Issued at: 2026-07-11
Updated at: 2026-07-12
Synopsis
Important: kernel security, bug fix, and enhancement update
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (CVE-2026-43112)
* kernel: net: mana: Fix double destroy_workqueue on service rescan PCI path (CVE-2026-43276)
* kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs (CVE-2026-46323)
* kernel: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (CVE-2026-46116)
* kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (CVE-2026-46227)
* kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (CVE-2026-46209)
* kernel: smb/client: fix out-of-bounds read in smb2_compound_op() (CVE-2026-46155)
* kernel: netfilter: nft_inner: Fix IPv6 inner_thoff desync (CVE-2026-46244)
* kernel: procfs: fix missing RCU protection when reading real_parent in do_task_stat() (CVE-2026-46259)
* kernel: Arm Processors: Privilege escalation or information disclosure via writes to higher exception level resources (CVE-2025-10263)
* kernel: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry (CVE-2026-46316)
Bug Fix(es) and Enhancement(s):
* WARNING at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c:1585 r535_gsp_fini+0x2fb/0x310 [nouveau] [rhel-9.8.z] (JIRA:Rocky Linux-160966)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.