Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:40068 - Security Advisory
Issued:
2026-07-15
Updated:
2026-07-15

RHSA-2026:40068 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183)
  • kernel: smb: client: fix OOB reads parsing symlink error response (CVE-2026-31613)
  • kernel: net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)
  • kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)
  • kernel: rtmutex: Use waiter::task instead of current in remove_waiter() (CVE-2026-43499)
  • kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path (CVE-2026-46189)
  • kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (CVE-2026-46209)
  • kernel: nvmet-tcp: fix race between ICReq handling and queue teardown (CVE-2026-46135)
  • kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock (CVE-2026-53166)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64

Fixes

  • BZ - 2422699 - CVE-2025-68183 kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
  • BZ - 2461480 - CVE-2026-31613 kernel: smb: client: fix OOB reads parsing symlink error response
  • BZ - 2461757 - CVE-2026-31684 kernel: net: sched: act_csum: validate nested VLAN headers
  • BZ - 2464369 - CVE-2026-43027 kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup
  • BZ - 2480453 - CVE-2026-43499 kernel: rtmutex: Use waiter::task instead of current in remove_waiter()
  • BZ - 2482588 - CVE-2026-46189 kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
  • BZ - 2482636 - CVE-2026-46209 kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
  • BZ - 2482654 - CVE-2026-46135 kernel: nvmet-tcp: fix race between ICReq handling and queue teardown
  • BZ - 2492805 - CVE-2026-53166 kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

CVEs

  • CVE-2025-68183
  • CVE-2026-31613
  • CVE-2026-31684
  • CVE-2026-43027
  • CVE-2026-43499
  • CVE-2026-46135
  • CVE-2026-46189
  • CVE-2026-46209
  • CVE-2026-53166

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.6

SRPM
kernel-4.18.0-372.201.1.el8_6.src.rpm SHA-256: d6dfb483e71f6007e0caa8a85c59357479886227e2ffdb0dea29dbe8f8d21ae5
x86_64
bpftool-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 59f09fbc501750aced91ca841d69c9a31a009520d5a58793274a21e9fe3bb57b
bpftool-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: bd9dd9ba818d268b18c97023bf8e7b7fec669f5e241d6a9a8699b8d5e26e0b6d
kernel-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: df2a07c735b7d3b6b3c7547be22ba86f02bf869562ba32d09fa3e2a4b4cfbe51
kernel-abi-stablelists-4.18.0-372.201.1.el8_6.noarch.rpm SHA-256: 94fb5952ad24ed54191de31ec7fec302cc00df08f9aba5b11b9aff6fe6a2693c
kernel-core-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 590e50cc18ac13df0a2b3e01ae203536c51114c92072fccd113421c19b0abfb1
kernel-cross-headers-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: e29e6e08e33b61942ce91f304df84ad0c10129be9fdbe9b8c722d7b46bd0e55b
kernel-debug-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 5ab29022ec0603e321b63f731b8d46d425d5a0f58900c98b94380393b9df2641
kernel-debug-core-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 5dbdf6f1b7acd6c4ad517d9145dfa3ee1bafa7e51156098e342fe346e67a8708
kernel-debug-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 34fff863f1491f91f49fc346ce5f43d8eb0406c849d44becdc027f0f67a2d469
kernel-debug-devel-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 2ba472517db7349000d04efdcf03261d6cda9b96ee982b92cd31b0645d9e098f
kernel-debug-modules-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 8b185140ba67047c0eb8ce8f843d1785c4fa4d1bdfc55a14ae283f27cb4e7c98
kernel-debug-modules-extra-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 638d387d25deb58835df34f9895bbea0563f3f805b5b977ec8c4c8c01764c481
kernel-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: a52589a7b1ef736ab0decc4f493e7f9fd8c368b0238cdee1847ea00842fca6b0
kernel-debuginfo-common-x86_64-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: bc145f9f4df2d0ddb59169af54bf5675262e25775d06704ebedfec8dc1dd6db8
kernel-devel-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: a91c25fe71aa7d767cce448b9063dd6ffc0e529915a1c449d8c03cb2ad4a1f58
kernel-doc-4.18.0-372.201.1.el8_6.noarch.rpm SHA-256: 1c5319f6e7de9f41f9745a06cf22ff7e1125ae8f04940c71f81149102d87f240
kernel-headers-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: cf1c85bee5b470807e4ac146a73bcb3b42563e4ce1902efc4a48820275c42181
kernel-modules-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 78bac4b15dcfe14ac7502a4a7d22f6a4613ae0e9c8fa8206052f50083ed522eb
kernel-modules-extra-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 1207af562318109c166e162e0fa1af274c949ce6ced31e4ccdfd882ac403a758
kernel-tools-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: af19389e7f6c79d4c82cacb477735a6f28f2fa3e2e6cb687c99414f7ce4affec
kernel-tools-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 15d296f93ea86416344ac0c0a2aa96fa0a2f7f7eaffb5fc3f700eec76f104661
kernel-tools-libs-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: adf1ae9564941510f381ddb7cf56ee51aee1c505640f6807143b95be1ab7f237
perf-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: fb88b3e0ad7b1d7e80f5a714bd0beeee84119c115b8404f5c32e40226f223e92
perf-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 2f548fb0977338462371ed06489eac9adb886c6a03496cc2bebe80b2240d689b
python3-perf-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 373519ffe662343690711a4380e0271e8057786cd49fc2496a7f44835c37cb61
python3-perf-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: eeb4575b6cefaa879492a38b65b973d2daea451f0ecc8e447d4b7d79e4bd0b36

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
kernel-4.18.0-372.201.1.el8_6.src.rpm SHA-256: d6dfb483e71f6007e0caa8a85c59357479886227e2ffdb0dea29dbe8f8d21ae5
x86_64
bpftool-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 59f09fbc501750aced91ca841d69c9a31a009520d5a58793274a21e9fe3bb57b
bpftool-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: bd9dd9ba818d268b18c97023bf8e7b7fec669f5e241d6a9a8699b8d5e26e0b6d
kernel-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: df2a07c735b7d3b6b3c7547be22ba86f02bf869562ba32d09fa3e2a4b4cfbe51
kernel-abi-stablelists-4.18.0-372.201.1.el8_6.noarch.rpm SHA-256: 94fb5952ad24ed54191de31ec7fec302cc00df08f9aba5b11b9aff6fe6a2693c
kernel-core-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 590e50cc18ac13df0a2b3e01ae203536c51114c92072fccd113421c19b0abfb1
kernel-cross-headers-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: e29e6e08e33b61942ce91f304df84ad0c10129be9fdbe9b8c722d7b46bd0e55b
kernel-debug-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 5ab29022ec0603e321b63f731b8d46d425d5a0f58900c98b94380393b9df2641
kernel-debug-core-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 5dbdf6f1b7acd6c4ad517d9145dfa3ee1bafa7e51156098e342fe346e67a8708
kernel-debug-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 34fff863f1491f91f49fc346ce5f43d8eb0406c849d44becdc027f0f67a2d469
kernel-debug-devel-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 2ba472517db7349000d04efdcf03261d6cda9b96ee982b92cd31b0645d9e098f
kernel-debug-modules-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 8b185140ba67047c0eb8ce8f843d1785c4fa4d1bdfc55a14ae283f27cb4e7c98
kernel-debug-modules-extra-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 638d387d25deb58835df34f9895bbea0563f3f805b5b977ec8c4c8c01764c481
kernel-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: a52589a7b1ef736ab0decc4f493e7f9fd8c368b0238cdee1847ea00842fca6b0
kernel-debuginfo-common-x86_64-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: bc145f9f4df2d0ddb59169af54bf5675262e25775d06704ebedfec8dc1dd6db8
kernel-devel-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: a91c25fe71aa7d767cce448b9063dd6ffc0e529915a1c449d8c03cb2ad4a1f58
kernel-doc-4.18.0-372.201.1.el8_6.noarch.rpm SHA-256: 1c5319f6e7de9f41f9745a06cf22ff7e1125ae8f04940c71f81149102d87f240
kernel-headers-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: cf1c85bee5b470807e4ac146a73bcb3b42563e4ce1902efc4a48820275c42181
kernel-modules-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 78bac4b15dcfe14ac7502a4a7d22f6a4613ae0e9c8fa8206052f50083ed522eb
kernel-modules-extra-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 1207af562318109c166e162e0fa1af274c949ce6ced31e4ccdfd882ac403a758
kernel-tools-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: af19389e7f6c79d4c82cacb477735a6f28f2fa3e2e6cb687c99414f7ce4affec
kernel-tools-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 15d296f93ea86416344ac0c0a2aa96fa0a2f7f7eaffb5fc3f700eec76f104661
kernel-tools-libs-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: adf1ae9564941510f381ddb7cf56ee51aee1c505640f6807143b95be1ab7f237
perf-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: fb88b3e0ad7b1d7e80f5a714bd0beeee84119c115b8404f5c32e40226f223e92
perf-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 2f548fb0977338462371ed06489eac9adb886c6a03496cc2bebe80b2240d689b
python3-perf-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: 373519ffe662343690711a4380e0271e8057786cd49fc2496a7f44835c37cb61
python3-perf-debuginfo-4.18.0-372.201.1.el8_6.x86_64.rpm SHA-256: eeb4575b6cefaa879492a38b65b973d2daea451f0ecc8e447d4b7d79e4bd0b36

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility