Red Hat Product Errata RHSA-2026:3964 - Security Advisory
Issued:
2026-03-09
Updated:
2026-03-09

RHSA-2026:3964 - Security Advisory

Synopsis

Moderate: kernel-rt security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085)
  • kernel: macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 8 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 8 x86_64

Fixes

  • BZ - 2429026 - CVE-2025-71085 kernel: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
  • BZ - 2432664 - CVE-2026-23001 kernel: macvlan: fix possible UAF in macvlan_forward_source()

Red Hat Enterprise Linux for Real Time 8

SRPM
kernel-rt-4.18.0-553.111.1.rt7.452.el8_10.src.rpm SHA-256: a9b7e48f62abdfbead21519b8621dac2117963835b94f3be799ce490c5ea7c4b
x86_64
kernel-rt-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 11dfff5499933fe47185dafc716af4ff9e28bc6103719bd97ec2b76e92a53ddf
kernel-rt-core-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 1f9be0c204863cf5b204f442348a255d0b0762bd3c57b8d0e03365b1522d462a
kernel-rt-debug-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 3b0b4bc9e8b5c9a4b09b08610ed5d6624daff13f8c99f343d29229198d4540aa
kernel-rt-debug-core-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: f94af98bc9a9fb18b0d3e205c676ea40469776be6ea554d776cfe289e7716dd0
kernel-rt-debug-debuginfo-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: d7a74a7faafb8b01e828a5ab38313bccbaef3d93e408cc622ea7b15c26b5f853
kernel-rt-debug-devel-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 6c8de38f38d28be9e2eb179393eaf1b18ae05473c7b8009352b5a60a59567ccb
kernel-rt-debug-modules-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 04eee2f1f03e56d95ba5eba5c3feb8139acfb1389efc18d11b89dd988a86abf2
kernel-rt-debug-modules-extra-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 81e71a3bc0442c3547aa39aef99e65644f3066af3b054a15d53d104b0d641839
kernel-rt-debuginfo-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 613afc3d2b156af4a4ca4f284a8dd8a06cccded0c44634074cef52d43448cb41
kernel-rt-debuginfo-common-x86_64-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 0e81024a6b5f47ebd12d369eae2896dedb7ce3966680fd4b2baac67a2fd59a49
kernel-rt-devel-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: d583043901a7ddf72f2b429b918a8216674a4767e03fd45de505de72bd0e79a6
kernel-rt-modules-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: f0b48b8263ec3696553baec36c7616e756dace8a7f5336a7931e09932b718e08
kernel-rt-modules-extra-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: cc31950ae8baa382bc607a8eca120c50fefd8030232a5e2d61c75105308ab25b

Red Hat Enterprise Linux for Real Time for NFV 8

SRPM
kernel-rt-4.18.0-553.111.1.rt7.452.el8_10.src.rpm SHA-256: a9b7e48f62abdfbead21519b8621dac2117963835b94f3be799ce490c5ea7c4b
x86_64
kernel-rt-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 11dfff5499933fe47185dafc716af4ff9e28bc6103719bd97ec2b76e92a53ddf
kernel-rt-core-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 1f9be0c204863cf5b204f442348a255d0b0762bd3c57b8d0e03365b1522d462a
kernel-rt-debug-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 3b0b4bc9e8b5c9a4b09b08610ed5d6624daff13f8c99f343d29229198d4540aa
kernel-rt-debug-core-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: f94af98bc9a9fb18b0d3e205c676ea40469776be6ea554d776cfe289e7716dd0
kernel-rt-debug-debuginfo-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: d7a74a7faafb8b01e828a5ab38313bccbaef3d93e408cc622ea7b15c26b5f853
kernel-rt-debug-devel-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 6c8de38f38d28be9e2eb179393eaf1b18ae05473c7b8009352b5a60a59567ccb
kernel-rt-debug-kvm-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: c70bc29d275a03daab0e5937a293f8f0546d9b95e9006b5f294431af9ecfe62a
kernel-rt-debug-modules-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 04eee2f1f03e56d95ba5eba5c3feb8139acfb1389efc18d11b89dd988a86abf2
kernel-rt-debug-modules-extra-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 81e71a3bc0442c3547aa39aef99e65644f3066af3b054a15d53d104b0d641839
kernel-rt-debuginfo-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 613afc3d2b156af4a4ca4f284a8dd8a06cccded0c44634074cef52d43448cb41
kernel-rt-debuginfo-common-x86_64-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 0e81024a6b5f47ebd12d369eae2896dedb7ce3966680fd4b2baac67a2fd59a49
kernel-rt-devel-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: d583043901a7ddf72f2b429b918a8216674a4767e03fd45de505de72bd0e79a6
kernel-rt-kvm-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: 0068e14722ac4d7e91b9ea3ea1b7ca11d76efcf09093477f37f8b0892138a76b
kernel-rt-modules-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: f0b48b8263ec3696553baec36c7616e756dace8a7f5336a7931e09932b718e08
kernel-rt-modules-extra-4.18.0-553.111.1.rt7.452.el8_10.x86_64.rpm SHA-256: cc31950ae8baa382bc607a8eca120c50fefd8030232a5e2d61c75105308ab25b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.