This Red Hat security advisory addresses eight vulnerabilities in the kernel-rt package for RHEL 9.0 SAP Solutions, including a high-severity use-after-free in iSCSI target (CVE-2026-23193, CVSS 8.8), a privilege escalation in KVM (CVE-2026-23401), and a heap overflow in NFSv4.0 (CVE-2026-31402). The specific affected kernel version ranges are detailed in the NVD data for each CVE, such as CVE-2026-23193 affecting kernel versions from 3.1 to before 5.10.250, 5.11 to before 5.15.200, and others. A system reboot is required after applying the update.
Red Hat Product Errata RHSA-2026:14137 - Security Advisory Issued: 2026-05-06 Updated: 2026-05-06 RHSA-2026:14137 - Security Advisory Overview Updated Packages Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (CVE-2025-37861) kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration (CVE-2026-23097) kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CVE-2026-23193) kernel: ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191) kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243) kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401) kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402) kernel: crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Fixes BZ - 2365256 - CVE-2025-37861 kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue BZ - 2436802 - CVE-2026-23097 kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration BZ - 2439887 - CVE-2026-23193 kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() BZ - 2439947 - CVE-2026-23191 kernel: ALSA: aloop: Fix racy access at PCM trigger BZ - 2448594 - CVE-2026-23243 kernel: Linux kernel: Denial of service and memory corruption in RDMA umad BZ - 2453803 - CVE-2026-23401 kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling BZ - 2454844 - CVE-2026-31402 kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache BZ - 2460538 - CVE-2026-31431 kernel: crypto: algif_aead - Revert to operating out-of-place CVEs CVE-2025-37861 CVE-2026-23097 CVE-2026-23191 CVE-2026-23193 CVE-2026-23243 CVE-2026-23401 CVE-2026-31402 CVE-2026-31431 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM kernel-rt-5.14.0-70.178.1.rt21.250.el9_0.src.rpm SHA-256: 35b43f1c48cc84127a020c0d499868307ee16178a46cca6b307e8cce40e25afd x86_64 kernel-rt-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 8bdeb7af09b2f77a0fa7f832170316cc29ab870d821cebd4fad060758a562e61 kernel-rt-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 8bdeb7af09b2f77a0fa7f832170316cc29ab870d821cebd4fad060758a562e61 kernel-rt-core-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 791eab0c3d9ce62ca7b5bad2ef073b0f8b8177aa55660c5b0928da68c59c947f kernel-rt-core-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 791eab0c3d9ce62ca7b5bad2ef073b0f8b8177aa55660c5b0928da68c59c947f kernel-rt-debug-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 0ee5b88db8a560b4e443a19f079f58edc707b308bbc2ef75ec1969d309242d75 kernel-rt-debug-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 0ee5b88db8a560b4e443a19f079f58edc707b308bbc2ef75ec1969d309242d75 kernel-rt-debug-core-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: ae4c3844c977ce61a45d69dc9dfdae43f37a162328210b2011d8d657817b872d kernel-rt-debug-core-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: ae4c3844c977ce61a45d69dc9dfdae43f37a162328210b2011d8d657817b872d kernel-rt-debug-debuginfo-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 5e7f67303b12b0715e9019bbad35a3af856482619116e4e78ded55d62c452acb kernel-rt-debug-debuginfo-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 5e7f67303b12b0715e9019bbad35a3af856482619116e4e78ded55d62c452acb kernel-rt-debug-devel-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 85d95b44b1e077b093e251046fc551951ed398ecd68da18f0f64c31fdac67e0a kernel-rt-debug-devel-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 85d95b44b1e077b093e251046fc551951ed398ecd68da18f0f64c31fdac67e0a kernel-rt-debug-kvm-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 194e3ba9ddad7f0694aeec7982937016e91842cd88407e06aee1d1ad810f6774 kernel-rt-debug-modules-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 2372eb6501de4dad08bab3a08520e3e7c655d6dfedc3a6b3bb80d0e16e6b0e65 kernel-rt-debug-modules-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 2372eb6501de4dad08bab3a08520e3e7c655d6dfedc3a6b3bb80d0e16e6b0e65 kernel-rt-debug-modules-extra-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: e7860ab953fd4ad3477527eb120d6ce9f16c6a2b18c457f83fd11819c348f234 kernel-rt-debug-modules-extra-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: e7860ab953fd4ad3477527eb120d6ce9f16c6a2b18c457f83fd11819c348f234 kernel-rt-debuginfo-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: d72934414318694824e59ccd1b2ec3bf6376d5c008585ada049025f8deb00f93 kernel-rt-debuginfo-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: d72934414318694824e59ccd1b2ec3bf6376d5c008585ada049025f8deb00f93 kernel-rt-debuginfo-common-x86_64-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 5b547538996535a37ae011681ddc20d8418348f8575f8bb081e38b05c6c615ee kernel-rt-debuginfo-common-x86_64-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 5b547538996535a37ae011681ddc20d8418348f8575f8bb081e38b05c6c615ee kernel-rt-devel-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 52c79c701545b4393c15f76903d99841aa1d0e79aa97349e9f62373880e68969 kernel-rt-devel-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 52c79c701545b4393c15f76903d99841aa1d0e79aa97349e9f62373880e68969 kernel-rt-kvm-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: 97af9486d03bac7cbd334fd78cb69d3e6b3f3285ec2da2c1e7c311f910964704 kernel-rt-modules-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: a2d7cce59af2935c45150be47416d77e9ef687332f2eb1443f6c0dd91c436006 kernel-rt-modules-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: a2d7cce59af2935c45150be47416d77e9ef687332f2eb1443f6c0dd91c436006 kernel-rt-modules-extra-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: c2a6f17013e5cb44e5dfe99fd3cc2a234589592a05e6252421e364eddcd16d21 kernel-rt-modules-extra-5.14.0-70.178.1.rt21.250.el9_0.x86_64.rpm SHA-256: c2a6f17013e5cb44e5dfe99fd3cc2a234589592a05e6252421e364eddcd16d21 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .