The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (CVE-2024-56633) * kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (CVE-2025-21839) * kernel: block: fix resource leak in blk_register_queue() error path (CVE-2025-37980) * kernel: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (CVE-2025-38015) * kernel: espintcp: remove encap socket caching to avoid reference leak (CVE-2025-38097) * kernel: bpf: fix ktls panic with sockmap (CVE-2025-38166) * kernel: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (CVE-2025-38202) * kernel: bpf: Do not include stack ptr register in precision backtracking bookkeeping (CVE-2025-38279) * kernel: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (CVE-2025-38267) * kernel: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (CVE-2025-38275) * kernel: ftrace: Fix UAF when lookup kallsym after ftrace disabled (CVE-2025-38346) * kernel: ACPICA: fix acpi operand cache leak in dswstate.c (CVE-2025-38345) * kernel: nvmet: fix memory leak of bio integrity (CVE-2025-38405) * kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (CVE-2025-38441) * kernel: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (CVE-2025-38470) * kernel: fs: writeback: fix use-after-free in __mark_inode_dirty() (CVE-2025-39866) * kernel: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() (CVE-2025-40034) * kernel: dm: fix NULL pointer dereference in __dm_suspend() (CVE-2025-40134) * kernel: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" (CVE-2025-40210) * kernel: Linux kernel MPTCP: Privilege escalation or denial of service via use-after-free in timer handling (CVE-2025-40257) * kernel: smb: client: fix potential cfid UAF in smb2_query_info_compound (CVE-2025-40320) * kernel: wifi: mac80211_hwsim: fix typo in frequency notification (CVE-2026-23040) * kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check (CVE-2026-23111) * kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild (CVE-2026-23210) * kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section.