A vulnerability (CVE-2026-31431, CVSS 7.8 High) in the Linux kernel's `algif_aead` crypto interface could be exploited locally. The affected kernel versions are 4.14 through 5.10.253, 5.11 through 5.15.203, 5.16 through 6.1.169, 6.2 through 6.6.136, and 6.7 through 6.12.84. Red Hat has released live-patch modules for RHEL 9.0 SAP Solutions kernels to mitigate the issue, which requires a system reboot to take effect.
Red Hat Product Errata RHSA-2026:16209 - Security Advisory Issued: 2026-05-12 Updated: 2026-05-12 RHSA-2026:16209 - Security Advisory Overview Updated Packages Synopsis Important: kpatch-patch-5_14_0-70_124_1, kpatch-patch-5_14_0-70_132_1, kpatch-patch-5_14_0-70_144_1, kpatch-patch-5_14_0-70_155_1, and kpatch-patch-5_14_0-70_167_1 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for multiple packages is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module is targeted for kernel-5.14.0-70.124.1.el9_0. Security Fix(es): kernel: crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Fixes BZ - 2460538 - CVE-2026-31431 kernel: crypto: algif_aead - Revert to operating out-of-place CVEs CVE-2026-31431 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM kpatch-patch-5_14_0-70_124_1-1-12.el9_0.src.rpm SHA-256: 25a5e60e073152dcecf95e3084f7620224394302615afa9ff8eaa17f7046d713 kpatch-patch-5_14_0-70_132_1-1-8.el9_0.src.rpm SHA-256: e2415db8484e20ddc0ae7b77febed36022acca64be1d745ebba5c98e819ae39d kpatch-patch-5_14_0-70_144_1-1-4.el9_0.src.rpm SHA-256: a25d5edf27fa0cee87f2610149f061657a7c27d6c8c793aac00b431c0cd6948e kpatch-patch-5_14_0-70_155_1-1-3.el9_0.src.rpm SHA-256: 34f518159fbff2973a8189646fc2d79d15379597ff239c5e633981ee69e3d439 kpatch-patch-5_14_0-70_167_1-1-1.el9_0.src.rpm SHA-256: 6619db66e2fcc0dff9a9d47eb956b549414a350768ad89962639df926cbf6d9b ppc64le kpatch-patch-5_14_0-70_124_1-1-12.el9_0.ppc64le.rpm SHA-256: b9272175a136d417c3cca77db56cbc1bc7705f1ba4f9f0eb9f7364c619ed5285 kpatch-patch-5_14_0-70_124_1-debuginfo-1-12.el9_0.ppc64le.rpm SHA-256: 9d828e2b8c721f4f55fd01f6a343e1b5de1169b40abbd24241b9d2cc4d7e193b kpatch-patch-5_14_0-70_124_1-debugsource-1-12.el9_0.ppc64le.rpm SHA-256: f11c900b7f4d6b0c0f10b06da7e5e4c576f284c0178d17cce2a33741598600da kpatch-patch-5_14_0-70_132_1-1-8.el9_0.ppc64le.rpm SHA-256: df0c23e2d321b8707d7595a357291250b87ec8e3145ae9320a5afe9ad56f8f93 kpatch-patch-5_14_0-70_132_1-debuginfo-1-8.el9_0.ppc64le.rpm SHA-256: c9b4ad4d7bd5f0939c5aa551b40fea36f5cf7017d5b0caea7b4be26209559080 kpatch-patch-5_14_0-70_132_1-debugsource-1-8.el9_0.ppc64le.rpm SHA-256: 334bc460b9da81b78b0cdcb2027e56416f67ce185731787a8260d2ce00c70149 kpatch-patch-5_14_0-70_144_1-1-4.el9_0.ppc64le.rpm SHA-256: 3b30ae6552273c9ffc91406d08f2ee02998966a966fc37b44e768fe41ecb4e4a kpatch-patch-5_14_0-70_144_1-debuginfo-1-4.el9_0.ppc64le.rpm SHA-256: e676a57041356eb01e5eef1b70484d5f8f077250b400d51bbeb835784bcfc264 kpatch-patch-5_14_0-70_144_1-debugsource-1-4.el9_0.ppc64le.rpm SHA-256: c328983e7ba1e81e06c018004bcb28f52db3636c48709adea80fd537298b4622 kpatch-patch-5_14_0-70_155_1-1-3.el9_0.ppc64le.rpm SHA-256: 32251642d72936a8d357abad22e726b48c914d5fd0dc0bb639ea1264f3eb0fab kpatch-patch-5_14_0-70_155_1-debuginfo-1-3.el9_0.ppc64le.rpm SHA-256: f199ee74f171d8eb1c5fbf4734a58011941b922398fe7cc41398dd00d74a7db0 kpatch-patch-5_14_0-70_155_1-debugsource-1-3.el9_0.ppc64le.rpm SHA-256: 6c233c03ea1b095814fbb287d8510484947d213933e61a9c0ae3b8fb6f5e16eb kpatch-patch-5_14_0-70_167_1-1-1.el9_0.ppc64le.rpm SHA-256: 034407993d3175ae9611e19adae45d4c09139d00a91ae8b4f26930554af77b5b kpatch-patch-5_14_0-70_167_1-debuginfo-1-1.el9_0.ppc64le.rpm SHA-256: 4d44497f5fe6abe3516f1f8ea365d7101b0398aca5ab6d6a48df58e74dff2a19 kpatch-patch-5_14_0-70_167_1-debugsource-1-1.el9_0.ppc64le.rpm SHA-256: e3aebb1652524c5947340b42865674948bb0f56a3781989d0d58d2068027316c Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM kpatch-patch-5_14_0-70_124_1-1-12.el9_0.src.rpm SHA-256: 25a5e60e073152dcecf95e3084f7620224394302615afa9ff8eaa17f7046d713 kpatch-patch-5_14_0-70_132_1-1-8.el9_0.src.rpm SHA-256: e2415db8484e20ddc0ae7b77febed36022acca64be1d745ebba5c98e819ae39d kpatch-patch-5_14_0-70_144_1-1-4.el9_0.src.rpm SHA-256: a25d5edf27fa0cee87f2610149f061657a7c27d6c8c793aac00b431c0cd6948e kpatch-patch-5_14_0-70_155_1-1-3.el9_0.src.rpm SHA-256: 34f518159fbff2973a8189646fc2d79d15379597ff239c5e633981ee69e3d439 kpatch-patch-5_14_0-70_167_1-1-1.el9_0.src.rpm SHA-256: 6619db66e2fcc0dff9a9d47eb956b549414a350768ad89962639df926cbf6d9b x86_64 kpatch-patch-5_14_0-70_124_1-1-12.el9_0.x86_64.rpm SHA-256: 5c21c8f65281257cb87e174583a57a1b6fd3a9252bfd691565fece9d0e77e1d4 kpatch-patch-5_14_0-70_124_1-debuginfo-1-12.el9_0.x86_64.rpm SHA-256: 2063ddc015cf98846cb01b1ea80d7ba8c3d6369d63c078e377b8ebeccf813d5f kpatch-patch-5_14_0-70_124_1-debugsource-1-12.el9_0.x86_64.rpm SHA-256: 74bb71168833a5543944048bd24f888bd320d75bdba5d875edafc27d24fb8d29 kpatch-patch-5_14_0-70_132_1-1-8.el9_0.x86_64.rpm SHA-256: 9e8ac80e2e3f4b38d6428bf3b6ab066cae22c0c432523a784ec2c6918e94ae6f kpatch-patch-5_14_0-70_132_1-debuginfo-1-8.el9_0.x86_64.rpm SHA-256: e936c8f5e109917178983186caf69225da75620de080f7d38313003525940c35 kpatch-patch-5_14_0-70_132_1-debugsource-1-8.el9_0.x86_64.rpm SHA-256: 50a0e54f9b5bf18b1ce859cefeb1364e45e11241e4cd7f1b50548b1b47841a22 kpatch-patch-5_14_0-70_144_1-1-4.el9_0.x86_64.rpm SHA-256: 9c26fc0ebfbe17394702cde73838c275541a933559b1d6b3e1c187cd39791475 kpatch-patch-5_14_0-70_144_1-debuginfo-1-4.el9_0.x86_64.rpm SHA-256: e9d885c042dc97b893ef51cd48079163888d9e018c9a2d2fdce59c2e13069521 kpatch-patch-5_14_0-70_144_1-debugsource-1-4.el9_0.x86_64.rpm SHA-256: 3be3eb50ee7de293bb713388045070f70bc68562fe769bdf17a1efea137a86a1 kpatch-patch-5_14_0-70_155_1-1-3.el9_0.x86_64.rpm SHA-256: c7e62d96ab8c335460fb7552228b98db86ebbc6d14116ec047dd00c30cd5a9c3 kpatch-patch-5_14_0-70_155_1-debuginfo-1-3.el9_0.x86_64.rpm SHA-256: e8ecf61a73321a6af4f511ebd5ced4aae489c4ef7b2ee13158fe1a4723d377ed kpatch-patch-5_14_0-70_155_1-debugsource-1-3.el9_0.x86_64.rpm SHA-256: b289fbf2358796d5e267b8278051f305c73e1a84ee63a8a7fa15029134a6c329 kpatch-patch-5_14_0-70_167_1-1-1.el9_0.x86_64.rpm SHA-256: 1dc73817633d2edc8a3b354a756781d70dbe82c9554db6d803c01061f2fcf87d kpatch-patch-5_14_0-70_167_1-debuginfo-1-1.el9_0.x86_64.rpm SHA-256: 64f090ea6263bb40946f1de940d97257967593867d512ec8f574e4cc17959454 kpatch-patch-5_14_0-70_167_1-debugsource-1-1.el9_0.x86_64.rpm SHA-256: 48258c3ba285d78bb32b4bb7c42da38f0a3d6611f494fa599af7d10711dec66d The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .