Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:26535 - Security Advisory
Issued:
2026-06-17
Updated:
2026-06-17

RHSA-2026:26535 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: kernel security, bug fix, and enhancement update

Type/Severity

Security Advisory: Critical

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: geneve: Fix use-after-free in geneve_find_dev(). (CVE-2025-21858)
  • kernel: sctp: fix a potential overflow in sctp_ifwdtsn_skip (CVE-2023-53372)
  • kernel: net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170)
  • kernel: ipv6: use RCU in ip6_xmit() (CVE-2025-40135)
  • kernel: ipv6: use RCU in ip6_output() (CVE-2025-40158)
  • kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)
  • kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800)
  • kernel: iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089)
  • kernel: macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001)
  • kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration (CVE-2026-23097)
  • kernel: ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191)
  • kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CVE-2026-23216)
  • kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243)
  • kernel: netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)
  • kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)
  • kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037)
  • kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038)
  • kernel: netfilter: ctnetlink: ensure safe access to master conntrack (CVE-2026-43116)
  • kernel: wifi: brcmfmac: validate bsscfg indices in IF events (CVE-2026-43110)
  • kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)
  • kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)
  • kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)
  • kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions (CVE-2026-46243)
  • kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (CVE-2026-46227)

Bug Fix(es) and Enhancement(s):

  • NFS client hangs while returning delegations (JIRA:RHEL-112276)
  • Rhel backport of upstream commit "i40e: avoid redundant VF link state update" (JIRA:RHEL-141908)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Fixes

  • BZ - 2351619 - CVE-2025-21858 kernel: geneve: Fix use-after-free in geneve_find_dev().
  • BZ - 2396405 - CVE-2023-53372 kernel: sctp: fix a potential overflow in sctp_ifwdtsn_skip
  • BZ - 2414506 - CVE-2025-40170 kernel: net: use dst_dev_rcu() in sk_setup_caps()
  • BZ - 2414521 - CVE-2025-40135 kernel: ipv6: use RCU in ip6_xmit()
  • BZ - 2414523 - CVE-2025-40158 kernel: ipv6: use RCU in ip6_output()
  • BZ - 2424881 - CVE-2025-68366 kernel: nbd: defer config unlock in nbd_genl_connect
  • BZ - 2429065 - CVE-2025-68800 kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats
  • BZ - 2429104 - CVE-2025-71089 kernel: iommu: disable SVA when CONFIG_X86 is set
  • BZ - 2432664 - CVE-2026-23001 kernel: macvlan: fix possible UAF in macvlan_forward_source()
  • BZ - 2436802 - CVE-2026-23097 kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration
  • BZ - 2439947 - CVE-2026-23191 kernel: ALSA: aloop: Fix racy access at PCM trigger
  • BZ - 2440630 - CVE-2026-23216 kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
  • BZ - 2448594 - CVE-2026-23243 kernel: Linux kernel: Denial of service and memory corruption in RDMA umad
  • BZ - 2451218 - CVE-2026-23392 kernel: netfilter: nf_tables: release flowtable after rcu grace period on error
  • BZ - 2461759 - CVE-2026-31685 kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets
  • BZ - 2464351 - CVE-2026-43037 kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
  • BZ - 2464397 - CVE-2026-43038 kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()
  • BZ - 2467005 - CVE-2026-43116 kernel: netfilter: ctnetlink: ensure safe access to master conntrack
  • BZ - 2467014 - CVE-2026-43110 kernel: wifi: brcmfmac: validate bsscfg indices in IF events
  • BZ - 2467059 - CVE-2026-43163 kernel: md/bitmap: fix GPF in write_page caused by resize race
  • BZ - 2467064 - CVE-2026-43190 kernel: netfilter: xt_tcpmss: check remaining length before reading optlen
  • BZ - 2467210 - CVE-2026-43158 kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks
  • BZ - 2481486 - CVE-2026-46243 kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions
  • BZ - 2482564 - CVE-2026-46227 kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

