The advisory covers four kernel vulnerabilities: CVE-2026-23066 (denial of service via unsafe requeue in rxrpc_recvmsg), CVE-2026-23193 (use-after-free in iscsit_dec_session_usage_count), CVE-2026-23156 (information disclosure in efivarfs via incorrect error propagation), and CVE-2026-23231 (privilege escalation or denial of service via use-after-free in nf_tables_addchain). These vulnerabilities affect the Linux kernel core components in Red Hat Enterprise Linux 10.0 Extended Update Support and related CodeReady Linux Builder packages. Red Hat has released updated kernel packages to address these issues, and applying these updates requires a system reboot. The advisory classifies the overall impact as moderate. No CVSS scores are provided in the advisory, and no known exploits in the wild have been reported.

The vulnerabilities can lead to denial of service conditions, information disclosure, and potential privilege escalation on affected systems running the vulnerable kernel versions. The use-after-free issues may allow attackers to cause system instability or escalate privileges. The information disclosure vulnerability could expose sensitive kernel information. The denial of service vulnerabilities could disrupt normal system operations. Red Hat rates the overall security impact as moderate.

Red Hat has released updated kernel packages that fix the described vulnerabilities. Users of Red Hat Enterprise Linux 10.0 Extended Update Support and related CodeReady Linux Builder packages should apply the provided kernel updates as soon as possible. A system reboot is required for the updates to take effect. For detailed update instructions, refer to the Red Hat advisory at https://access.redhat.com/articles/11258. No additional mitigations are indicated by the vendor advisory.