This Red Hat security advisory (RHSA-2026:21556) covers a kernel security update for Red Hat Enterprise Linux 9 and related variants. It addresses 19 vulnerabilities (CVE-2025-38653 through CVE-2026-43303) in the Linux kernel, including fixes for use-after-free bugs, overflow prevention, validation of inputs in networking and Bluetooth components, and race condition mitigations. The update ensures consistent checks in proc_lseek, prevents clearing of IMA_DIGSIG flags incorrectly, defers config unlock in nbd connections, disables SVA on x86, and validates multiple network packet headers and Bluetooth parameters. The advisory explicitly states that the system must be rebooted after applying the update. No CVSS scores are provided in the advisory, but Red Hat rates the update as Important.

The vulnerabilities collectively affect the core Linux kernel, potentially impacting system stability, security, and integrity. Issues such as use-after-free and buffer overflows could lead to privilege escalation or denial of service if exploited. Validation flaws in networking and Bluetooth components could allow malformed inputs to cause unexpected behavior. However, there are no known exploits in the wild reported at this time. The advisory covers a broad range of kernel components, indicating a wide attack surface if unpatched.

Red Hat has released an official security update that addresses all listed vulnerabilities. Users of affected Red Hat Enterprise Linux 9 versions and related products should apply the kernel update provided by Red Hat promptly. A system reboot is required for the update to take effect. Refer to Red Hat's official article (https://access.redhat.com/articles/11258) for detailed update instructions. Since this is an official fix, no additional mitigation steps are necessary beyond applying the update and rebooting.