{ "document" : { "aggregate_severity" : { "namespace" : "https://access.redhat.com/security/updates/classification/", "text" : "Important" }, "category" : "csaf_security_advisory", "csaf_version" : "2.0", "distribution" : { "text" : "Copyright © Red Hat, Inc. All rights reserved.", "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "en", "notes" : [ { "category" : "summary", "text" : "An update for multiple packages is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title" : "Topic" }, { "category" : "general", "text" : "This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module is targeted for kernel-5.14.0-284.104.1.el9_2.\n\nSecurity Fix(es):\n\n* kernel: \"Fragnesia\" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300)\n\n* kernel: Read root-owned files as an unprivileged user (CVE-2026-46333)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title" : "Details" }, { "category" : "legal_disclaimer", "text" : "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title" : "Terms of Use" } ], "publisher" : { "category" : "vendor", "contact_details" : "https://access.redhat.com/security/team/contact/", "issuing_authority" : "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name" : "Red Hat Product Security", "namespace" : "https://www.redhat.com" }, "references" : [ { "category" : "self", "summary" : "https://access.redhat.com/errata/RHSA-2026:23469", "url" : "https://access.redhat.com/errata/RHSA-2026:23469" }, { "category" : "external", "summary" : "https://access.redhat.com/security/updates/classification/#important", "url" : "https://access.redhat.com/security/updates/classification/#important" }, { "category" : "external", "summary" : "2477015", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2477015" }, { "category" : "external", "summary" : "2477802", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2477802" }, { "category" : "self", "summary" : "Canonical URL", "url" : "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23469.json" } ], "title" : "Red Hat Security Advisory: kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_134_1, kpatch-patch-5_14_0-284_148_1, and kpatch-patch-5_14_0-284_158_1 security update", "tracking" : { "current_release_date" : "2026-06-18T20:01:10+00:00", "generator" : { "date" : "2026-06-18T20:01:10+00:00", "engine" : { "name" : "Red Hat SDEngine", "version" : "5.0.0" } }, "id" : "RHSA-2026:23469", "initial_release_date" : "2026-06-04T22:08:31+00:00", "revision_history" : [ { "date" : "2026-06-04T22:08:31+00:00", "number" : "1", "summary" : "Initial version" }, { "date" : "2026-06-04T22:08:31+00:00", "number" : "2", "summary" : "Last updated version" }, { "date" : "2026-06-18T20:01:10+00:00", "number" : "3", "summary" : "Last generated version" } ], "status" : "final", "version" : "3" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product" : { "name" : "Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:rhel_e4s:9.2::baseos" } } } ], "category" : "product_family", "name" : "Red Hat Enterprise Linux" }, { "branches" : [ { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "product" : { "name" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "product_id" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_104_1@1-16.el9_2?arch=src" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "product" : { "name" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "product_id" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_117_1@1-13.el9_2?arch=src" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "product" : { "name" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "product_id" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_134_1@1-7.el9_2?arch=src" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "product" : { "name" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "product_id" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_148_1@1-5.el9_2?arch=src" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "product" : { "name" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "product_id" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_158_1@1-3.el9_2?arch=src" } } } ], "category" : "architecture", "name" : "src" }, { "branches" : [ { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_104_1@1-16.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_104_1-debugsource@1-16.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_104_1-debuginfo@1-16.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_117_1@1-13.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_117_1-debugsource@1-13.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_117_1-debuginfo@1-13.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_134_1@1-7.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_134_1-debugsource@1-7.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_134_1-debuginfo@1-7.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_148_1@1-5.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_148_1-debugsource@1-5.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_148_1-debuginfo@1-5.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_158_1@1-3.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_158_1-debugsource@1-3.el9_2?arch=ppc64le" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "product" : { "name" : "kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "product_id" : "kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_158_1-debuginfo@1-3.el9_2?arch=ppc64le" } } } ], "category" : "architecture", "name" : "ppc64le" }, { "branches" : [ { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_104_1@1-16.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_104_1-debugsource@1-16.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_104_1-debuginfo@1-16.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_117_1@1-13.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_117_1-debugsource@1-13.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_117_1-debuginfo@1-13.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_134_1@1-7.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_134_1-debugsource@1-7.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_134_1-debuginfo@1-7.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_148_1@1-5.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_148_1-debugsource@1-5.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_148_1-debuginfo@1-5.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_158_1@1-3.