CVEs

  • CVE-2023-53372
  • CVE-2025-21858
  • CVE-2025-40135
  • CVE-2025-40158
  • CVE-2025-40170
  • CVE-2025-68366
  • CVE-2025-68800
  • CVE-2025-71089
  • CVE-2026-23001
  • CVE-2026-23097
  • CVE-2026-23191
  • CVE-2026-23216
  • CVE-2026-23243
  • CVE-2026-23392
  • CVE-2026-31685
  • CVE-2026-43037
  • CVE-2026-43038
  • CVE-2026-43110
  • CVE-2026-43116
  • CVE-2026-43158
  • CVE-2026-43163
  • CVE-2026-43190
  • CVE-2026-46227
  • CVE-2026-46243

References

  • https://access.redhat.com/security/updates/classification/#critical
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.4

SRPM
kernel-4.18.0-305.194.1.el8_4.src.rpm SHA-256: c040067d6b9f1d24274fa5d1977c411845fcb5e59b693f17c5a41dff76ef713b
x86_64
bpftool-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 2cb82bb92a658b4f53b9479323aab61f78849c1b799f500d46aae3d0343aea39
bpftool-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 439959adea613afd7897397cdf81475fde463284d3199b66f5ec1255db74acf0
kernel-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 419c469203afe1c595388e98e5f2e7f32fadfde0cc73cd48567d456cb4e626af
kernel-abi-stablelists-4.18.0-305.194.1.el8_4.noarch.rpm SHA-256: fb6a44d826fb1391e23487e69ef62100f1d2cb79ef0160d29c89d5835640664f
kernel-core-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 35743b3c3a278cdfc19abee3d40f19b2017406d052abaa507b8778f335ac015e
kernel-cross-headers-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: c5473af28a40d9168501786fbf1f37cd0da78c012500fa112935ea992f19af6c
kernel-debug-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 04ca0f5299286675aaf650193dbe76e5bf6e34e9ec7b9d8204f66a08e114b37f
kernel-debug-core-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 6269b3fef120964f533b548b3b3974f8ca7a2133c5359d96d9dbe460ae28cae9
kernel-debug-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: d69723bb9cb10229fb6c9813056d88c6449f9b236ca86e11a8166d333d2c39b5
kernel-debug-devel-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: e7e1a0f4cefd3488c8fd73c624cadc024b407925c3f317bcf648bb8b28cc836a
kernel-debug-modules-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 61413c0b558c8142b1971b521a67941b074baf3a3c469339be3969583249a0bd
kernel-debug-modules-extra-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 27fce8799a656db09b7dab05eecc854868c9f121377a9edc7aad058c2622b848
kernel-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 67f7c73919a4860b291abaf49833252db622ca72ec45c30b41b6cb76097b4c3b
kernel-debuginfo-common-x86_64-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: edcbc71cb82cf0e50e18ef2a26a14bf4dee830f76a40abd5aec5708578c1d94a
kernel-devel-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 68941c19a69f9c690fa99ec157c7971601cde4a27863dc2ca3c4c9fe5608e7c8
kernel-doc-4.18.0-305.194.1.el8_4.noarch.rpm SHA-256: d10934a8a7bd5cc1e49da2f78f3d392f867180abb80fbc9483042201194fdd2a
kernel-headers-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: cb8b59ea4a1a7e354d207dc40e1169e9112ad8ac156482529a42eca9f434b424
kernel-modules-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 270a72cc41fd5d634a8e1224b5d59ae269f5a3f2bd87f9ecd776c961723e3255
kernel-modules-extra-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 73a13cdcab23db6e00f22f6a03fc8e6bf33abbad3db412989fd2a89693d45e07
kernel-tools-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 89fd38f103d34a89018e56adacfaaf071af7c890b9e91823c2d5e6208ba05a75
kernel-tools-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: bd283435223c507d1b2a8af3dd60334622f9a364afe9f9f41d93ca1ccb576d85
kernel-tools-libs-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 5e15c68a8b143b240bda9e2b4e2554b2f6681f783d47a52d1388bdc50608a1f8
perf-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 9f398a0960f78b01f262931f104c9b38f6601a7c1354768a2dee25a5562a4777
perf-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 41dd9cee9c6316b48866ac1f1eeb350bceb5e6b3992e68953e714c606623096b
python3-perf-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 56b6823259e87590a237ea3a11ad5c304c5ccd813b30a9739d99d091a76544d3
python3-perf-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 0fb51aa5d38b201eda857cae95577e1cd2a9999bf6c737e28a2d2d9e29312166

