Hung tasks during both suspend and hibernate operations on systems with Intel E810 NICs [rhel-9.8.z] (JIRA:Rocky Linux-175699)\n\n* DPLL: Add support for pin operational state [rhel-9.8.z] (JIRA:Rocky Linux-175820)\n\n* DPLL: Add support for fractional frequency offset between pin and device [rhel-9.8.z] (JIRA:Rocky Linux-175823)\n\n* ibmveth Adapter Freeze with Small MSS [rhel-9.8.z] (JIRA:Rocky Linux-178308)\n\n* Rocky Linux9.4 - s390/mm: Add missing secure storage access fixups [rhel-9.8.z] (JIRA:Rocky Linux-183317)\n\n* rbd: eliminate a race in lock_dwork draining on unmap [rhel-9.8.z] (JIRA:Rocky Linux-183130)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:9", "name": "kernel", "purl": "pkg:rpm/rocky-linux/kernel?distro=rocky-linux-9&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:5.14.0-687.17.1.el9_8"}], "database_specific": {"yum_repository": "BaseOS"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2026:27789"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460646"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461503"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464092"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464502"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467083"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467215"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468155"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479492"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481922"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482181"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482563"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482576"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482581"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482608"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482634"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482645"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482654"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}