Red Hat Product Errata RHSA-2026:20299 - Security Advisory Issued: 2026-05-21 Updated: 2026-05-21 RHSA-2026:20299 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300) kernel: Read root-owned files as an unprivileged user (CVE-2026-46333) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2477015 - CVE-2026-46300 kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel BZ - 2477802 - CVE-2026-46333 kernel: Read root-owned files as an unprivileged user CVEs CVE-2026-46300 CVE-2026-46333 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM kernel-6.12.0-55.75.1.el10_0.src.rpm SHA-256: b7bc2eee29b4a98d7ae33904969bb777fc4cab87dac6c2fd21bef4beac664919 x86_64 kernel-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 27e1e93e6a614d4d3387921d5853627abecd91778aaaead1e33e4ca3e9d162ca kernel-abi-stablelists-6.12.0-55.75.1.el10_0.noarch.rpm SHA-256: deba5e3d4a4c43a1211e7262b1a2c69b5861a39a8128edc6b75feb2a9ce5428d kernel-core-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: f0d53235e9af0c61b25f63847e947dadbf7b69da8cd01338cfb0f2f920f823e0 kernel-debug-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 6bffaf46f8e69804708050b4983c212560522d6da723a67393bbe89355b6d3e8 kernel-debug-core-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 389db1a7a037cb58d95d638ba70af16fb643a1dc80de39fa7cc7ff6b1fb8cfb9 kernel-debug-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: d0f9cda31ae96ead2cc5b2c05b880e768057be210d1be2f6e5a85d8485e5f757 kernel-debug-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: d0f9cda31ae96ead2cc5b2c05b880e768057be210d1be2f6e5a85d8485e5f757 kernel-debug-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: d0f9cda31ae96ead2cc5b2c05b880e768057be210d1be2f6e5a85d8485e5f757 kernel-debug-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: d0f9cda31ae96ead2cc5b2c05b880e768057be210d1be2f6e5a85d8485e5f757 kernel-debug-devel-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 92945f976b0d576a6c2c9947077fe1155564cb9c631932b26703f31bb54073aa kernel-debug-devel-matched-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 0ae129667c60ba6fb779cefabd774a82739f9038a7c77a290ff734e14a429895 kernel-debug-modules-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 3a6deb89cc3998872d19270356c4ff3992ca086667e0cfb92d29bff9ab93aac1 kernel-debug-modules-core-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 82332b8cbe67da9c808a0a6096bd6cc81b61a10b907b07b6061f7bac606984c4 kernel-debug-modules-extra-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: c4a0ab1aac10113188490ff3163e5195939b1748fc1207cc4702ce783ba6b0b8 kernel-debug-uki-virt-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 5a63bf5ebdbef2600bf505ee50ff23e5a70812086b2e16d076b4ab05c95cba59 kernel-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: d4fdd8f2c1b48bc58c3a70aaa88ba625ec52dd59a44632bc212f93987691292c kernel-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: d4fdd8f2c1b48bc58c3a70aaa88ba625ec52dd59a44632bc212f93987691292c kernel-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: d4fdd8f2c1b48bc58c3a70aaa88ba625ec52dd59a44632bc212f93987691292c kernel-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: d4fdd8f2c1b48bc58c3a70aaa88ba625ec52dd59a44632bc212f93987691292c kernel-debuginfo-common-x86_64-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 7b42478cdd71afa91643094a82723aa59e9fda7662e6b9e202039a0bb5f94696 kernel-debuginfo-common-x86_64-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 7b42478cdd71afa91643094a82723aa59e9fda7662e6b9e202039a0bb5f94696 kernel-debuginfo-common-x86_64-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 7b42478cdd71afa91643094a82723aa59e9fda7662e6b9e202039a0bb5f94696 kernel-debuginfo-common-x86_64-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 7b42478cdd71afa91643094a82723aa59e9fda7662e6b9e202039a0bb5f94696 kernel-devel-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: a9be9358cd0d83408c8ce7ffea25e9b183a7134b760d4d2f9c500d52e354101a kernel-devel-matched-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 2f4fe8261f11ae7e02b33770c8eb8dd86ac6265064a494f3be6c8b49891e0c9d kernel-doc-6.12.0-55.75.1.el10_0.noarch.rpm SHA-256: 00d2ab3b148d55be5ae4f65d63681f0f9ea95d72c8c243c2a5111d3dfe38061c kernel-headers-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 2a198a05b8ea4cb4cbff9e0d864f57ffc9c8e44b57a252cb92e363165a19b904 kernel-modules-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: c15d154ec21163823e20491d24b8b6887d11d9ed673fb9e227765b6d0742bef1 kernel-modules-core-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 9f4bf0c61f3d689d9620ffe11da04c625964551285c2a91baad393989133d7e0 kernel-modules-extra-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 86bcb69a3a6f35ecc89fa0dd798b8700dfd96c2f3b33190209d9311f50c8867c kernel-rt-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 421e65e0066e811eb31b0480b33215ff466898016db28720a54de72252b9e370 kernel-rt-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 421e65e0066e811eb31b0480b33215ff466898016db28720a54de72252b9e370 kernel-rt-core-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 6d7ba8f17c79a5d41211e203b9379773f6766032a19110b6504574e3a1a8c1de kernel-rt-core-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 6d7ba8f17c79a5d41211e203b9379773f6766032a19110b6504574e3a1a8c1de kernel-rt-debug-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: c238738455b6ba701c6ad9320c4b0242420716b3ba8f2cded3dc560aaa6970b3 kernel-rt-debug-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: c238738455b6ba701c6ad9320c4b0242420716b3ba8f2cded3dc560aaa6970b3 kernel-rt-debug-core-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 36c9e1c8e8690334a01d995ce0a30baf169b7a4d7334471656deaf0f5cb26a62 kernel-rt-debug-core-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 36c9e1c8e8690334a01d995ce0a30baf169b7a4d7334471656deaf0f5cb26a62 kernel-rt-debug-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: c7cbc266f08053e66df27a8a3b5bd0f2d27504f6aa41511960772e599f3b30d3 kernel-rt-debug-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: c7cbc266f08053e66df27a8a3b5bd0f2d27504f6aa41511960772e599f3b30d3 kernel-rt-debug-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: c7cbc266f08053e66df27a8a3b5bd0f2d27504f6aa41511960772e599f3b30d3 kernel-rt-debug-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: c7cbc266f08053e66df27a8a3b5bd0f2d27504f6aa41511960772e599f3b30d3 kernel-rt-debug-devel-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 060259e1015284e62095a4e4981b36a58d6b62ddcf909ea9a83a30bb3307fa6b kernel-rt-debug-devel-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 060259e1015284e62095a4e4981b36a58d6b62ddcf909ea9a83a30bb3307fa6b kernel-rt-debug-kvm-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 58596f7d21a68d144e33330e74641e1dfd974f682c4325b49314292e6f700663 kernel-rt-debug-modules-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: e11dfd19dcc0f0aca09e51d0524e86ddc05613a0b78272ffcb83d76a7e31c37f kernel-rt-debug-modules-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: e11dfd19dcc0f0aca09e51d0524e86ddc05613a0b78272ffcb83d76a7e31c37f kernel-rt-debug-modules-core-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: df835be787c9ff354a0f70798b5ca7e9b640c7cdcf7674f3975cd5e7f06a2bc9 kernel-rt-debug-modules-core-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: df835be787c9ff354a0f70798b5ca7e9b640c7cdcf7674f3975cd5e7f06a2bc9 kernel-rt-debug-modules-extra-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: da51543be646b2f44dd792d4c609fcd4050c23a5e19882535a2f80e9d4b1e1fe kernel-rt-debug-modules-extra-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: da51543be646b2f44dd792d4c609fcd4050c23a5e19882535a2f80e9d4b1e1fe kernel-rt-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 80954ad310fa7574e214d02f9624741ef2c4be9603c6aa1debcee9a36a8fa014 kernel-rt-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-256: 80954ad310fa7574e214d02f9624741ef2c4be9603c6aa1debcee9a36a8fa014 kernel-rt-debuginfo-6.12.0-55.75.1.el10_0.x86_64.rpm SHA-