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_158_1-debugsource@1-3.el9_2?arch=x86_64" } } }, { "category" : "product_version", "name" : "kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "product" : { "name" : "kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "product_id" : "kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/kpatch-patch-5_14_0-284_158_1-debuginfo@1-3.el9_2?arch=x86_64" } } } ], "category" : "architecture", "name" : "x86_64" } ], "category" : "vendor", "name" : "Red Hat" } ], "relationships" : [ { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src" }, "product_reference" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src" }, "product_reference" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src" }, "product_reference" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src" }, "product_reference" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src" }, "product_reference" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le" }, "product_reference" : "kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" }, { "category" : "default_component_of", "full_product_name" : { "name" : "kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "product_id" : "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64" }, "product_reference" : "kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64", "relates_to_product_reference" : "BaseOS-9.2.0.Z.E4S" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-46300", "cwe" : { "id" : "CWE-123", "name" : "Write-what-where Condition" }, "discovery_date" : "2026-05-13T13:28:21.270000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2477015" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged binaries and gain root privileges.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "kernel: \"Fragnesia\" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "This issue is classified as Important, rather than Critical severity, because exploitation requires local access to the system. A low-privileged local attacker can exploit this flaw in the Linux kernel's XFRM ESP-in-TCP subsystem to gain root privileges by overwriting sensitive system files. Exploitation does not require user interaction, potentially resulting in full compromise of confidentiality, integrity, and availability.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-46300" }, { "category" : "external", "summary" : "RHBZ#2477015", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2477015" }, { "category" : "external", "summary" : "RHSB-2026-003", "url" : "https://access.redhat.com/security/vulnerabilities/RHSB-2026-003" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-46300", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-46300" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-46300", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-46300" } ], "release_date" : "2026-05-13T12:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-06-04T22:08:31+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids" : [ "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:23469" }, { "category" : "workaround", "details" : "See the security bulletin for a detailed mitigation procedure.", "product_ids" : [ "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "LOCAL", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "privilegesRequired" : "LOW", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version" : "3.1" }, "products" : [ "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Important" } ], "title" : "kernel: \"Fragnesia\" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel" }, { "cve" : "CVE-2026-46333", "cwe" : { "id" : "CWE-269", "name" : "Improper Privilege Management" }, "discovery_date" : "2026-05-15T08:27:21.590000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2477802" } ], "notes" : [ { "category" : "description", "text" : "A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully terminates. Successful exploitation may lead to the disclosure of sensitive data such as SSH host private keys or /etc/shadow contents.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "kernel: Read root-owned files as an unprivileged user", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "This is an Important flaw in the Linux kernel that allows a local unprivileged attacker to read root-owned files. The vulnerability arises from a race condition during process termination, enabling a brief window where sensitive data, such as SSH host private keys or /etc/shadow contents, can be disclosed. This could lead to unauthorized access to sensitive information on affected Red Hat Enterprise Linux systems.\n\nIn OpenShift Container Platform 4, this flaw is rated Low. The default `restricted-v2` Security Context Constraint (SCC) sets `allowPrivilegeEscalation: false` on all pods, which causes the kernel to ignore setuid file bits and prevents target binaries from opening privileged files, breaking the exploit chain entirely. Under non-default SCCs such as `anyuid` that permit privilege escalation, the vulnerability is constrained by PID and mount namespace isolation to the container's own filesystem. An attacker would only be able to access root-owned files already within the container, not host or cross-pod resources. In practice, containers rarely contain sensitive root-owned files that are not already accessible to the pod user through normal means.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-46333" }, { "category" : "external", "summary" : "RHBZ#2477802", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2477802" }, { "category" : "external", "summary" : "RHSB-2026-004", "url" : "https://access.redhat.com/security/vulnerabilities/RHSB-2026-004" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-46333", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-46333" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-46333", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-46333" }, { "category" : "external", "summary" : "https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-local-root-privilege-escalation-and-credential-disclosure-in-the-linux-kernel-ptrace-path", "url" : "https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-local-root-privilege-escalation-and-credential-disclosure-in-the-linux-kernel-ptrace-path" }, { "category" : "external", "summary" : "https://github.com/torvalds/linux/commit/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a", "url" : "https://github.com/torvalds/linux/commit/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a" } ], "release_date" : "2026-05-15T05:55:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-06-04T22:08:31+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids" : [ "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:23469" }, { "category" : "workaround", "details" : "See the security bulletin for a detailed mitigation procedure.", "product_ids" : [ "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "LOCAL", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "privilegesRequired" : "LOW", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version" : "3.1" }, "products" : [ "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debuginfo-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_104_1-debugsource-0:1-16.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debuginfo-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_117_1-debugsource-0:1-13.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debuginfo-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_134_1-debugsource-0:1-7.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debuginfo-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_148_1-debugsource-0:1-5.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.src", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debuginfo-0:1-3.el9_2.x86_64", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.ppc64le", "BaseOS-9.2.0.Z.E4S:kpatch-patch-5_14_0-284_158_1-debugsource-0:1-3.el9_2.x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Important" } ], "title" : "kernel: Read root-owned files as an unprivileged user" } ] }