Red Hat Security Advisory: kernel security, bug fix, and enhancement update

CVE-2026-31474 — kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() CVE-2026-31641 — kernel: rxrpc: Fix RxGK token loading to check bounds CVE-2026-31669 — kernel: mptcp: fix slab-use-after-free in __inet_lookup_established CVE-2026-31772 — kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync CVE-2026-31786 — kernel: Buffer overflow in drivers/xen/sys-hypervisor.c CVE-2026-31787 — kernel: xen/privcmd: fix double free via VMA splitting CVE-2026-43056 — kernel: net: mana: fix use-after-free in add_adev() error path CVE-2026-43260 — kernel: bnxt_en: Fix RSS context delete logic CVE-2026-43330 — kernel: crypto: caam - fix overflow on long hmac keys CVE-2026-46056 — kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers CVE-2026-46125 — kernel: wifi: mac80211: remove station if connection prep fails CVE-2026-46152 — kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result CVE-2026-46166 — kernel: wifi: mac80211: use safe list iteration in radar detect work CVE-2026-46173 — kernel: exit: prevent preemption of oopsing TASK_DEAD task CVE-2026-46331 — kernel: net/sched: act_pedit: extend the writable skb range per key