Red Hat Product Errata RHSA-2026:19875 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19875 - Security Advisory Overview Updated Packages Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: proc: fix UAF in proc_get_inode() (CVE-2025-21999) kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation. (CVE-2025-71238) kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243) kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401) kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532) kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300) kernel: Read root-owned files as an unprivileged user (CVE-2026-46333) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Fixes BZ - 2357134 - CVE-2025-21999 kernel: proc: fix UAF in proc_get_inode() BZ - 2444398 - CVE-2025-71238 kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation. BZ - 2448594 - CVE-2026-23243 kernel: Linux kernel: Denial of service and memory corruption in RDMA umad BZ - 2453803 - CVE-2026-23401 kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling BZ - 2461107 - CVE-2026-31532 kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() BZ - 2477015 - CVE-2026-46300 kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel BZ - 2477802 - CVE-2026-46333 kernel: Read root-owned files as an unprivileged user CVEs CVE-2025-21999 CVE-2025-71238 CVE-2026-23243 CVE-2026-23401 CVE-2026-31532 CVE-2026-46300 CVE-2026-46333 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM kernel-rt-5.14.0-284.172.1.rt14.457.el9_2.src.rpm SHA-256: a5fa5517dc4b1767bfe80744eb0e116fc98b4528c35d1a43f4354f12865c7b58 x86_64 kernel-rt-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 5830c521d309858c6e65b93fd9df4523b9de7282106b1a07529a33cff861849f kernel-rt-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 5830c521d309858c6e65b93fd9df4523b9de7282106b1a07529a33cff861849f kernel-rt-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 1d3e5f9fcc7cbbee5bb0fe11a59be39946fd1a1f06dd377ada9288f080e63e11 kernel-rt-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 1d3e5f9fcc7cbbee5bb0fe11a59be39946fd1a1f06dd377ada9288f080e63e11 kernel-rt-debug-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 4bbbbba3066b607aead8f7bdfaea5e22030c92faca69d23d9881ee50352532fc kernel-rt-debug-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 4bbbbba3066b607aead8f7bdfaea5e22030c92faca69d23d9881ee50352532fc kernel-rt-debug-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: bcaf11e8092baa2c8b5857f9eb97bef98efe7f652aa808f959ed688b0f5ad71a kernel-rt-debug-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: bcaf11e8092baa2c8b5857f9eb97bef98efe7f652aa808f959ed688b0f5ad71a kernel-rt-debug-debuginfo-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: b0a4c795e0041ab29d0a9e3288213d9d52f1ee1cf6312e9b58373b8d075a91ad kernel-rt-debug-debuginfo-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: b0a4c795e0041ab29d0a9e3288213d9d52f1ee1cf6312e9b58373b8d075a91ad kernel-rt-debug-devel-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: a110eff16a0462e3b9c370133f7e630d06133c62b258ab0a31ec8f53d9634b77 kernel-rt-debug-devel-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: a110eff16a0462e3b9c370133f7e630d06133c62b258ab0a31ec8f53d9634b77 kernel-rt-debug-kvm-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 55487659f6ce2555a3cc415f52f3a76e98c0559223f1a798f98a9ee03f2cfa38 kernel-rt-debug-modules-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 219726c458bb8c07da774cbfab51457fccd7f99c84f3e1c02ac7e50a5ad5a652 kernel-rt-debug-modules-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 219726c458bb8c07da774cbfab51457fccd7f99c84f3e1c02ac7e50a5ad5a652 kernel-rt-debug-modules-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 6fa9548dc5051ef8f56d727143ff5bcafad9bc7ed7c7fb2d27abd27f61a82bb8 kernel-rt-debug-modules-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 6fa9548dc5051ef8f56d727143ff5bcafad9bc7ed7c7fb2d27abd27f61a82bb8 kernel-rt-debug-modules-extra-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 76104a2a835bdc395631c926d4a61fce2e3ccbdc0e82bafd969f97b294991f84 kernel-rt-debug-modules-extra-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 76104a2a835bdc395631c926d4a61fce2e3ccbdc0e82bafd969f97b294991f84 kernel-rt-debuginfo-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 71c0779fa679c0d393bad4337cc1ef2ac1db99d3feb21ed9d4020933e011f85d kernel-rt-debuginfo-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 71c0779fa679c0d393bad4337cc1ef2ac1db99d3feb21ed9d4020933e011f85d kernel-rt-debuginfo-common-x86_64-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 5bb11685fdbd755eff1d07358e5ef91f6145e0b5f37aa0880d0d0f872697c5a7 kernel-rt-debuginfo-common-x86_64-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 5bb11685fdbd755eff1d07358e5ef91f6145e0b5f37aa0880d0d0f872697c5a7 kernel-rt-devel-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 79c616761d6f4afbeae3c29bd8e6d05794a6a38dd92bd26572c68e1cdd58c70f kernel-rt-devel-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 79c616761d6f4afbeae3c29bd8e6d05794a6a38dd92bd26572c68e1cdd58c70f kernel-rt-kvm-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: b5383a634d20de843937af6eee4eadd3d1893beba819a42852070d7cb9177521 kernel-rt-modules-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: be50fc21d9d8fa53812f8e6e90aa8642acd740b9a08e3425d2f349072626dc31 kernel-rt-modules-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: be50fc21d9d8fa53812f8e6e90aa8642acd740b9a08e3425d2f349072626dc31 kernel-rt-modules-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: f8cbecef98e59251c6b3aa1b4704fbb1222b4da15fafc892187cb1885c5bdda4 kernel-rt-modules-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: f8cbecef98e59251c6b3aa1b4704fbb1222b4da15fafc892187cb1885c5bdda4 kernel-rt-modules-extra-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 73f91aad832589839a93f5390809aacbefbeb994190c61ff40084cf175b26645 kernel-rt-modules-extra-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 73f91aad832589839a93f5390809aacbefbeb994190c61ff40084cf175b26645 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM kernel-rt-5.14.0-284.172.1.rt14.457.el9_2.src.rpm SHA-256: a5fa5517dc4b1767bfe80744eb0e116fc98b4528c35d1a43f4354f12865c7b58 x86_64 kernel-rt-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 5830c521d309858c6e65b93fd9df4523b9de7282106b1a07529a33cff861849f kernel-rt-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 5830c521d309858c6e65b93fd9df4523b9de7282106b1a07529a33cff861849f kernel-rt-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 1d3e5f9fcc7cbbee5bb0fe11a59be39946fd1a1f06dd377ada9288f080e63e11 kernel-rt-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 1d3e5f9fcc7cbbee5bb0fe11a59be39946fd1a1f06dd377ada9288f080e63e11 kernel-rt-debug-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 4bbbbba3066b607aead8f7bdfaea5e22030c92faca69d23d9881ee50352532fc kernel-rt-debug-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 4bbbbba3066b607aead8f7bdfaea5e22030c92faca69d23d9881ee50352532fc kernel-rt-debug-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: bcaf11e8092baa2c8b5857f9eb97bef98efe7f652aa808f959ed688b0f5ad71a kernel-rt-debug-core-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: bcaf11e8092baa2c8b5857f9eb97bef98efe7f652aa808f959ed688b0f5ad71a kernel-rt-debug-debuginfo-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: b0a4c795e0041ab29d0a9e3288213d9d52f1ee1cf6312e9b58373b8d075a91ad kernel-rt-debug-debuginfo-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: b0a4c795e0041ab29d0a9e3288213d9d52f1ee1cf6312e9b58373b8d075a91ad kernel-rt-debug-devel-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: a110eff16a0462e3b9c370133f7e630d06133c62b258ab0a31ec8f53d9634b77 kernel-rt-debug-devel-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: a110eff16a0462e3b9c370133f7e630d06133c62b258ab0a31ec8f53d9634b77 kernel-rt-debug-kvm-5.14.0-284.172.1.rt14.457.el9_2.x86_64.rpm SHA-256: 55487659f6ce2555a3cc415f52f3a76e98c0559223f1a798f98a9ee03f2cfa38 kernel-rt-debug-modules-5.