RLSA-2026:25121

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: geneve: Fix use-after-free in genevefinddev(). (CVE-2025-21858)

• kernel: smc: Fix use-after-free in tcpwritetimer_handler() (CVE-2023-53781)

• kernel: nbd: defer config unlock in nbdgenlconnect (CVE-2025-68366)

• kernel: libceph: prevent potential out-of-bounds reads in handleauthdone() (CVE-2026-22984)

• kernel: libceph: replace overzealous BUGON in osdmapapply_incremental() (CVE-2026-22990)

• kernel: netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)

• kernel: ALSA: 6fire: fix use-after-free on disconnect (CVE-2026-31581)

• kernel: smb: client: fix OOB reads parsing symlink error response (CVE-2026-31613)

• kernel: ip6tunnel: clear skb2->cb[] in ip4ip6err() (CVE-2026-43037)

• kernel: ipv6: icmp: clear skb2->cb[] in ip6errgenicmpv6unreach() (CVE-2026-43038)

• kernel: dlm: validate length in dlmsearchrsb_tree (CVE-2026-43125)

• kernel: RDMA/rxe: Fix double free in rxesrqfrom_init (CVE-2026-45852)

• kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent() (CVE-2026-46181)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.