Linux Kernel Security Update: Critical Use-After-Free & Double-Free Flaws Threaten Privilege Escalation

A new Linux kernel security update patches two critical vulnerabilities that could allow attackers to seize control of systems or crash them entirely. The flaws, tracked as CVE-2026-23231 and CVE-2025-71238, reside deep within core kernel components, posing a direct threat to server stability and data integrity. The update, designated ALSA-2026:6053, is rated as 'Moderate' severity but addresses risks that could lead to full system compromise.

The first vulnerability, CVE-2026-23231, is a use-after-free flaw in the `nf_tables_addchain()` function. This type of memory corruption bug is a classic vector for privilege escalation, potentially allowing a local user to gain root-level access or cause a denial-of-service (DoS) condition. The second, CVE-2025-71238, is a double-free vulnerability in the `qla2xxx` driver, which manages QLogic Fibre Channel host bus adapters. This flaw also presents a dual threat of system crashes and potential privilege escalation, particularly affecting systems with specific storage hardware.

The update affects a wide range of kernel packages for the 6.12.0-124.47.1.el10_1 release, including the core kernel, debug versions, development headers, and modules. System administrators managing enterprise servers, cloud infrastructure, or any deployment using the affected kernel versions must apply this patch promptly. While the immediate impact requires local access to exploit, such flaws are often incorporated into broader attack chains, increasing the pressure for rapid deployment to mitigate the risk of lateral movement and system takeover in multi-user environments.