Red Hat Product Errata RHSA-2026:19711 - Security Advisory
Issued:
2026-05-20
Updated:
2026-05-20

RHSA-2026:19711 - Security Advisory

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)
  • kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300)
  • kernel: Read root-owned files as an unprivileged user (CVE-2026-46333)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Fixes

  • BZ - 2461107 - CVE-2026-31532 kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()
  • BZ - 2477015 - CVE-2026-46300 kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel
  • BZ - 2477802 - CVE-2026-46333 kernel: Read root-owned files as an unprivileged user

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
kernel-rt-5.14.0-70.180.1.rt21.252.el9_0.src.rpm SHA-256: 3e25fd15f89c7a84a9574f7556e1ecfa1336f0c4a1852b5792ebe1efd05e4995
x86_64
kernel-rt-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 3853272d8f8ec6f5eb3afd0544fb1f8dd08da842513eeac64986912c71dcc68d
kernel-rt-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 3853272d8f8ec6f5eb3afd0544fb1f8dd08da842513eeac64986912c71dcc68d
kernel-rt-core-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 3b0e4213afecbe9f538085da5deb3a9d90e129e715280c321e4d0b4523302732
kernel-rt-core-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 3b0e4213afecbe9f538085da5deb3a9d90e129e715280c321e4d0b4523302732
kernel-rt-debug-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: a6f58e67f52a0fc3fd487a7f6c87ebdbc2e0780c9e336d7abeb332472ae3a7f7
kernel-rt-debug-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: a6f58e67f52a0fc3fd487a7f6c87ebdbc2e0780c9e336d7abeb332472ae3a7f7
kernel-rt-debug-core-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: dfdab7559210008900ed7c1bebb42264703f66159b70b726670a9df3a5cb73fb
kernel-rt-debug-core-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: dfdab7559210008900ed7c1bebb42264703f66159b70b726670a9df3a5cb73fb
kernel-rt-debug-debuginfo-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 448dfff55cba61acdf29cf0a25fc61ff4faa22b8e773b4d4ca02fa8234333ffd
kernel-rt-debug-debuginfo-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 448dfff55cba61acdf29cf0a25fc61ff4faa22b8e773b4d4ca02fa8234333ffd
kernel-rt-debug-devel-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 7ca34f570ee080d8c9e07ae938c6340747e7ca93549ec11742c35bcdc56cb529
kernel-rt-debug-devel-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 7ca34f570ee080d8c9e07ae938c6340747e7ca93549ec11742c35bcdc56cb529
kernel-rt-debug-kvm-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 4312de80ecbfaf2c8b49c65482da237a539eafad501012ed7795da9ce1937d6d
kernel-rt-debug-modules-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: b54dead92ffb04c456a172a21f1387b3d47cc44200c7f004d28252b3494f552c
kernel-rt-debug-modules-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: b54dead92ffb04c456a172a21f1387b3d47cc44200c7f004d28252b3494f552c
kernel-rt-debug-modules-extra-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: d33d25b56e3f77779a18e3ce34b79ba87f92324268e6809440b6f9f35a0a0f48
kernel-rt-debug-modules-extra-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: d33d25b56e3f77779a18e3ce34b79ba87f92324268e6809440b6f9f35a0a0f48
kernel-rt-debuginfo-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 5a63eb7b1326bde32d33761586f58313f677ab7942a939a736e81eca9fbb9230
kernel-rt-debuginfo-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 5a63eb7b1326bde32d33761586f58313f677ab7942a939a736e81eca9fbb9230
kernel-rt-debuginfo-common-x86_64-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: e272da582535757c49b2a4dae065cea5b0f92ff3ca5f6d72e13ea8e05f591c92
kernel-rt-debuginfo-common-x86_64-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: e272da582535757c49b2a4dae065cea5b0f92ff3ca5f6d72e13ea8e05f591c92
kernel-rt-devel-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 2f064e16f549a508e2a1c8d73eac6239f3e49bae2061f77cc95c0f69dc616864
kernel-rt-devel-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 2f064e16f549a508e2a1c8d73eac6239f3e49bae2061f77cc95c0f69dc616864
kernel-rt-kvm-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: a9c50ca3da5f0e4190b6620c070048814f9287e19e374ce411621b2734ac9669
kernel-rt-modules-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 51c68a45d2bbe9aa4e8d61a665aa7d148f0b8d55ced9f487c3dd114321837f46
kernel-rt-modules-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 51c68a45d2bbe9aa4e8d61a665aa7d148f0b8d55ced9f487c3dd114321837f46
kernel-rt-modules-extra-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 43d694ed7997909831a80db1968573e1a2aaffa18ce764152a33505540e63c6b
kernel-rt-modules-extra-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 43d694ed7997909831a80db1968573e1a2aaffa18ce764152a33505540e63c6b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.