Security News

Cybersecurity news aggregator

🔄
CRITICAL Updates Red Hat Errata

RHSA-2026:19074: Important: kernel security update

cve-2026-23060redhatcve-2026-31431cve-2026-31677cve-2026-43284
This advisory addresses multiple vulnerabilities in the Linux kernel for Red Hat Enterprise Linux 10, including a high-severity local privilege escalation (CVE-2026-31431, CVSS 7.8) via the crypto subsystem and a new "Dirty Frag" ESP XFRM LPE vulnerability (CVE-2026-43284). The specific affected kernel version ranges and fixed versions for each CVE are detailed in the provided NVD data, which is the authoritative source for this information. A system reboot is required after applying the update.
Read Full Article →

Red Hat Product Errata RHSA-2026:19074 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19074 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD (CVE-2026-23060) kernel: crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431) kernel: crypto: af_alg - limit RX SG extraction by receive buffer budget (CVE-2026-31677) kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2436779 - CVE-2026-23060 kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD BZ - 2460538 - CVE-2026-31431 kernel: crypto: algif_aead - Revert to operating out-of-place BZ - 2461763 - CVE-2026-31677 kernel: crypto: af_alg - limit RX SG extraction by receive buffer budget BZ - 2467771 - CVE-2026-43284 kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel CVEs CVE-2026-23060 CVE-2026-31431 CVE-2026-31677 CVE-2026-43284 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM kernel-6.12.0-211.7.3.el10_2.src.rpm SHA-256: 891435c5d2ae1f8a18d3460905bde794b413778289b96ee84ff90a8014fbca77 x86_64 kernel-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: a198003c59cf9a9997957e16083ca2577d25ae0b2588504215887cbd5fecc344 kernel-abi-stablelists-6.12.0-211.7.3.el10_2.noarch.rpm SHA-256: 949ac7135ab4750d18efa8d29beae547a0dc774077cacd0e96a819cf9a1240b0 kernel-core-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 435ebcdb4f8f3c23707d97f6d8be619ad8a9ea9bb7635949efa7410f891dadf8 kernel-debug-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 7ea0a834352bd13852f6a0fcaad445826e673458e9d0feb02b7d3327d34c412f kernel-debug-core-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: b670987afaf642d616d974f194aa07278a5b794fa0c860a301fffdf121ef894a kernel-debug-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 938539890e371138dee7a224f8bdee4d98023621eb6cf0c0ac4a13146e43567f kernel-debug-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 938539890e371138dee7a224f8bdee4d98023621eb6cf0c0ac4a13146e43567f kernel-debug-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 938539890e371138dee7a224f8bdee4d98023621eb6cf0c0ac4a13146e43567f kernel-debug-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 938539890e371138dee7a224f8bdee4d98023621eb6cf0c0ac4a13146e43567f kernel-debug-devel-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 180968997ff2bf3ee138058b886ba1de9fbfb4d3885d78b6c6fe2b911aa10de2 kernel-debug-devel-matched-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 004e77094839a16b757f0683ef8e3cdb970fe2dad5a2464a814f27f3f3939a36 kernel-debug-modules-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 817371ca5f06844a42358294f8008e6ace68d9dbb14e35625ce78b0622ef091a kernel-debug-modules-core-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: c80f45ae420689466c597c51c542df1ceac8f603f5845c5020f44a1427f13c26 kernel-debug-modules-extra-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 0d451dde93153621307871b6bf42727061974ad2ddea4339fad5bf183f6737f4 kernel-debug-uki-virt-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: a79466df0289306f4b958008978f78280ff86e4161347c51f9dbb048fee5a9d5 kernel-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: be5a4ef29d77543fcee5a7e44d6b2feaf8b6aee983e14c99d242795eb8351ee1 kernel-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: be5a4ef29d77543fcee5a7e44d6b2feaf8b6aee983e14c99d242795eb8351ee1 kernel-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: be5a4ef29d77543fcee5a7e44d6b2feaf8b6aee983e14c99d242795eb8351ee1 kernel-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: be5a4ef29d77543fcee5a7e44d6b2feaf8b6aee983e14c99d242795eb8351ee1 kernel-debuginfo-common-x86_64-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 10f67185da74b37c8e79d3393ff2453977073f645b257a8c31ecabbcc80a6d65 kernel-debuginfo-common-x86_64-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 10f67185da74b37c8e79d3393ff2453977073f645b257a8c31ecabbcc80a6d65 kernel-debuginfo-common-x86_64-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 10f67185da74b37c8e79d3393ff2453977073f645b257a8c31ecabbcc80a6d65 kernel-debuginfo-common-x86_64-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 10f67185da74b37c8e79d3393ff2453977073f645b257a8c31ecabbcc80a6d65 kernel-devel-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 297b32c7be3c0e55e39db046d2207476d4b79414d8b03f7f7921d46c418d49c6 kernel-devel-matched-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 7ce7cda5efadbefc05b521002d86e14989779c364988d59861d89aba7aa2e917 kernel-doc-6.12.0-211.7.3.el10_2.noarch.rpm SHA-256: 839421bbceeb28b02dbb7486fff0581d18f643d558a35110d73bd8cc577b878c kernel-headers-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: f2881f3dd6ae1c8dde91e1f5f52692d814c698b5198dfd3f4108c86998fdc63e kernel-modules-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: c936f99de357d72d03168a4eb7d7a67f5b15e6b94253b6567eb74e8341adc750 kernel-modules-core-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 3a848ed141c6037f90ccb151ec614d72efbf1196ff8fae081321007f225b9854 kernel-modules-extra-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 031981bbfee9432c37529091eb694dbeb84932fae7a92756e96d1756dda0b5c6 kernel-modules-extra-matched-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 58ee1fcbd6ff24403bbb7bc92e123ee155bc395d039a85f412716e6fdf56d7a7 kernel-rt-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 3e393d67e2b29171088781b6b8b8b1d6d681bf6de4ef935c39d94f5fb437cad3 kernel-rt-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 3e393d67e2b29171088781b6b8b8b1d6d681bf6de4ef935c39d94f5fb437cad3 kernel-rt-core-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 0b8f57a7f88017fbe407abdc17e3e1eca6e3cc9c299d2d2cfefb3a6e05d4c3ec kernel-rt-core-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 0b8f57a7f88017fbe407abdc17e3e1eca6e3cc9c299d2d2cfefb3a6e05d4c3ec kernel-rt-debug-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 992c9c25563264f90041a2bc07a50d2fb1fce620a337a51f90938b227cb4d8d7 kernel-rt-debug-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 992c9c25563264f90041a2bc07a50d2fb1fce620a337a51f90938b227cb4d8d7 kernel-rt-debug-core-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: f96422344ed8091910bc2e32a286a9ea5fba1ec62f9fecd9a972a91d6ab4ce71 kernel-rt-debug-core-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: f96422344ed8091910bc2e32a286a9ea5fba1ec62f9fecd9a972a91d6ab4ce71 kernel-rt-debug-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 81561a1c7d68d7bae263eed699462f18664f89ee3dc98860229e902ba192d9b2 kernel-rt-debug-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 81561a1c7d68d7bae263eed699462f18664f89ee3dc98860229e902ba192d9b2 kernel-rt-debug-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 81561a1c7d68d7bae263eed699462f18664f89ee3dc98860229e902ba192d9b2 kernel-rt-debug-debuginfo-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 81561a1c7d68d7bae263eed699462f18664f89ee3dc98860229e902ba192d9b2 kernel-rt-debug-devel-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 0f1eb272e21ed7ca369024ee29fbddcb052292c35dc62424af3bb50c2f9cc3ea kernel-rt-debug-devel-6.12.0-211.7.3.el10_2.x86_64.rpm SHA-256: 0f1eb272e21ed7ca369024ee29fbddcb052292c35dc62424af3bb50c2f9cc3ea kernel-rt-debug-modules-6.12.0-211.7.3.el10_2.x8

Related Articles

CRITICAL RHSA-2026:19225: Important: kernel security update Red Hat Errata MEDIUM DSA-6238-1 linux - security update Debian Security CRITICAL Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain Tenable Research CRITICAL Active attack: Dirty Frag Linux vulnerability expands post-compromise risk Microsoft Security Blog
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn