Red Hat issued a security update for the Linux kernel packages in Red Hat Enterprise Linux 9 to fix multiple vulnerabilities including use-after-free errors (e.g., in iscsit_dec_conn_usage_count, bonding driver, ALSA 6fire disconnect, net mana add_adev error path), denial of service (bonding driver), and memory handling issues (ip6_tunnel skb2->cb[], netfilter ctnetlink, dlm length validation, IPv6 RPL header reservation, RDMA double free and RCU misuse). The advisory references 11 CVEs (CVE-2026-23216, CVE-2026-31419, CVE-2026-31508, CVE-2026-31581, CVE-2026-43037, CVE-2026-43056, CVE-2026-43116, CVE-2026-43125, CVE-2026-43501, CVE-2026-45852, CVE-2026-46181). The update is rated as Important by Red Hat Product Security. The advisory includes detailed fixes and requires rebooting affected systems. No CVSS scores are provided in the advisory; users are directed to individual CVE pages for more details.

The vulnerabilities fixed in this advisory could allow an attacker to cause denial of service or memory corruption through use-after-free and double free bugs in kernel components. This can lead to system instability or crashes. The issues affect core kernel functionality, potentially impacting all users running affected versions of Red Hat Enterprise Linux 9. No known exploits in the wild have been reported at the time of the advisory.

Red Hat has released an official security update that addresses all listed vulnerabilities. Users should apply the kernel update provided in RHSA-2026:25217 as soon as possible. After applying the update, a system reboot is required for the fixes to take effect. No additional mitigations are indicated by the vendor advisory.