This security update addresses three important Linux kernel vulnerabilities, including CVE-2026-46300 ("Fragnesia"), a variant of the Dirty Frag flaw in ESP/XFRM leading to local privilege escalation, CVE-2026-31532 (CVSS 7.8), a use-after-free in the CAN raw subsystem, and CVE-2026-46333 (CVSS 7.1), which allows reading root-owned files as an unprivileged user. For CVE-2026-31532, affected kernel versions are 4.1 through 6.6.136, 6.7 through 6.12.82, 6.18 through 6.18.23, 6.19 through 6.19.13, and 7.0 through 7.0.0, with fixes available in versions 6.12.83, 6.18.24, 6.19.14, and 7.0.1. The update is available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical and Extended Update Support, and a system reboot is required for the patch to take effect.
Red Hat Product Errata RHSA-2026:20130 - Security Advisory Issued: 2026-05-21 Updated: 2026-05-21 RHSA-2026:20130 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532) kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300) kernel: Read root-owned files as an unprivileged user (CVE-2026-46333) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2461107 - CVE-2026-31532 kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() BZ - 2477015 - CVE-2026-46300 kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel BZ - 2477802 - CVE-2026-46333 kernel: Read root-owned files as an unprivileged user CVEs CVE-2026-31532 CVE-2026-46300 CVE-2026-46333 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM kernel-4.18.0-305.192.1.el8_4.src.rpm SHA-256: 0b60d8eeecb9314dacf5b82566ab4ae059e5d3bfdef8562dbb35694fa386fd89 x86_64 bpftool-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 47c3225f71b24c5aa73335e4630fb9da6b7a89ab84c2173eabf7180233e31d78 bpftool-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 2fdfdae209c3a66b43480e008c260880d10443f588b6d9ec01a1a4ec21fc4389 kernel-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 2e3ddbbfd00fe041e300567542cb1e4ee14874509364d19c484b8812b99d49ed kernel-abi-stablelists-4.18.0-305.192.1.el8_4.noarch.rpm SHA-256: 02ccd6a9e5f146aa772c85b0baced820beba462224db5da17b19935fd4945b87 kernel-core-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 05fea55dad95f46c83218e48f1d03147c9933e291b166f514a26e03885a95f32 kernel-cross-headers-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 604ef4fffefd5d161936e5d23d78af5b79084e9b6b1c6dca34d2eb5cb7cff592 kernel-debug-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 4d576d8e6e2bfadc330900834e2ba10d15f6a26ee7210add6f14ec5876086ad3 kernel-debug-core-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 3c5b3c72c8d615210b111b861c606a07f97afc3547307e02fa02d46d5d88a7e0 kernel-debug-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 793a4d5098b0245533b9a314d75f43f9ac6c86df6a2e40d8e6883ce54e99d177 kernel-debug-devel-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 3bde0a679e0f4bed787358cee2e472f39a731a0df32de410a03d2398a1747692 kernel-debug-modules-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 600ef6efccbcb43e093d509571668d31d4e5e959bcdfb9d5baf5e87e8cbdc879 kernel-debug-modules-extra-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: c1f20c0c41de8ccd84e3f5f2e9b6cbefefe7c9251ca9aa0ca326403c4dfa664a kernel-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: c428b88340de434650c43452610d9652e6059f69cc5f78e0ed92f023a396b2da kernel-debuginfo-common-x86_64-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: e8d25fb5e94a68612c3d38d167fb8ed7641603597d1d1c31a71bdc04d3d0a1cf kernel-devel-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: f2eada2b9757daf97c190e2e0ec153cd2628fb21d4512b6384a7bae04491777e kernel-doc-4.18.0-305.192.1.el8_4.noarch.rpm SHA-256: 3d7d865940d218fc1c16b59e0fe639ee8725db6df4b766000806eaf401331774 kernel-headers-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: f376f4c7dc1891fbd979cb0328613146b9d8ece738034b3054f78de90b3b9164 kernel-modules-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 2327f08b160fff7b8bd4cd12a47e9aefaf43b601ebb5ad4e1ea8bd227b57db99 kernel-modules-extra-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 6be65c47396e25423d2346ccadb0a31f7a67450634d7488f34f4f0f936c14292 kernel-tools-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: c6802a178f3370129565e62fc5019f28cc0096322e36e964297415721e434e30 kernel-tools-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: