The Linux kernel packages in Red Hat Enterprise Linux for NVIDIA contain two security vulnerabilities. CVE-2026-46333 permits unprivileged users to read files owned by root, potentially exposing sensitive information. CVE-2026-46300, dubbed "Fragnesia," is a variant of the Dirty Frag vulnerability in the ESP/XFRM subsystem, which can be exploited for local privilege escalation, allowing attackers to gain elevated privileges on affected systems. Red Hat Product Security has rated this update as having a critical security impact and has issued a kernel update to remediate these vulnerabilities. The update is available for affected versions including Red Hat Enterprise Linux for ARM 64 and NVIDIA for RHEL 10. Systems must be rebooted after applying the update for the fixes to take effect.

Successful exploitation of CVE-2026-46333 could allow an unprivileged user to read files owned by the root user, potentially leading to unauthorized disclosure of sensitive information. Exploitation of CVE-2026-46300 could allow a local attacker to escalate privileges to root via the Dirty Frag vulnerability in the ESP/XFRM kernel subsystem. Both vulnerabilities affect the core Linux kernel and could compromise system confidentiality and integrity if exploited. No known exploits are reported in the wild at the time of this advisory.

Red Hat has released an important security update that addresses these vulnerabilities. Users should apply the updated kernel packages as provided by Red Hat for their specific product versions. After applying the update, a system reboot is required for the fixes to take effect. For detailed instructions on applying the update, refer to Red Hat's official guidance at https://access.redhat.com/articles/11258. There are no indications that additional mitigations are necessary beyond applying the official update and rebooting the system.