Red Hat Product Errata RHSA-2026:13565 - Security Advisory Issued: 2026-05-04 Updated: 2026-05-04 RHSA-2026:13565 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state (CVE-2026-23136) kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270) kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402) kernel: crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Fixes BZ - 2439852 - CVE-2026-23136 kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state BZ - 2448745 - CVE-2026-23270 kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation BZ - 2454844 - CVE-2026-31402 kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache BZ - 2460538 - CVE-2026-31431 kernel: crypto: algif_aead - Revert to operating out-of-place CVEs CVE-2026-23136 CVE-2026-23270 CVE-2026-31402 CVE-2026-31431 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM kernel-5.14.0-611.54.1.el9_7.src.rpm SHA-256: 59de4a0b48113239690def08836d6f501d621603410f16bc49daeaf2da62a43e x86_64 kernel-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 0c7b380d755fc61d1c8df4ff88722de74c9bba68a5a172035c38e4b7dd0a4d61 kernel-abi-stablelists-5.14.0-611.54.1.el9_7.noarch.rpm SHA-256: 7d2c9b69d7a1baa2af3b50a521a08946cdc66a4ac3223f7f044b529d59034e90 kernel-core-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 93a920fd8cdd196b8df39541560a8567be3d4c064b51d2e5e71bb948880245d7 kernel-debug-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: c9ee4a42478e1f0f5602cf102e0947a78de4e4f012153a1a38631973a1b9831f kernel-debug-core-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 8581df3da7e4040593b5385d63f7e5e0775f535618e5950ae79e0eac2809c46a kernel-debug-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 91688063a434e3db7d12e8b32a67e1292e34de4dda4992ff9f2e57b62a5e773f kernel-debug-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 91688063a434e3db7d12e8b32a67e1292e34de4dda4992ff9f2e57b62a5e773f kernel-debug-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 91688063a434e3db7d12e8b32a67e1292e34de4dda4992ff9f2e57b62a5e773f kernel-debug-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 91688063a434e3db7d12e8b32a67e1292e34de4dda4992ff9f2e57b62a5e773f kernel-debug-devel-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 4f31acf6775e8fc19acc41f2fcced78236372eab9902ea1258480995f6a576b6 kernel-debug-devel-matched-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 1f1a014d4ac74b2abd14fea8f9b9897c4206de20a8225ae6f753ee5c867b385c kernel-debug-modules-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: ac54cc1c33ef57f8e1fddb706bd810497351c5a1eb2464a4448e3a29591ea38f kernel-debug-modules-core-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 63dbe670fefa0511df8e33564f2790707bf38f4476d416ba2bb6ce50242b02c8 kernel-debug-modules-extra-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: c93aa4f5d963339785672061ad07bd847bc222c27167c0638d22e1d25a46fd97 kernel-debug-uki-virt-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: fd037534f362fa1e6a812cd93994299ec827d8aec9cadb41deacfaa184934318 kernel-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 2fd6bc2ced459c949b930a64146cfa7fe8358c350cae17f8b442fd3a0ecec196 kernel-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 2fd6bc2ced459c949b930a64146cfa7fe8358c350cae17f8b442fd3a0ecec196 kernel-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 2fd6bc2ced459c949b930a64146cfa7fe8358c350cae17f8b442fd3a0ecec196 kernel-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 2fd6bc2ced459c949b930a64146cfa7fe8358c350cae17f8b442fd3a0ecec196 kernel-debuginfo-common-x86_64-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 0bf84b422d03350d1bd89a1f4218f391d17716addcfcf3c3677edd3f8295715c kernel-debuginfo-common-x86_64-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 0bf84b422d03350d1bd89a1f4218f391d17716addcfcf3c3677edd3f8295715c kernel-debuginfo-common-x86_64-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 0bf84b422d03350d1bd89a1f4218f391d17716addcfcf3c3677edd3f8295715c kernel-debuginfo-common-x86_64-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 0bf84b422d03350d1bd89a1f4218f391d17716addcfcf3c3677edd3f8295715c kernel-devel-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 1cd61860fc4b84c78d606e0a3f9842e71e2d773c3fa5787dbbe9a420a2c0d972 kernel-devel-matched-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 323eaa58bea647b2ab3e8afc26165837889bec8fab840a3a3dac08fb58311c17 kernel-doc-5.14.0-611.54.1.el9_7.noarch.rpm SHA-256: 4765ca414ec2f9894740f0bddf88838b60e74a3fcaaf17c12a6d322c21eca400 kernel-headers-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 0b0cac1f70c953850798b2430e8918e231d93e58d5ed03c6d92cb0b45a33915f kernel-modules-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 578ea744720be0b7b7594f9330de3642fc5142ef69c93522db46e9c085eea6c2 kernel-modules-core-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 487c13f40ba0b8ed408499626be73bc8426276e3ace096aaa94dd2387e4a2fa1 kernel-modules-extra-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 6cbb720356a11a1fd0891ab6157f1547fd01aded64cceedd993b3631316ffcf5 kernel-rt-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 777aaf1eb1986cfcb28b4c1902d118df28fbcf9690a941127699370153bea4d7 kernel-rt-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 777aaf1eb1986cfcb28b4c1902d118df28fbcf9690a941127699370153bea4d7 kernel-rt-core-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 5c634dd705bd41d47319e915f12ff6fc2ec04c26969bc3995647bd81b1cb105f kernel-rt-core-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 5c634dd705bd41d47319e915f12ff6fc2ec04c26969bc3995647bd81b1cb105f kernel-rt-debug-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 0bcbb678b6401027e17bed6db21e3ba69212d7b998665afc20d5cf2385397895 kernel-rt-debug-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 0bcbb678b6401027e17bed6db21e3ba69212d7b998665afc20d5cf2385397895 kernel-rt-debug-core-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 170073172cdad90415c98c6e9afae4fe0ee9deeff1935a2b1e198ca39266f65c kernel-rt-debug-core-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 170073172cdad90415c98c6e9afae4fe0ee9deeff1935a2b1e198ca39266f65c kernel-rt-debug-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 24ce36748a313d59be516a650db1dc6d5b03cf2e97a45c0c65782a8ad8f804c4 kernel-rt-debug-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 24ce36748a313d59be516a650db1dc6d5b03cf2e97a45c0c65782a8ad8f804c4 kernel-rt-debug-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 24ce36748a313d59be516a650db1dc6d5b03cf2e97a45c0c65782a8ad8f804c4 kernel-rt-debug-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 24ce36748a313d59be516a650db1dc6d5b03cf2e97a45c0c65782a8ad8f804c4 kernel-rt-debug-devel-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 3794aa3831f6115024610dd06626a2e3ca0c71a48e3415f82464da887cf13e91 kernel-rt-debug-devel-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 3794aa3831f6115024610dd06626a2e3ca0c71a48e3415f82464da887cf13e91 kernel-rt-debug-modules-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 46fdcd33a572a380d27071bfe241de6b107cab2f45320ff9186dc0ca041e1bb2 kernel-rt-debug-modules-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 46fdcd33a572a380d27071bfe241de6b107cab2f45320ff9186dc0ca041e1bb2 kernel-rt-debug-modules-core-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: ed2cb01e945fe0edcc1777cfd6ae15ec7f153deb513883d061b0269d09c9b298 kernel-rt-debug-modules-core-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: ed2cb01e945fe0edcc1777cfd6ae15ec7f153deb513883d061b0269d09c9b298 kernel-rt-debug-modules-extra-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 1a09e3e68d3f794d0ff8388146b4fe251a5584bda3f59f7fc66de6223c8f0dfa kernel-rt-debug-modules-extra-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 1a09e3e68d3f794d0ff8388146b4fe251a5584bda3f59f7fc66de6223c8f0dfa kernel-rt-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 7d45f64454748fe7da4b20f62258b6f1da90ed3f27dbb352ec30006b3e66c50e kernel-rt-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 7d45f64454748fe7da4b20f62258b6f1da90ed3f27dbb352ec30006b3e66c50e kernel-rt-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 7d45f64454748fe7da4b20f62258b6f1da90ed3f27dbb352ec30006b3e66c50e kernel-rt-debuginfo-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 7d45f64454748fe7da4b20f62258b6f1da90ed3f27dbb352ec30006b3e66c50e kernel-rt-devel-5.14.0-611.54.1.el9_7.x86_64.rpm SHA-256: 9ba7ac1f546cde696332f9541344c40fc2415680b1e496885cb2c8910dbe1917 kernel-rt-dev