RockyLinux 10 : kernel (RLSA-2026:1690)

high Nessus Plugin ID 298315

Language:

Synopsis

The remote RockyLinux host is missing one or more security updates.

Description

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1690 advisory.

* kernel: Linux kernel: irqchip/gic-v2m use-after-free vulnerability (CVE-2025-37819)

* kernel: RDMA/core: Fix KASAN: slab-use-after-free Read in ib_register_device problem (CVE-2025-38022)

* kernel: Linux kernel use-after-free in eventpoll (CVE-2025-38349)

* kernel: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453)

* kernel: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CVE-2025-38568)

* kernel: drm/xe: Fix vm_bind_ioctl double free bug (CVE-2025-38731)

* kernel: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (CVE-2025-40154)

* kernel: net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170)

* kernel: ipv6: use RCU in ip6_xmit() (CVE-2025-40135)

* kernel: ipv6: use RCU in ip6_output() (CVE-2025-40158)

* kernel: Linux kernel: vsock vulnerability may lead to memory corruption (CVE-2025-40248)

* kernel: mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)

* kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251)

* kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service. (CVE-2025-40271)

* kernel: Linux kernel: Out-of-bounds write in Bluetooth MGMT can lead to information disclosure and denial of service (CVE-2025-40294)

* kernel: Linux kernel: Information disclosure and denial of service in Bluetooth HCI event handling (CVE-2025-40301)

* kernel: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CVE-2025-40318)

* kernel: net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301)

* kernel: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (CVE-2025-68305)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 298315

File Name: rocky_linux_RLSA-2026-1690.nasl

Version: 1.1

Type: local

Family: Rocky Linux Local Security Checks

Published: 2/8/2026

Updated: 2/8/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-38731

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:rocky:linux:kernel, p-cpe:/a:rocky:linux:kernel-abi-stablelists, p-cpe:/a:rocky:linux:kernel-core, p-cpe:/a:rocky:linux:kernel-debug, p-cpe:/a:rocky:linux:kernel-debug-core, p-cpe:/a:rocky:linux:kernel-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-debug-devel, p-cpe:/a:rocky:linux:kernel-debug-modules, p-cpe:/a:rocky:linux:kernel-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-debuginfo, p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:rocky:linux:kernel-devel, p-cpe:/a:rocky:linux:kernel-modules, p-cpe:/a:rocky:linux:kernel-modules-extra, p-cpe:/a:rocky:linux:kernel-rt, p-cpe:/a:rocky:linux:kernel-rt-core, p-cpe:/a:rocky:linux:kernel-rt-debug, p-cpe:/a:rocky:linux:kernel-rt-debug-core, p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-debug-modules, p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-rt-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-devel, p-cpe:/a:rocky:linux:kernel-rt-modules, p-cpe:/a:rocky:linux:kernel-rt-modules-extra, p-cpe:/a:rocky:linux:kernel-tools, p-cpe:/a:rocky:linux:kernel-tools-debuginfo, p-cpe:/a:rocky:linux:kernel-tools-libs, p-cpe:/a:rocky:linux:kernel-tools-libs-devel, p-cpe:/a:rocky:linux:perf, p-cpe:/a:rocky:linux:perf-debuginfo, p-cpe:/a:rocky:linux:python3-perf, p-cpe:/a:rocky:linux:python3-perf-debuginfo, p-cpe:/a:rocky:linux:kernel-debug-devel-matched, p-cpe:/a:rocky:linux:kernel-devel-matched, p-cpe:/a:rocky:linux:kernel-rt-debug-modules-core, p-cpe:/a:rocky:linux:kernel-rt-modules-core, p-cpe:/a:rocky:linux:kernel-zfcpdump, p-cpe:/a:rocky:linux:kernel-zfcpdump-core, p-cpe:/a:rocky:linux:kernel-zfcpdump-debuginfo, p-cpe:/a:rocky:linux:kernel-zfcpdump-devel, p-cpe:/a:rocky:linux:kernel-zfcpdump-devel-matched, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules-extra, p-cpe:/a:rocky:linux:kernel-64k, p-cpe:/a:rocky:linux:kernel-64k-core, p-cpe:/a:rocky:linux:kernel-64k-debug, p-cpe:/a:rocky:linux:kernel-64k-debug-core, p-cpe:/a:rocky:linux:kernel-64k-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-debug-devel, p-cpe:/a:rocky:linux:kernel-64k-debug-devel-matched, p-cpe:/a:rocky:linux:kernel-64k-debug-modules, p-cpe:/a:rocky:linux:kernel-64k-debug-modules-core, p-cpe:/a:rocky:linux:kernel-64k-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-64k-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-devel, p-cpe:/a:rocky:linux:kernel-64k-devel-matched, p-cpe:/a:rocky:linux:kernel-64k-modules, p-cpe:/a:rocky:linux:kernel-64k-modules-core, p-cpe:/a:rocky:linux:kernel-64k-modules-extra, p-cpe:/a:rocky:linux:kernel-debug-modules-core, p-cpe:/a:rocky:linux:kernel-modules-core, p-cpe:/a:rocky:linux:rtla, p-cpe:/a:rocky:linux:kernel-debug-uki-virt, p-cpe:/a:rocky:linux:kernel-uki-virt, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules-core, p-cpe:/a:rocky:linux:libperf, p-cpe:/a:rocky:linux:libperf-debuginfo, p-cpe:/a:rocky:linux:rv, p-cpe:/a:rocky:linux:kernel-uki-virt-addons, cpe:/o:rocky:linux:10, p-cpe:/a:rocky:linux:kernel-debuginfo-common-ppc64le, p-cpe:/a:rocky:linux:kernel-debuginfo-common-s390x, p-cpe:/a:rocky:linux:kernel-rt-64k, p-cpe:/a:rocky:linux:kernel-rt-64k-core, p-cpe:/a:rocky:linux:kernel-rt-64k-debug, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-core, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-rt-64k-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-64k-devel, p-cpe:/a:rocky:linux:kernel-rt-64k-modules, p-cpe:/a:rocky:linux:kernel-rt-64k-modules-core, p-cpe:/a:rocky:linux:kernel-rt-64k-modules-extra, p-cpe:/a:rocky:linux:kernel-modules-extra-matched

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RockyLinux/release, Host/RockyLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/8/2026

Vulnerability Publication Date: 5/8/2025

Reference Information

CVE: CVE-2025-37819, CVE-2025-38022, CVE-2025-38349, CVE-2025-38453, CVE-2025-38568, CVE-2025-38731, CVE-2025-40135, CVE-2025-40154, CVE-2025-40158, CVE-2025-40170, CVE-2025-40248, CVE-2025-40251, CVE-2025-40258, CVE-2025-40271, CVE-2025-40294, CVE-2025-40301, CVE-2025-40318, CVE-2025-68301, CVE-2025-68305

Detections

Analytics