The advisory covers four Linux kernel vulnerabilities affecting Red Hat Enterprise Linux 10 and related products. CVE-2026-23060 is a denial of service vulnerability in the authencesn component caused by too-short additional authenticated data. CVE-2026-31431 involves reverting the algif_aead cryptographic interface to operate out-of-place to fix a security issue. CVE-2026-31677 limits the receive scatter-gather extraction by the receive buffer budget in the af_alg crypto subsystem. CVE-2026-43284, dubbed "Dirty Frag," is a new universal local privilege escalation vulnerability in the ESP XFRM variant of the kernel. Red Hat has released updated kernel packages addressing these issues and requires a reboot to apply the fixes.

Successful exploitation of these vulnerabilities could lead to denial of service conditions or local privilege escalation on affected systems running vulnerable kernel versions. The denial of service vulnerability (CVE-2026-23060) could disrupt kernel operations related to authentication. The local privilege escalation vulnerability (CVE-2026-43284) could allow an attacker with local access to gain elevated privileges. No known exploits are currently reported in the wild. The overall security impact is rated as Important by Red Hat.

Red Hat has released official kernel updates that address these vulnerabilities. Users should apply the provided kernel security update for Red Hat Enterprise Linux 10 and related products as detailed in the advisory (RHSA-2026:19074) and reboot affected systems to activate the fixes. No additional mitigation steps are indicated beyond applying the update and rebooting. Patch status is confirmed as available from the vendor advisory.