RLSA-2026:19568

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit (CVE-2025-39766)

• kernel: scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741)

• kernel: libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)

• kernel: libceph: prevent potential out-of-bounds reads in handleauthdone() (CVE-2026-22984)

• kernel: libceph: replace overzealous BUGON in osdmapapply_incremental() (CVE-2026-22990)

• kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state (CVE-2026-23136)

• kernel: net/sched: clsu32: use skbheaderpointercareful() (CVE-2026-23204)

• kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270)

• kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401)

• kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)

• kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)

• kernel: usbip: validate numberofpackets in usbippackret_submit() (CVE-2026-31607)

• kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)

• kernel: RDMA/umem: Fix double dmabufunpin in failure path (CVE-2026-43128)

• kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284)

• kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300)

• kernel: Read root-owned files as an unprivileged user (CVE-2026-46333)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.