This Important Red Hat kernel-rt security update addresses four CVEs, including a heap overflow in the NFSv4.0 LOCK replay cache (CVE-2026-31402) and a NULL pointer dereference in SCTP (CVE-2025-40240). The update is for Red Hat Enterprise Linux 7 Extended Lifecycle Support, and the fixed packages are version kernel-rt-3.10.0-1160.149.1.rt56.1301.el7. A system reboot is required after applying the patch.
Red Hat Product Errata RHSA-2026:14869 - Security Advisory Issued: 2026-05-07 Updated: 2026-05-07 RHSA-2026:14869 - Security Advisory Overview Updated Packages Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885) kernel: sctp: avoid NULL dereference when chunk data buffer is missing (CVE-2025-40240) kernel: ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191) kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 x86_64 Fixes BZ - 1661503 - CVE-2018-16885 kernel: out-of-bound read in memcpy_fromiovecend() BZ - 2418832 - CVE-2025-40240 kernel: sctp: avoid NULL dereference when chunk data buffer is missing BZ - 2439947 - CVE-2026-23191 kernel: ALSA: aloop: Fix racy access at PCM trigger BZ - 2454844 - CVE-2026-31402 kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache CVEs CVE-2018-16885 CVE-2025-40240 CVE-2026-23191 CVE-2026-31402 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 SRPM kernel-rt-3.10.0-1160.149.1.rt56.1301.el7.src.rpm SHA-256: 81e39160671158a29daf2e3f4ee4ff0620c81b0bb5af219345d8acf2a7c7fcb1 x86_64 kernel-rt-3.10.0-1160.149.1.rt56.1301.el7.x86_64.rpm SHA-256: 1b53e9a96a127fbae4e33c341dce3d6ca875d55a8df9bd7c10a7b33db60bdfdf kernel-rt-debug-3.10.0-1160.149.1.rt56.1301.el7.x86_64.rpm SHA-256: de913d6ead46d9202ed4acbe30c471cae77c7b6f398f8ff6e4b256cde08ce13b kernel-rt-debug-debuginfo-3.10.0-1160.149.1.rt56.1301.el7.x86_64.rpm SHA-256: 1bd4af7720058ff2427974b238a44e85f951cdbbc842b10f5268a85b3804e190 kernel-rt-debug-devel-3.10.0-1160.149.1.rt56.1301.el7.x86_64.rpm SHA-256: 4e6b4f79a7c6973676208c4148c084354b93774d5bde339b0803795f122f6338 kernel-rt-debuginfo-3.10.0-1160.149.1.rt56.1301.el7.x86_64.rpm SHA-256: 0e710fc416eca790d411bc8bc01c2e503cd3a75fcb3c206d4eeb6b90f26f42b8 kernel-rt-debuginfo-common-x86_64-3.10.0-1160.149.1.rt56.1301.el7.x86_64.rpm SHA-256: e0b00d302da0ba0e0fc5395b03241e6ece4cdf106565b58b54a4dc04d80d75fb kernel-rt-devel-3.10.0-1160.149.1.rt56.1301.el7.x86_64.rpm SHA-256: 0cc765469247dca7e1a195915a95a665ef32190162e93a297274bfaf334201ca kernel-rt-doc-3.10.0-1160.149.1.rt56.1301.el7.noarch.rpm SHA-256: 142f5679d3d2a6772c9414ea72da9b91837869242a661baa6023ce7f004c3c4d kernel-rt-trace-3.10.0-1160.149.1.rt56.1301.el7.x86_64.rpm SHA-256: 19f47a202b82f9fcb9a950012470c6e54c0a24878861b0cf773a4b219959e34f kernel-rt-trace-debuginfo-3.10.0-1160.149.1.rt56.1301.el7.x86_64.rpm SHA-256: 9d7ffc219e03ff5013edece49c9a2fd95a049d8f71bbd0adf2ab1111ed69983e kernel-rt-trace-devel-3.10.0-1160.149.1.rt56.1301.el7.x86_64.rpm SHA-256: e0e869e199df835ae2e6a5330a0ba0d4be4cc253665335633755071ea2cead75 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .