Red Hat Product Errata RHSA-2026:13932 - Security Advisory Issued: 2026-05-06 Updated: 2026-05-06 RHSA-2026:13932 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191) kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation. (CVE-2025-71238) kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401) kernel: crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431) kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2439947 - CVE-2026-23191 kernel: ALSA: aloop: Fix racy access at PCM trigger BZ - 2444398 - CVE-2025-71238 kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation. BZ - 2453803 - CVE-2026-23401 kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling BZ - 2460538 - CVE-2026-31431 kernel: crypto: algif_aead - Revert to operating out-of-place BZ - 2461107 - CVE-2026-31532 kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() CVEs CVE-2025-71238 CVE-2026-23191 CVE-2026-23401 CVE-2026-31431 CVE-2026-31532 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM kernel-5.14.0-427.124.1.el9_4.src.rpm SHA-256: b67d802f5332283175c2843f8b8152316190c72c041096e59608f4950334b320 x86_64 bpftool-7.3.0-427.124.1.el9_4.x86_64.rpm SHA-256: 3919e65731e9a300137a431a504666ff52a0681fffb59512b7b25edd7b91cb6d bpftool-debuginfo-7.3.0-427.124.1.el9_4.x86_64.rpm SHA-256: c35a27478caa2e8fc4f4edcf4f1635d3a6782f0703fc8220e5b33242b610ce37 bpftool-debuginfo-7.3.0-427.124.1.el9_4.x86_64.rpm SHA-256: c35a27478caa2e8fc4f4edcf4f1635d3a6782f0703fc8220e5b33242b610ce37 bpftool-debuginfo-7.3.0-427.124.1.el9_4.x86_64.rpm SHA-256: c35a27478caa2e8fc4f4edcf4f1635d3a6782f0703fc8220e5b33242b610ce37 bpftool-debuginfo-7.3.0-427.124.1.el9_4.x86_64.rpm SHA-256: c35a27478caa2e8fc4f4edcf4f1635d3a6782f0703fc8220e5b33242b610ce37 kernel-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 31a609da56e7da65469001fa3c47f0902ceef53a828fdf59d4980b89926ed0a9 kernel-abi-stablelists-5.14.0-427.124.1.el9_4.noarch.rpm SHA-256: 2bc87d9bc14d14153bd969c54855964f6ce489ef05ac818e0428965bbe59ae00 kernel-core-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 32a52b3a2fe7f1914112f71a1bc6edf88460f8066c8b85b2c24af88d2df73c2b kernel-debug-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 7c423e35c753f3faf8890893b3a5fefb2ce88ab5129ccfcbb5ff70e1fe0a68f6 kernel-debug-core-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 678797f97fde87566081d5ba43a8376406bf9766d4f5a4d2fc56d1c6cec7dfd3 kernel-debug-debuginfo-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: faa51cba5193d8b75a3fdc44aae5cf311952c02f3015a976492b443859eb4a67 kernel-debug-debuginfo-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: faa51cba5193d8b75a3fdc44aae5cf311952c02f3015a976492b443859eb4a67 kernel-debug-debuginfo-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: faa51cba5193d8b75a3fdc44aae5cf311952c02f3015a976492b443859eb4a67 kernel-debug-debuginfo-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: faa51cba5193d8b75a3fdc44aae5cf311952c02f3015a976492b443859eb4a67 kernel-debug-devel-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 1e271efbcf4c78e1bcb1807676eb01712231673fae1e6d7824217c2fcf4af052 kernel-debug-devel-matched-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: a05974b52d13e91f319817e1097ea19dfa59b5f8cd57dfdac7d77e5b8af7a183 kernel-debug-modules-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: af4594d152399320b912641eb5cd5ed15b23acc60911509220d757f6534cfb13 kernel-debug-modules-core-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: fab7cadd178ccd15a5534b08dd697a138edea0486d235d744414d388f32df5c7 kernel-debug-modules-extra-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 1d42ba47e6c0f03ba7c5ff3cb7cce7db6c20f9d0a6bad972909495b442f7a0d1 kernel-debug-uki-virt-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: ade0bb89c9a291878945472546ecddce35ef3242ff4f1c042efd0383bd79bafe kernel-debuginfo-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 0ca9db0233b1daa0af3142754258c07ae5676d49787024964ba310918ed573c1 kernel-debuginfo-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 0ca9db0233b1daa0af3142754258c07ae5676d49787024964ba310918ed573c1 kernel-debuginfo-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 0ca9db0233b1daa0af3142754258c07ae5676d49787024964ba310918ed573c1 kernel-debuginfo-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 0ca9db0233b1daa0af3142754258c07ae5676d49787024964ba310918ed573c1 kernel-debuginfo-common-x86_64-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 722f1c4d52c211e00ef256373e75a7eb493df21d146dd654daaa08caba7ae9de kernel-debuginfo-common-x86_64-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 722f1c4d52c211e00ef256373e75a7eb493df21d146dd654daaa08caba7ae9de kernel-debuginfo-common-x86_64-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 722f1c4d52c211e00ef256373e75a7eb493df21d146dd654daaa08caba7ae9de kernel-debuginfo-common-x86_64-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 722f1c4d52c211e00ef256373e75a7eb493df21d146dd654daaa08caba7ae9de kernel-devel-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 6dd6e9610494bb16a3cc84105da2390cdf32e2ddd868145790a473e8ff64421d kernel-devel-matched-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: c6ba60b5f33718e8743b8e2f262bd8788ce7b86074dec93ea4baaed009e8cb97 kernel-doc-5.14.0-427.124.1.el9_4.noarch.rpm SHA-256: b0c5e0dede5b6a3c1461d3dd5ca4262f81d4d8717690b9ed2afa7d181ffe607d kernel-headers-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 999c67e590c535c2e52a5b9d8f7dabb4170d641ca7f4444a04a2702acf634529 kernel-modules-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 27bbf78cb8f7a5e0eb1c4629ada846056d24424a9f0a1d06dd1a5f996c2a63ab kernel-modules-core-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 66c15a5187ac449828b64699490e1e92757e565460e62b0b43e4333e13d62b15 kernel-modules-extra-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: a384f4a327906f5122199945d70516bc46ea5494a665b7aa6283f28c13e3c827 kernel-rt-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 9b2ebb83fc50a153cc24fc7e5d04a802a462f7fdf73c8f79d9aa33a3cf573e79 kernel-rt-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 9b2ebb83fc50a153cc24fc7e5d04a802a462f7fdf73c8f79d9aa33a3cf573e79 kernel-rt-core-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 28b7241efe52101594f2af8fd2d9ce40c638d8b23c87126a7301265f4ee857c8 kernel-rt-core-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 28b7241efe52101594f2af8fd2d9ce40c638d8b23c87126a7301265f4ee857c8 kernel-rt-debug-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 5c36e1e194a6560ec4b81213901670d537de3a0408a7e6dd1cc89ac1e84ba13a kernel-rt-debug-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 5c36e1e194a6560ec4b81213901670d537de3a0408a7e6dd1cc89ac1e84ba13a kernel-rt-debug-core-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 164fa3b2b637e71b72ad18ed5dc1d168d92c17d0c55d1ddd7b31144d79a4f650 kernel-rt-debug-core-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 164fa3b2b637e71b72ad18ed5dc1d168d92c17d0c55d1ddd7b31144d79a4f650 kernel-rt-debug-debuginfo-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 90403af89aa98c3f7a747058a91758c3904f6751169aba11fca8a63ac8427a3a kernel-rt-debug-debuginfo-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 90403af89aa98c3f7a747058a91758c3904f6751169aba11fca8a63ac8427a3a kernel-rt-debug-debuginfo-5.14.0-427.124.1.el9_4.x86_64.rpm SHA-256: 90403af89aa98c3f7a747058a91758c3904f6751169aba11fca8a63ac8427a3a kernel-rt-debug-debuginfo-5.14.0