RLSA-2026:25120

Security

Mirrored from RHSA-2026:25120

Issued at: 2026-06-12

Updated at: 2026-06-14

Synopsis

Critical: kernel-rt security update

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: geneve: Fix use-after-free in geneve_find_dev(). (CVE-2025-21858)

* kernel: smc: Fix use-after-free in tcp_write_timer_handler() (CVE-2023-53781)

* kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)

* kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984)

* kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990)

* kernel: netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)

* kernel: ALSA: 6fire: fix use-after-free on disconnect (CVE-2026-31581)

* kernel: smb: client: fix OOB reads parsing symlink error response (CVE-2026-31613)

* kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037)

* kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038)

* kernel: dlm: validate length in dlm_search_rsb_tree (CVE-2026-43125)

* kernel: RDMA/rxe: Fix double free in rxe_srq_from_init (CVE-2026-45852)

* kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (CVE-2026-46181)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 x86_64

Fixes

2351619

2420279

2424881

2432389

2432400

2451218

2461471

2461480

2464351

2464397

2467234

2482166

2482532

CVEs

CVE-2023-53781

CVE-2025-21858

CVE-2025-68366

CVE-2026-22984

CVE-2026-22990

CVE-2026-23392

CVE-2026-31581

CVE-2026-31613

CVE-2026-43037

CVE-2026-43038

CVE-2026-43125

CVE-2026-45852

CVE-2026-46181

Affected packages

Rocky Linux 8 x86_64 - NFV

kernel-rt-0:4.18.0-553.132.1.rt7.473.el8_10.src.rpm

kernel-rt-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-core-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-debug-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-debug-core-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-debug-debuginfo-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-debug-devel-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-debuginfo-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-debug-kvm-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-debug-modules-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-debug-modules-extra-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-devel-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-kvm-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-modules-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

kernel-rt-modules-extra-0:4.18.0-553.132.1.rt7.473.el8_10.x86_64.rpm

Rocky Linux 8 x86_64 - RT