What is RHSA-2026:7003?

RHSA-2026:7003 is a security advisory published by Red Hat Product Security with Medium severity. Red Hat Security Advisory: kernel security update

Which CVE IDs does RHSA-2026:7003 cover?

RHSA-2026:7003 covers the following CVE IDs: CVE-2026-23209, CVE-2021-4460, CVE-2022-49674, CVE-2025-38180, CVE-2025-40240, CVE-2025-71085. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of RHSA-2026:7003?

RHSA-2026:7003 has a CVSS v3 base score of 7.5, published by Red Hat Product Security.

RHSA-2026:7003MediumCVSS 7.5

Red Hat Security Advisory: kernel security update

Vendor

Red Hat Product Security

Published

April 8, 2026

Last Modified

June 8, 2026

🔗 CVE IDs covered (6)

CVE-2026-23209 →CVE-2021-4460 →CVE-2022-49674 →CVE-2025-38180 →CVE-2025-40240 →CVE-2025-71085 →

📋 Description

CVE-2021-4460 — kernel: Linux kernel: integer overflow and information disclosure via undefined shift operation in drm/amdkfd CVE-2022-49674 — kernel: Linux kernel: Device Mapper RAID out-of-bounds access CVE-2025-38180 — kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem CVE-2025-40240 — kernel: sctp: avoid NULL dereference when chunk data buffer is missing CVE-2025-71085 — kernel: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() CVE-2026-23209 — kernel: macvlan: fix error recovery in macvlan_common_newlink()

🔗 References (9)

selfhttps://access.redhat.com/errata/RHSA-2026:7003
externalhttps://access.redhat.com/security/updates/classification/#moderate
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2347967
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2376376
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2400732
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2418832
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2429026
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2439900
selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7003.json