Red Hat Product Errata RHSA-2026:9835 - Security Advisory Issued: 2026-04-22 Updated: 2026-04-22 RHSA-2026:9835 - Security Advisory Overview Updated Packages Synopsis Moderate: kernel-rt security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001) kernel: net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204) kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain() (CVE-2026-23231) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Fixes BZ - 2432664 - CVE-2026-23001 kernel: macvlan: fix possible UAF in macvlan_forward_source() BZ - 2439931 - CVE-2026-23204 kernel: net/sched: cls_u32: use skb_header_pointer_careful() BZ - 2444376 - CVE-2026-23231 kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain() CVEs CVE-2026-23001 CVE-2026-23204 CVE-2026-23231 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM kernel-rt-5.14.0-70.175.1.rt21.247.el9_0.src.rpm SHA-256: e92f1e85814055baa536d138b99b95b35d31210bd87b8ace86d1dc643f887f57 x86_64 kernel-rt-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: e06694145d533fc544e9154aa707148540a42325d0ccff59d795f6be46e25ee2 kernel-rt-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: e06694145d533fc544e9154aa707148540a42325d0ccff59d795f6be46e25ee2 kernel-rt-core-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: c9959f3971c0d1ef03d66d5aa44e757c082a960e5d644543b30036e345f9295e kernel-rt-core-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: c9959f3971c0d1ef03d66d5aa44e757c082a960e5d644543b30036e345f9295e kernel-rt-debug-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: f051154760e1621a754734cdba6ff145b3c18b75bf6f502ee6d90965a15a57cf kernel-rt-debug-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: f051154760e1621a754734cdba6ff145b3c18b75bf6f502ee6d90965a15a57cf kernel-rt-debug-core-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: a3e558c1df67f3b7b7faebec9ceccdccc37215a371b3db31f67ce1cbff246ebf kernel-rt-debug-core-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: a3e558c1df67f3b7b7faebec9ceccdccc37215a371b3db31f67ce1cbff246ebf kernel-rt-debug-debuginfo-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 6e9b5a081be6605ccbb2ba99fc2a02083a645f9b30d04eeed4eb302ca570ef2d kernel-rt-debug-debuginfo-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 6e9b5a081be6605ccbb2ba99fc2a02083a645f9b30d04eeed4eb302ca570ef2d kernel-rt-debug-devel-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 7b355de610a5afdc569d62daac320f017f94c77f102e0de3492dcba9922fb005 kernel-rt-debug-devel-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 7b355de610a5afdc569d62daac320f017f94c77f102e0de3492dcba9922fb005 kernel-rt-debug-kvm-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 64b0bb903ab5d3031ef39fbea4ef86e3bf49adc051dcef99469ac6a168218e69 kernel-rt-debug-modules-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 2bd8f706acc00272c38901cc667d0999e3fbd352ffe24f3f7f17db9089121a49 kernel-rt-debug-modules-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 2bd8f706acc00272c38901cc667d0999e3fbd352ffe24f3f7f17db9089121a49 kernel-rt-debug-modules-extra-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 1c89b0dd596825a4fc7ac71c40cc4e4cb7e9e85b5f31bef9fb9ae81a98e310c8 kernel-rt-debug-modules-extra-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 1c89b0dd596825a4fc7ac71c40cc4e4cb7e9e85b5f31bef9fb9ae81a98e310c8 kernel-rt-debuginfo-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 60d104eef1500f710d5475c1fc358b6634aeb7a0b07622cca1aaf0d45828e048 kernel-rt-debuginfo-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 60d104eef1500f710d5475c1fc358b6634aeb7a0b07622cca1aaf0d45828e048 kernel-rt-debuginfo-common-x86_64-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 08ce2211cb5d45119a8c248e11e6dd289787d47c4ef9251af1533d532407a986 kernel-rt-debuginfo-common-x86_64-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 08ce2211cb5d45119a8c248e11e6dd289787d47c4ef9251af1533d532407a986 kernel-rt-devel-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: ea8e07cd5b62efc04ba51708e99cb00c6d1e099023051ceb53d20f207d6cb23e kernel-rt-devel-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: ea8e07cd5b62efc04ba51708e99cb00c6d1e099023051ceb53d20f207d6cb23e kernel-rt-kvm-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: 8bec486928abeca574913d480b16b67cbeebb6b6fd1e56ba7cf54e854e507e96 kernel-rt-modules-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: e6c6c8728f79d277869245ccdd5e62e79f6017a0538fdf4ec83e44a5dcd782af kernel-rt-modules-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: e6c6c8728f79d277869245ccdd5e62e79f6017a0538fdf4ec83e44a5dcd782af kernel-rt-modules-extra-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: d759fe020d6973ad43dc7cc6b4feebc6a0585f32c96cb74538bf89382b026f41 kernel-rt-modules-extra-5.14.0-70.175.1.rt21.247.el9_0.x86_64.rpm SHA-256: d759fe020d6973ad43dc7cc6b4feebc6a0585f32c96cb74538bf89382b026f41 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .