Red Hat Product Errata RHSA-2026:20129 - Security Advisory Issued: 2026-05-21 Updated: 2026-05-21 RHSA-2026:20129 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300) kernel: Read root-owned files as an unprivileged user (CVE-2026-46333) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2477015 - CVE-2026-46300 kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel BZ - 2477802 - CVE-2026-46333 kernel: Read root-owned files as an unprivileged user CVEs CVE-2026-46300 CVE-2026-46333 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM kernel-5.14.0-570.116.1.el9_6.src.rpm SHA-256: 11db220ae9638c0f0325ddaea3c3412f25bfd287a9f38e21dd847b6a2ba6befe x86_64 kernel-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: d1cf6e5a5ce4a869b01ecdabbb1a174200171b9517e3133c7f825b61e8273e33 kernel-abi-stablelists-5.14.0-570.116.1.el9_6.noarch.rpm SHA-256: d81743df3d8e5b7bf8eb4108301d1b754531138be86addea0808f8e2c9579e58 kernel-core-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: a2e1a20a0ae6697b3502419098af65f4b0436f6af110575cf099171819a8df97 kernel-debug-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 8017161dff3154adec080905427e854f37f38a9cf7ca5ffb7408cd87209509bc kernel-debug-core-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 04561886eba18b0ce1b08489ff81f43b79eb5c783c61244753722ac1a83013f0 kernel-debug-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: eac6697e6dd68167d08b0e164e27d3b51533c9644b1fd3be9ec8cadf1dd4afb6 kernel-debug-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: eac6697e6dd68167d08b0e164e27d3b51533c9644b1fd3be9ec8cadf1dd4afb6 kernel-debug-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: eac6697e6dd68167d08b0e164e27d3b51533c9644b1fd3be9ec8cadf1dd4afb6 kernel-debug-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: eac6697e6dd68167d08b0e164e27d3b51533c9644b1fd3be9ec8cadf1dd4afb6 kernel-debug-devel-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: cba54c616416aaad6195b0039fef377da888bf157fa20c417ca9e24dc501a4fb kernel-debug-devel-matched-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: cb6afc1f9fbf0d0b89be3557815f870f7173269eb2f0dddba6c24ba7aa07d33e kernel-debug-modules-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: e746c970a21dc01eb0bef3cc876dae69e2800c6f56b8ac7158b0a2c136fe432d kernel-debug-modules-core-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 0d587e84fcb15a50dc9057b9d14ae5d88f3b9b9593bc4b34244682566a346087 kernel-debug-modules-extra-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 6f728b8cc2a98dceef54d6f9518d50d83c400ab97214f71db5d47907208e135a kernel-debug-uki-virt-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: b1f2485329db53d9a25c2ab206e4e8a36c7966ba2badca48f6de4194c07d645d kernel-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 47db5d5f313d09c65b51048bd02de9406db0a27edc030bc0489f25f6ffffa521 kernel-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 47db5d5f313d09c65b51048bd02de9406db0a27edc030bc0489f25f6ffffa521 kernel-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 47db5d5f313d09c65b51048bd02de9406db0a27edc030bc0489f25f6ffffa521 kernel-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 47db5d5f313d09c65b51048bd02de9406db0a27edc030bc0489f25f6ffffa521 kernel-debuginfo-common-x86_64-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 9614f950792be8757d86908413252956682311b39b06db76675b38d2af44e175 kernel-debuginfo-common-x86_64-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 9614f950792be8757d86908413252956682311b39b06db76675b38d2af44e175 kernel-debuginfo-common-x86_64-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 9614f950792be8757d86908413252956682311b39b06db76675b38d2af44e175 kernel-debuginfo-common-x86_64-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 9614f950792be8757d86908413252956682311b39b06db76675b38d2af44e175 kernel-devel-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: ecea0aace8ebd6f05466e43fb63f443cbc16cd978e21eaef67753f2d8c706ac1 kernel-devel-matched-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: e3113638266d8f634f2f3c3be2228f38cf3cfa9225b30e365aef37ee8b63d4c7 kernel-doc-5.14.0-570.116.1.el9_6.noarch.rpm SHA-256: ec88ab7ea50b49eaf9ab6ed0a87cce184a9196f9a382ff96469547adf0e0b997 kernel-headers-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: b19aefc8af3ef91f6d90ba7d68dbdc03467dc0e6d5cc830a1db43d432b9519b7 kernel-modules-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: e5f7ed56202487a3aa8c1a2f6fb303778b897d76530ff0e7e3ee0fe23eb87253 kernel-modules-core-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 58303b2f0cb08489cc6a4e740b9b7173b0d590ab042d9e3c1d40ee7e1ebbfd09 kernel-modules-extra-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: f308666ac2f9a80ed2de44a51d063cd81fd82234b9ad7b082ddcd2fb1201e7af kernel-rt-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 7074b340ba5c9b7c02c9373935d952a2f3ac8b57bc3ef895c8992de3b590b0f1 kernel-rt-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 7074b340ba5c9b7c02c9373935d952a2f3ac8b57bc3ef895c8992de3b590b0f1 kernel-rt-core-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: d2736ebc7b0b83d2dfb844aaf572e85914e17e5d23255a367eb1a491a873bdc5 kernel-rt-core-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: d2736ebc7b0b83d2dfb844aaf572e85914e17e5d23255a367eb1a491a873bdc5 kernel-rt-debug-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: f9cbdaa707ff82718664d8bd0bcea7251601c405bdeb11a52873f484ed1aebf3 kernel-rt-debug-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: f9cbdaa707ff82718664d8bd0bcea7251601c405bdeb11a52873f484ed1aebf3 kernel-rt-debug-core-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 509f25dbcd0562e5ddba62ff6a30e4dd963a61393efd7367a0f823875a6ae6bd kernel-rt-debug-core-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 509f25dbcd0562e5ddba62ff6a30e4dd963a61393efd7367a0f823875a6ae6bd kernel-rt-debug-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: a790c866ceeb8a4b32836e18d4a34b6cd752b259695ce5668a3f6df23ece8e87 kernel-rt-debug-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: a790c866ceeb8a4b32836e18d4a34b6cd752b259695ce5668a3f6df23ece8e87 kernel-rt-debug-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: a790c866ceeb8a4b32836e18d4a34b6cd752b259695ce5668a3f6df23ece8e87 kernel-rt-debug-debuginfo-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: a790c866ceeb8a4b32836e18d4a34b6cd752b259695ce5668a3f6df23ece8e87 kernel-rt-debug-devel-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: ad786e15c07d5c123a9d1a148c3f05de49c409ee8cc121c8446b0036af89b549 kernel-rt-debug-devel-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: ad786e15c07d5c123a9d1a148c3f05de49c409ee8cc121c8446b0036af89b549 kernel-rt-debug-kvm-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 2fa882f8ed7055b80a33cae040b66374d810850539d6698ca75248ad66280002 kernel-rt-debug-modules-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 97067da59464ff31489c791abf3f776942be1c007316af1b201cc53e03c29c50 kernel-rt-debug-modules-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 97067da59464ff31489c791abf3f776942be1c007316af1b201cc53e03c29c50 kernel-rt-debug-modules-core-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: de7a4bb9a6e371f1340f7357088526164f1829a1473f9bc554878af509d9d106 kernel-rt-debug-modules-core-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: de7a4bb9a6e371f1340f7357088526164f1829a1473f9bc554878af509d9d106 kernel-rt-debug-modules-extra-5.14.0-570.116.1.el9_6.x86_64.rpm SHA-256: 8ca3e3723c075bdc3502490cb4516529d654932a9c16fd05122b6a062c278cc9 kernel-rt-debug-modules-extra-5.14.0-57