Red Hat Product Security released an advisory (RHSA-2026:9112) for a kernel security update addressing six vulnerabilities in the Linux kernel affecting Red Hat Enterprise Linux 9.6 Extended Update Support and associated CodeReady Linux Builder products. The fixed issues include: CVE-2026-23066 (denial of service via unsafe requeue in rxrpc_recvmsg), CVE-2026-23111 (privilege escalation or denial of service in nf_tables due to inverted element activity check), CVE-2026-23144 (local denial of service and memory leak in DAMON sysfs via setup failure), CVE-2026-23171 (use-after-free in bonding module causing system crash or arbitrary code execution), CVE-2026-23193 (use-after-free in iscsi target session usage count), and CVE-2026-23204 (net/sched cls_u32 skb_header_pointer_careful usage). The advisory rates the overall impact as moderate and requires applying the update followed by a system reboot.

The vulnerabilities collectively can lead to denial of service conditions, privilege escalation, memory leaks, system crashes, and potentially arbitrary code execution on affected Red Hat Enterprise Linux 9.6 systems. These issues affect critical kernel components, which could impact system stability and security if exploited. No known exploits in the wild have been reported at this time.

Red Hat has released an official security update for the Linux kernel packages addressing these vulnerabilities. Users of Red Hat Enterprise Linux 9.6 Extended Update Support and related products should apply the update as detailed in the Red Hat advisory RHSA-2026:9112. A system reboot is required for the update to take effect. No additional mitigations are specified beyond applying the official patch.