ALSA-2026:4012

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: Linux kernel: Use-after-free in device mapper due to race condition in zone reporting (CVE-2025-38141)
• kernel: Linux kernel io_uring: Local privilege escalation, information disclosure, or denial of service via use-after-free (CVE-2025-38106)
• kernel: drm/xe: Make dma-fences compliant with the safe access rules (CVE-2025-38703)
• kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing (CVE-2025-39760)
• kernel: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save (CVE-2025-39818)
• kernel: Kernel: Use-after-free in GPIO character device allows privilege escalation or denial of service (CVE-2025-40249)
• kernel: ipv6: BUG() in pskbexpandhead() as part of calipsoskbuffsetattr() (CVE-2025-71085)
• kernel: macvlan: fix possible UAF in macvlanforwardsource() (CVE-2026-23001)
• kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration (CVE-2026-23097)
• kernel: Linux kernel: Information disclosure in efivarfs via incorrect error propagation (CVE-2026-23156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.