RLSA-2026:1662

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (CVE-2024-26766)

• kernel: RDMA/core: Fix "KASAN: slab-use-after-free Read in ibregisterdevice" problem (CVE-2025-38022)

• kernel: Linux kernel: RDMA/rxe use-after-free vulnerability leading to potential arbitrary code execution (CVE-2025-38024)

• kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation (CVE-2025-38415)

• kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion (CVE-2025-38459)

• kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing (CVE-2025-39760)

• kernel: mptcp: fix race condition in mptcpschedulework() (CVE-2025-40258)

• kernel: Linux kernel: Use-after-free in procreaddirde() can lead to privilege escalation or denial of service. (CVE-2025-40271)

• kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph handling (CVE-2025-40322)

• kernel: tcp: fix a signed-integer-overflow bug in tcpaddbacklog() (CVE-2022-50865)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.