d54b49e57995b104f63c576e357b9a4b283aa15a0d4e317745c1bf799c493ea7 kernel-tools-libs-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 7ce4e7e075276d61f26a80a483d405d33ec07775d038a7e4fd9f545c472d0fb9 perf-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: cb341731e3bd4b4872728c6679fe67b0ff273f44cd4070c9de346030c824449b perf-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: e0c50e1be5af3ca35fe463f44590239be563c9697f97d456ee894391401dd743 python3-perf-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 4b1f71664d437ee87508e5fd40b79a31d7a060e21f42b18e0223c59c0ca66ad2 python3-perf-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 103f401eb1a249540df81d3e37ff84cd86546078c5f46544af225a7c5d652259 Red Hat Enterprise Linux Server - AUS 8.4 SRPM kernel-4.18.0-305.192.1.el8_4.src.rpm SHA-256: 0b60d8eeecb9314dacf5b82566ab4ae059e5d3bfdef8562dbb35694fa386fd89 x86_64 bpftool-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 47c3225f71b24c5aa73335e4630fb9da6b7a89ab84c2173eabf7180233e31d78 bpftool-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 2fdfdae209c3a66b43480e008c260880d10443f588b6d9ec01a1a4ec21fc4389 kernel-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 2e3ddbbfd00fe041e300567542cb1e4ee14874509364d19c484b8812b99d49ed kernel-abi-stablelists-4.18.0-305.192.1.el8_4.noarch.rpm SHA-256: 02ccd6a9e5f146aa772c85b0baced820beba462224db5da17b19935fd4945b87 kernel-core-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 05fea55dad95f46c83218e48f1d03147c9933e291b166f514a26e03885a95f32 kernel-cross-headers-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 604ef4fffefd5d161936e5d23d78af5b79084e9b6b1c6dca34d2eb5cb7cff592 kernel-debug-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 4d576d8e6e2bfadc330900834e2ba10d15f6a26ee7210add6f14ec5876086ad3 kernel-debug-core-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 3c5b3c72c8d615210b111b861c606a07f97afc3547307e02fa02d46d5d88a7e0 kernel-debug-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 793a4d5098b0245533b9a314d75f43f9ac6c86df6a2e40d8e6883ce54e99d177 kernel-debug-devel-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 3bde0a679e0f4bed787358cee2e472f39a731a0df32de410a03d2398a1747692 kernel-debug-modules-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 600ef6efccbcb43e093d509571668d31d4e5e959bcdfb9d5baf5e87e8cbdc879 kernel-debug-modules-extra-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: c1f20c0c41de8ccd84e3f5f2e9b6cbefefe7c9251ca9aa0ca326403c4dfa664a kernel-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: c428b88340de434650c43452610d9652e6059f69cc5f78e0ed92f023a396b2da kernel-debuginfo-common-x86_64-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: e8d25fb5e94a68612c3d38d167fb8ed7641603597d1d1c31a71bdc04d3d0a1cf kernel-devel-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: f2eada2b9757daf97c190e2e0ec153cd2628fb21d4512b6384a7bae04491777e kernel-doc-4.18.0-305.192.1.el8_4.noarch.rpm SHA-256: 3d7d865940d218fc1c16b59e0fe639ee8725db6df4b766000806eaf401331774 kernel-headers-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: f376f4c7dc1891fbd979cb0328613146b9d8ece738034b3054f78de90b3b9164 kernel-modules-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 2327f08b160fff7b8bd4cd12a47e9aefaf43b601ebb5ad4e1ea8bd227b57db99 kernel-modules-extra-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 6be65c47396e25423d2346ccadb0a31f7a67450634d7488f34f4f0f936c14292 kernel-tools-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: c6802a178f3370129565e62fc5019f28cc0096322e36e964297415721e434e30 kernel-tools-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: d54b49e57995b104f63c576e357b9a4b283aa15a0d4e317745c1bf799c493ea7 kernel-tools-libs-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 7ce4e7e075276d61f26a80a483d405d33ec07775d038a7e4fd9f545c472d0fb9 perf-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: cb341731e3bd4b4872728c6679fe67b0ff273f44cd4070c9de346030c824449b perf-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: e0c50e1be5af3ca35fe463f44590239be563c9697f97d456ee894391401dd743 python3-perf-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 4b1f71664d437ee87508e5fd40b79a31d7a060e21f42b18e0223c59c0ca66ad2 python3-perf-debuginfo-4.18.0-305.192.1.el8_4.x86_64.rpm SHA-256: 103f401eb1a249540df81d3e37ff84cd86546078c5f46544af225a7c5d652259 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .