Red Hat Product Errata RHSA-2026:19711 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19711 - Security Advisory Overview Updated Packages Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532) kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300) kernel: Read root-owned files as an unprivileged user (CVE-2026-46333) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Fixes BZ - 2461107 - CVE-2026-31532 kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() BZ - 2477015 - CVE-2026-46300 kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel BZ - 2477802 - CVE-2026-46333 kernel: Read root-owned files as an unprivileged user CVEs CVE-2026-31532 CVE-2026-46300 CVE-2026-46333 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM kernel-rt-5.14.0-70.180.1.rt21.252.el9_0.src.rpm SHA-256: 3e25fd15f89c7a84a9574f7556e1ecfa1336f0c4a1852b5792ebe1efd05e4995 x86_64 kernel-rt-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 3853272d8f8ec6f5eb3afd0544fb1f8dd08da842513eeac64986912c71dcc68d kernel-rt-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 3853272d8f8ec6f5eb3afd0544fb1f8dd08da842513eeac64986912c71dcc68d kernel-rt-core-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 3b0e4213afecbe9f538085da5deb3a9d90e129e715280c321e4d0b4523302732 kernel-rt-core-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 3b0e4213afecbe9f538085da5deb3a9d90e129e715280c321e4d0b4523302732 kernel-rt-debug-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: a6f58e67f52a0fc3fd487a7f6c87ebdbc2e0780c9e336d7abeb332472ae3a7f7 kernel-rt-debug-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: a6f58e67f52a0fc3fd487a7f6c87ebdbc2e0780c9e336d7abeb332472ae3a7f7 kernel-rt-debug-core-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: dfdab7559210008900ed7c1bebb42264703f66159b70b726670a9df3a5cb73fb kernel-rt-debug-core-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: dfdab7559210008900ed7c1bebb42264703f66159b70b726670a9df3a5cb73fb kernel-rt-debug-debuginfo-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 448dfff55cba61acdf29cf0a25fc61ff4faa22b8e773b4d4ca02fa8234333ffd kernel-rt-debug-debuginfo-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 448dfff55cba61acdf29cf0a25fc61ff4faa22b8e773b4d4ca02fa8234333ffd kernel-rt-debug-devel-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 7ca34f570ee080d8c9e07ae938c6340747e7ca93549ec11742c35bcdc56cb529 kernel-rt-debug-devel-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 7ca34f570ee080d8c9e07ae938c6340747e7ca93549ec11742c35bcdc56cb529 kernel-rt-debug-kvm-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 4312de80ecbfaf2c8b49c65482da237a539eafad501012ed7795da9ce1937d6d kernel-rt-debug-modules-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: b54dead92ffb04c456a172a21f1387b3d47cc44200c7f004d28252b3494f552c kernel-rt-debug-modules-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: b54dead92ffb04c456a172a21f1387b3d47cc44200c7f004d28252b3494f552c kernel-rt-debug-modules-extra-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: d33d25b56e3f77779a18e3ce34b79ba87f92324268e6809440b6f9f35a0a0f48 kernel-rt-debug-modules-extra-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: d33d25b56e3f77779a18e3ce34b79ba87f92324268e6809440b6f9f35a0a0f48 kernel-rt-debuginfo-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 5a63eb7b1326bde32d33761586f58313f677ab7942a939a736e81eca9fbb9230 kernel-rt-debuginfo-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 5a63eb7b1326bde32d33761586f58313f677ab7942a939a736e81eca9fbb9230 kernel-rt-debuginfo-common-x86_64-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: e272da582535757c49b2a4dae065cea5b0f92ff3ca5f6d72e13ea8e05f591c92 kernel-rt-debuginfo-common-x86_64-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: e272da582535757c49b2a4dae065cea5b0f92ff3ca5f6d72e13ea8e05f591c92 kernel-rt-devel-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 2f064e16f549a508e2a1c8d73eac6239f3e49bae2061f77cc95c0f69dc616864 kernel-rt-devel-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 2f064e16f549a508e2a1c8d73eac6239f3e49bae2061f77cc95c0f69dc616864 kernel-rt-kvm-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: a9c50ca3da5f0e4190b6620c070048814f9287e19e374ce411621b2734ac9669 kernel-rt-modules-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 51c68a45d2bbe9aa4e8d61a665aa7d148f0b8d55ced9f487c3dd114321837f46 kernel-rt-modules-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 51c68a45d2bbe9aa4e8d61a665aa7d148f0b8d55ced9f487c3dd114321837f46 kernel-rt-modules-extra-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 43d694ed7997909831a80db1968573e1a2aaffa18ce764152a33505540e63c6b kernel-rt-modules-extra-5.14.0-70.180.1.rt21.252.el9_0.x86_64.rpm SHA-256: 43d694ed7997909831a80db1968573e1a2aaffa18ce764152a33505540e63c6b The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .