Red Hat Security Advisory: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766) * kernel: scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741) * kernel: libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116) * kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984) * kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990) * kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state (CVE-2026-23136) * kernel: net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204) * kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270) * kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401) * kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402) * kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532) * kernel: usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607) * kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163) * kernel: RDMA/umem: Fix double dma_buf_unpin in failure path (CVE-2026-43128) * kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284) * kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300) * kernel: Read root-owned files as an unprivileged user (CVE-2026-46333) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
AI Analysis
Technical Summary
The advisory covers 17 distinct CVEs affecting the Linux kernel in Red Hat Enterprise Linux 9 and related variants. Vulnerabilities include denial of service due to unreset sparse-read state in libceph (CVE-2026-23136), use-after-free in traffic control (CVE-2026-23270), privilege escalation or denial of service in KVM (CVE-2026-23401), heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402), and multiple local privilege escalations including the universal "Dirty Frag" (CVE-2026-43284) and its variant "Fragnesia" (CVE-2026-46300). Additional fixes address improper freeing, out-of-bounds reads, race conditions, and validation errors. These vulnerabilities affect core kernel components and could impact system stability and security if unpatched.
Potential Impact
The vulnerabilities collectively pose risks including local privilege escalation, denial of service, and potential information disclosure. Exploitation could allow an attacker with local access to escalate privileges or cause system instability. The presence of multiple use-after-free and heap overflow issues increases the risk of kernel crashes or arbitrary code execution under certain conditions. The "Dirty Frag" and "Fragnesia" vulnerabilities specifically enable local privilege escalation in the kernel's ESP/XFRM subsystem. Overall, these issues impact the security and reliability of affected Red Hat Enterprise Linux 9 systems.
Mitigation Recommendations
Red Hat has released an official security update addressing all listed vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9 and related products. Users should apply the update promptly following Red Hat's guidance at https://access.redhat.com/articles/11258. A system reboot is required for the update to take effect. No additional mitigations are indicated beyond applying the official patch. Patch status is confirmed as available and the update is rated Important by Red Hat Product Security.
Red Hat Security Advisory: kernel security update
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766) * kernel: scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741) * kernel: libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116) * kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984) * kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990) * kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state (CVE-2026-23136) * kernel: net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204) * kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270) * kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401) * kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402) * kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532) * kernel: usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607) * kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163) * kernel: RDMA/umem: Fix double dma_buf_unpin in failure path (CVE-2026-43128) * kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284) * kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300) * kernel: Read root-owned files as an unprivileged user (CVE-2026-46333) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The advisory covers 17 distinct CVEs affecting the Linux kernel in Red Hat Enterprise Linux 9 and related variants. Vulnerabilities include denial of service due to unreset sparse-read state in libceph (CVE-2026-23136), use-after-free in traffic control (CVE-2026-23270), privilege escalation or denial of service in KVM (CVE-2026-23401), heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402), and multiple local privilege escalations including the universal "Dirty Frag" (CVE-2026-43284) and its variant "Fragnesia" (CVE-2026-46300). Additional fixes address improper freeing, out-of-bounds reads, race conditions, and validation errors. These vulnerabilities affect core kernel components and could impact system stability and security if unpatched.
Potential Impact
The vulnerabilities collectively pose risks including local privilege escalation, denial of service, and potential information disclosure. Exploitation could allow an attacker with local access to escalate privileges or cause system instability. The presence of multiple use-after-free and heap overflow issues increases the risk of kernel crashes or arbitrary code execution under certain conditions. The "Dirty Frag" and "Fragnesia" vulnerabilities specifically enable local privilege escalation in the kernel's ESP/XFRM subsystem. Overall, these issues impact the security and reliability of affected Red Hat Enterprise Linux 9 systems.
Mitigation Recommendations
Red Hat has released an official security update addressing all listed vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9 and related products. Users should apply the update promptly following Red Hat's guidance at https://access.redhat.com/articles/11258. A system reboot is required for the update to take effect. No additional mitigations are indicated beyond applying the official patch. Patch status is confirmed as available and the update is rated Important by Red Hat Product Security.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:19568
- Cve Count
- 17
- Additional Cves
- ["CVE-2025-68741","CVE-2025-71116","CVE-2026-22984","CVE-2026-22990","CVE-2026-23136","CVE-2026-23204","CVE-2026-23270","CVE-2026-23401","CVE-2026-31402","CVE-2026-31532","CVE-2026-31607","CVE-2026-43128","CVE-2026-43163","CVE-2026-43284","CVE-2026-46300","CVE-2026-46333"]
- Cvss Version
- null
Threat ID: 6a175eede29bf47b50edbb81
Added to database: 5/27/2026, 9:15:25 PM
Last enriched: 5/27/2026, 9:19:15 PM
Last updated: 5/29/2026, 5:58:37 PM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.