Red Hat Product Errata RHSA-2026:19225 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19225 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD (CVE-2026-23060) kernel: crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431) kernel: crypto: af_alg - limit RX SG extraction by receive buffer budget (CVE-2026-31677) kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.8 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2436779 - CVE-2026-23060 kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD BZ - 2460538 - CVE-2026-31431 kernel: crypto: algif_aead - Revert to operating out-of-place BZ - 2461763 - CVE-2026-31677 kernel: crypto: af_alg - limit RX SG extraction by receive buffer budget BZ - 2467771 - CVE-2026-43284 kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel CVEs CVE-2026-23060 CVE-2026-31431 CVE-2026-31677 CVE-2026-43284 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM kernel-5.14.0-687.5.3.el9_8.src.rpm SHA-256: 7ec173afa722ab729109898f821bd26c766dcb03884f4f9237b87868d55c717e x86_64 kernel-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 57d13ea8e6ab9b0b7e54431b50005923c8b299f2e5031f7da6616f38728c38ca kernel-abi-stablelists-5.14.0-687.5.3.el9_8.noarch.rpm SHA-256: 1c43f89c32468db1ec967f16c687a92338d31788fcdd451f5c2f3540797b4d8d kernel-core-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 0d104b0d444ba72b0a8e021716d18b597a2d99b9e892f110013f53ad3a7fbb95 kernel-debug-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: e2d93889764626811c34bf9674ffa63b2e452713b7d7d01c3e48edcb2a45f873 kernel-debug-core-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 3309fda485a822f85e716e446329957eb7709c17c7d49cbe4cc3825cd86fe896 kernel-debug-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 80283d45f84eb324db3c83133ea236bfa7f1897e413d9c0fc81eb03d185b3d76 kernel-debug-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 80283d45f84eb324db3c83133ea236bfa7f1897e413d9c0fc81eb03d185b3d76 kernel-debug-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 80283d45f84eb324db3c83133ea236bfa7f1897e413d9c0fc81eb03d185b3d76 kernel-debug-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 80283d45f84eb324db3c83133ea236bfa7f1897e413d9c0fc81eb03d185b3d76 kernel-debug-devel-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 3c4010af5c492b6f173ec4bdef93c0cd77449f07e399944cd62fe8107c9ade17 kernel-debug-devel-matched-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 499987fdd3b483d2a9d27e6e81095ea33d93f9c18f43325ce8bea66b8dfd838c kernel-debug-modules-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 330482d6447f09b4074be8c5aa212fb05996a25a91c6555e8e44fd2e2f97ccfd kernel-debug-modules-core-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 895438e98e25fa123d7481407b4220a37cb01dcc639cb045ba6e4fe1d835d930 kernel-debug-modules-extra-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 38f665d0d33c0225afeb41e817ce2d2677180c196c2e8b756025fabb31238c74 kernel-debug-uki-virt-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 654369c71c2ccd0051939b8f8c5f414648d47c78f29e5434042c6ed970207b47 kernel-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 8a9620bdbb55620c358a8df22310d7311420f026b304900c519d6e3b8e88e077 kernel-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 8a9620bdbb55620c358a8df22310d7311420f026b304900c519d6e3b8e88e077 kernel-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 8a9620bdbb55620c358a8df22310d7311420f026b304900c519d6e3b8e88e077 kernel-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 8a9620bdbb55620c358a8df22310d7311420f026b304900c519d6e3b8e88e077 kernel-debuginfo-common-x86_64-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 3599e26aecc3e7e06d7a7d3f0907c50e7b7f9fa46b7ae690dae5ff93f1e3e2bc kernel-debuginfo-common-x86_64-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 3599e26aecc3e7e06d7a7d3f0907c50e7b7f9fa46b7ae690dae5ff93f1e3e2bc kernel-debuginfo-common-x86_64-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 3599e26aecc3e7e06d7a7d3f0907c50e7b7f9fa46b7ae690dae5ff93f1e3e2bc kernel-debuginfo-common-x86_64-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 3599e26aecc3e7e06d7a7d3f0907c50e7b7f9fa46b7ae690dae5ff93f1e3e2bc kernel-devel-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 48f4a8a8220c14a5504b3a66ed5fe31e9204f767fc81e7f2212ba9e0dc3b3582 kernel-devel-matched-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 69da28beefc1c1ec326f7fc45115da7e951c7d01b522287ad618512bb189fd80 kernel-doc-5.14.0-687.5.3.el9_8.noarch.rpm SHA-256: a2e6ac28dbb1738fe108be75f94ffae789f2303359e1bd5da3c4f3445dffbb46 kernel-headers-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 1db7b37ecdeb557221f4e17bdd1d82b7dea3c8568f323f9dd93bb590350c4846 kernel-modules-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: cd28cc5803730d66a8d530feada611c58a2949bf5b8eb5b67c06ce779b8f8506 kernel-modules-core-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: a8f2975cde71ff92650f3feab5d4294388514c37fa012609e41f3de525b53a4d kernel-modules-extra-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: d4eac0a6816b34119441dd3bf343479a9faffac3a1a6662ba6b461935f928554 kernel-rt-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 2d8a56f5ee94e2a2955a15a4dd8965e932997b5d0d013be4aabe4d3e271775d9 kernel-rt-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 2d8a56f5ee94e2a2955a15a4dd8965e932997b5d0d013be4aabe4d3e271775d9 kernel-rt-core-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 46a99894ef72dd0d34396cd33ec5f397e6aeca360963c3b4a32496c77736506d kernel-rt-core-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 46a99894ef72dd0d34396cd33ec5f397e6aeca360963c3b4a32496c77736506d kernel-rt-debug-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: f722e1aa3ad27742de6964f2a46a10b5f84717f53e48b7d47cfdda8e9402c5fc kernel-rt-debug-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: f722e1aa3ad27742de6964f2a46a10b5f84717f53e48b7d47cfdda8e9402c5fc kernel-rt-debug-core-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 272f30e6995ccc0542f6368cf7c815789c65f006aa27331bf5921b6895f28b97 kernel-rt-debug-core-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 272f30e6995ccc0542f6368cf7c815789c65f006aa27331bf5921b6895f28b97 kernel-rt-debug-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: d6cec9596c155bcb68f7b32240d13a80e9b4d2f7cd4871b6c46b6f8404a46ebb kernel-rt-debug-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: d6cec9596c155bcb68f7b32240d13a80e9b4d2f7cd4871b6c46b6f8404a46ebb kernel-rt-debug-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: d6cec9596c155bcb68f7b32240d13a80e9b4d2f7cd4871b6c46b6f8404a46ebb kernel-rt-debug-debuginfo-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: d6cec9596c155bcb68f7b32240d13a80e9b4d2f7cd4871b6c46b6f8404a46ebb kernel-rt-debug-devel-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 71854f21e3e83f69fc864cf48453f98e3aad7990b01153e41be923234e8b198e kernel-rt-debug-devel-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 71854f21e3e83f69fc864cf48453f98e3aad7990b01153e41be923234e8b198e kernel-rt-debug-modules-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 2b8a58ef0759cf3acc8c71996f3810c2f7aa3d8a0eaff7e675a0a3265493a52b kernel-rt-debug-modules-5.14.0-687.5.3.el9_8.x86_64.rpm SHA-256: 2b8a58ef0759cf3acc8c71996f3810c2f7a