Описание
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CVE-2026-23216)
-
kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service (CVE-2026-31419)
-
kernel: net: openvswitch: Avoid releasing netdev before teardown completes (CVE-2026-31508)
-
kernel: ALSA: 6fire: fix use-after-free on disconnect (CVE-2026-31581)
-
kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037)
-
kernel: net: mana: fix use-after-free in add_adev() error path (CVE-2026-43056)
-
kernel: netfilter: ctnetlink: ensure safe access to master conntrack (CVE-2026-43116)
-
kernel: dlm: validate length in dlm_search_rsb_tree (CVE-2026-43125)
-
kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (CVE-2026-43501)
-
kernel: RDMA/rxe: Fix double free in rxe_srq_from_init (CVE-2026-45852)
-
kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (CVE-2026-46181)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 9
Ссылки на источники
Исправления
- Red Hat - 2440630
- Red Hat - 2457829
- Red Hat - 2460641
- Red Hat - 2461471
- Red Hat - 2464351
- Red Hat - 2464449
- Red Hat - 2467005
- Red Hat - 2467234
- Red Hat - 2480457
- Red Hat - 2482166
- Red Hat - 2482532
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked, the waiter (such as iscsit_close_connection()) may wake up and proceed to free the iscsit_conn structure. If the waiter frees the memory before the current thread reaches spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function attempts to release a lock within the already-freed connection structure. Fix this by releasing the spinlock before calling complete().
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked, the waiter (such as iscsit_close_connection()) may wake up and proceed to free the iscsit_conn structure. If the waiter frees the memory before the current thread reaches spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function attempts to release a lock within the already-freed connection structure. Fix this by releasing the spinlock before calling complete().
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked, the waiter (such as iscsit_close_connection()) may wake up and proceed to free the iscsit_conn structure. If the waiter frees the memory before the current thread reaches spin_unlock_bh(), it results in a KASAN slab-use-after-free as the function attempts to release a lock within the already-freed connection structure. Fix this by releasing the spinlock before calling complete().
scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
In the Linux kernel, the following vulnerability has been resolved: s ...