The advisory covers nine distinct vulnerabilities in the Linux kernel used by Red Hat Enterprise Linux 9.2 and related products. These include use-after-free bugs in bridge multicast (CVE-2025-38248), Bluetooth management (CVE-2025-39981), mlxsw multicast route stats (CVE-2025-68800), bonding module (CVE-2026-23171), and nf_tables_addchain (CVE-2026-23231). Additionally, denial of service vulnerabilities exist in rxrpc_recvmsg (CVE-2026-23066) and DAMON sysfs (CVE-2026-23144), as well as error recovery and pointer handling issues in macvlan (CVE-2026-23209) and net/sched cls_u32 (CVE-2026-23204). The vulnerabilities can lead to system crashes, memory leaks, privilege escalation, or denial of service. Red Hat has released updated kernel packages that address these issues, requiring a reboot to apply the fixes.

The vulnerabilities collectively can cause use-after-free conditions leading to system crashes or arbitrary code execution, denial of service through unsafe operations or memory leaks, and privilege escalation. These impacts affect the stability and security of affected Red Hat Enterprise Linux systems, potentially allowing attackers to disrupt services or gain elevated privileges if exploited. However, no known exploits in the wild have been reported at the time of this advisory.

Red Hat has released updated kernel packages that fix all listed vulnerabilities. Users of affected Red Hat Enterprise Linux 9.2 versions and related variants should apply the kernel update promptly. A system reboot is required for the update to take effect. Refer to the official Red Hat advisory RHSA-2026:9644 for detailed update instructions. No additional mitigations are indicated or required beyond applying the official patch and rebooting.