ALSA-2026:21556: kernel security update (Important)
ALSA-2026:18587: kernel security update (Moderate)
ALSA-2026:19568: kernel security update (Important)
ALSA-2026:21556: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-06-07
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653)
* kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183)
* kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)
* kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CVE-2025-68724)
* kernel: iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089)
* kernel: netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)
* kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)
* kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408)
* kernel: net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)
* kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)
* kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)
* kernel: Bluetooth: MGMT: validate LTK enc_size on load (CVE-2026-43020)
* kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CVE-2026-43051)
* kernel: smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)
* kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect() (CVE-2026-43023)
* kernel: wifi: brcmfmac: validate bsscfg indices in IF events (CVE-2026-43110)
* kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)
* kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)
* kernel: mm/page_alloc: clear page->private in free_pages_prepare() (CVE-2026-43303)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-21556.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:18587: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2026-06-07
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: bonding: check xdp prog when set bond mode (CVE-2025-22105)
* kernel: block: fix resource leak in blk_register_queue() error path (CVE-2025-37980)
* kernel: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (CVE-2025-38015)
* kernel: espintcp: remove encap socket caching to avoid reference leak (CVE-2025-38097)
* kernel: bpf: fix ktls panic with sockmap (CVE-2025-38166)
* kernel: bpf: Do not include stack ptr register in precision backtracking bookkeeping (CVE-2025-38279)
* kernel: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (CVE-2025-38400)
* kernel: nvmet: fix memory leak of bio integrity (CVE-2025-38405)
* kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (CVE-2025-38441)
* kernel: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (CVE-2025-38470)
* kernel: fs: writeback: fix use-after-free in __mark_inode_dirty() (CVE-2025-39866)
* kernel: dm: fix NULL pointer dereference in __dm_suspend() (CVE-2025-40134)
* kernel: wifi: mac80211_hwsim: fix typo in frequency notification (CVE-2026-23040)
* kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-18587.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:19568: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-06-07
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766)
* kernel: scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741)
* kernel: libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)
* kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984)
* kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990)
* kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state (CVE-2026-23136)
* kernel: net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204)
* kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270)
* kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401)
* kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)
* kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)
* kernel: usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607)
* kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)
* kernel: RDMA/umem: Fix double dma_buf_unpin in failure path (CVE-2026-43128)
* kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284)
* kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300)
* kernel: Read root-owned files as an unprivileged user (CVE-2026-46333)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-19568.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