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
kernel-4.18.0-305.194.1.el8_4.src.rpm SHA-256: c040067d6b9f1d24274fa5d1977c411845fcb5e59b693f17c5a41dff76ef713b
x86_64
bpftool-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 2cb82bb92a658b4f53b9479323aab61f78849c1b799f500d46aae3d0343aea39
bpftool-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 439959adea613afd7897397cdf81475fde463284d3199b66f5ec1255db74acf0
kernel-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 419c469203afe1c595388e98e5f2e7f32fadfde0cc73cd48567d456cb4e626af
kernel-abi-stablelists-4.18.0-305.194.1.el8_4.noarch.rpm SHA-256: fb6a44d826fb1391e23487e69ef62100f1d2cb79ef0160d29c89d5835640664f
kernel-core-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 35743b3c3a278cdfc19abee3d40f19b2017406d052abaa507b8778f335ac015e
kernel-cross-headers-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: c5473af28a40d9168501786fbf1f37cd0da78c012500fa112935ea992f19af6c
kernel-debug-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 04ca0f5299286675aaf650193dbe76e5bf6e34e9ec7b9d8204f66a08e114b37f
kernel-debug-core-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 6269b3fef120964f533b548b3b3974f8ca7a2133c5359d96d9dbe460ae28cae9
kernel-debug-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: d69723bb9cb10229fb6c9813056d88c6449f9b236ca86e11a8166d333d2c39b5
kernel-debug-devel-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: e7e1a0f4cefd3488c8fd73c624cadc024b407925c3f317bcf648bb8b28cc836a
kernel-debug-modules-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 61413c0b558c8142b1971b521a67941b074baf3a3c469339be3969583249a0bd
kernel-debug-modules-extra-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 27fce8799a656db09b7dab05eecc854868c9f121377a9edc7aad058c2622b848
kernel-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 67f7c73919a4860b291abaf49833252db622ca72ec45c30b41b6cb76097b4c3b
kernel-debuginfo-common-x86_64-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: edcbc71cb82cf0e50e18ef2a26a14bf4dee830f76a40abd5aec5708578c1d94a
kernel-devel-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 68941c19a69f9c690fa99ec157c7971601cde4a27863dc2ca3c4c9fe5608e7c8
kernel-doc-4.18.0-305.194.1.el8_4.noarch.rpm SHA-256: d10934a8a7bd5cc1e49da2f78f3d392f867180abb80fbc9483042201194fdd2a
kernel-headers-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: cb8b59ea4a1a7e354d207dc40e1169e9112ad8ac156482529a42eca9f434b424
kernel-modules-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 270a72cc41fd5d634a8e1224b5d59ae269f5a3f2bd87f9ecd776c961723e3255
kernel-modules-extra-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 73a13cdcab23db6e00f22f6a03fc8e6bf33abbad3db412989fd2a89693d45e07
kernel-tools-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 89fd38f103d34a89018e56adacfaaf071af7c890b9e91823c2d5e6208ba05a75
kernel-tools-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: bd283435223c507d1b2a8af3dd60334622f9a364afe9f9f41d93ca1ccb576d85
kernel-tools-libs-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 5e15c68a8b143b240bda9e2b4e2554b2f6681f783d47a52d1388bdc50608a1f8
perf-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 9f398a0960f78b01f262931f104c9b38f6601a7c1354768a2dee25a5562a4777
perf-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 41dd9cee9c6316b48866ac1f1eeb350bceb5e6b3992e68953e714c606623096b
python3-perf-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 56b6823259e87590a237ea3a11ad5c304c5ccd813b30a9739d99d091a76544d3
python3-perf-debuginfo-4.18.0-305.194.1.el8_4.x86_64.rpm SHA-256: 0fb51aa5d38b201eda857cae95577e1cd2a9999bf6c737e28a2d2d9e29312166

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility