RLSA-2026:27288

See a problem?
Please try reporting it to the source first.
Source
https://errata.rockylinux.org/RLSA-2026:27288
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2026:27288.json
JSON Data
https://api.test.osv.dev/v1/vulns/RLSA-2026:27288
Upstream
  • CVE-2026-46331
Published
2026-06-22T12:04:59.950683Z
Modified
2026-06-22T12:30:18.917382321Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Important: kernel security, bug fix, and enhancement update
Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (CVE-2026-31474)

  • kernel: mptcp: fix slab-use-after-free in __inetlookupestablished (CVE-2026-31669)

  • kernel: rxrpc: Fix RxGK token loading to check bounds (CVE-2026-31641)

  • kernel: xen/privcmd: fix double free via VMA splitting (CVE-2026-31787)

  • kernel: Buffer overflow in drivers/xen/sys-hypervisor.c (CVE-2026-31786)

  • kernel: net: mana: fix use-after-free in add_adev() error path (CVE-2026-43056)

  • kernel: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreate_sync (CVE-2026-31772)

  • kernel: bnxt_en: Fix RSS context delete logic (CVE-2026-43260)

  • kernel: crypto: caam - fix overflow on long hmac keys (CVE-2026-43330)

  • kernel: net/sched: act_pedit: extend the writable skb range per key (CVE-2026-46331)

  • kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (CVE-2026-46056)

  • kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result (CVE-2026-46152)

  • kernel: wifi: mac80211: remove station if connection prep fails (CVE-2026-46125)

  • kernel: exit: prevent preemption of oopsing TASK_DEAD task (CVE-2026-46173)

  • kernel: wifi: mac80211: use safe list iteration in radar detect work (CVE-2026-46166)

Bug Fix(es) and Enhancement(s):

  • Rocky Linux10.0 - s390/ap: Expose apbindingscomplete_count counter via sysfs [rhel-10.2.z] (JIRA:Rocky Linux-166047)

  • Rocky Linux9.5 crash due to lpfc NULL ndlp->vport [rhel-10.2.z] (JIRA:Rocky Linux-171774)

  • objtool static_call check blocks build of out-of-tree livepatch modules on Rocky Linux 10.2 GA kernels ? missing upstream revert f495054bd12e (JIRA:Rocky Linux-178495)

  • ibmveth Adapter Freeze with Small MSS [rhel-10.2.z] (JIRA:Rocky Linux-179723)

  • rbd: eliminate a race in lock_dwork draining on unmap [rhel-10.2.z] (JIRA:Rocky Linux-183127)

  • Rocky Linux10.0 - s390/mm: Add missing secure storage access fixups [rhel-10.2.z] (JIRA:Rocky Linux-183319)

  • [Rocky Linux10.2.z] Enable Pretimeout Watchdog Panic Functionality on x86 (JIRA:Rocky Linux-182299)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:10 / kernel

Package

Name
kernel
Purl
pkg:rpm/rocky-linux/kernel?distro=rocky-linux-10&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:6.12.0-211.26.1.el10_2
Database specific 
{
    "yum_repository": "BaseOS"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2026:27288.json"