Red Hat Security Advisory: kpatch-patch-5_14_0-427_100_1, kpatch-patch-5_14_0-427_113_1, kpatch-patch-5_14_0-427_126_1, kpatch-patch-5_14_0-427_68_2, and kpatch-patch-5_14_0-427_84_1 security update
This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel 5.14.0-427.68.2.el9_4 via kpatch live patch modules. The fixed issues include a privilege escalation or denial of service in KVM due to improper shadow page table entry handling (CVE-2026-23401), a heap overflow in the NFSv4.0 LOCK replay cache (CVE-2026-31402), and a use-after-free vulnerability in the bonding driver causing denial of service (CVE-2026-31419). These vulnerabilities affect Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions and related variants. Red Hat has released updated kpatch modules to remediate these issues. Users should apply these official patches to mitigate the risks. No known exploits in the wild have been reported at this time.
AI Analysis
Technical Summary
The advisory covers three kernel vulnerabilities addressed by kpatch live patch modules for Red Hat Enterprise Linux 9.4. CVE-2026-23401 involves privilege escalation or denial of service in the KVM subsystem caused by improper handling of shadow page table entries. CVE-2026-31402 is a heap overflow in the NFSv4.0 LOCK replay cache within the nfsd kernel service. CVE-2026-31419 is a use-after-free vulnerability in the bonding driver that can lead to denial of service. These issues are fixed by updated kpatch modules targeted at kernel version 5.14.0-427.68.2.el9_4. The advisory is rated as important by Red Hat Product Security, and the patches are available for affected Red Hat Enterprise Linux 9.4 variants.
Potential Impact
Successful exploitation of CVE-2026-23401 could allow an attacker to escalate privileges or cause a denial of service via the KVM kernel module. CVE-2026-31402 could lead to a heap overflow in the NFS daemon, potentially causing denial of service or other impacts. CVE-2026-31419 could cause a denial of service due to a use-after-free in the bonding driver. These vulnerabilities affect kernel components critical to system stability and security. No known exploits in the wild have been reported, but the impact includes potential privilege escalation and denial of service conditions.
Mitigation Recommendations
Red Hat has released official kpatch live patch modules that address these vulnerabilities for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions and related variants. Users should apply these official patches as detailed in the Red Hat advisory RHSA-2026:36533 and the referenced article https://access.redhat.com/articles/11258. Applying these patches mitigates the vulnerabilities without requiring a system reboot. Patch status is official-fix and remediation is available.
Red Hat Security Advisory: kpatch-patch-5_14_0-427_100_1, kpatch-patch-5_14_0-427_113_1, kpatch-patch-5_14_0-427_126_1, kpatch-patch-5_14_0-427_68_2, and kpatch-patch-5_14_0-427_84_1 security update
Description
This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel 5.14.0-427.68.2.el9_4 via kpatch live patch modules. The fixed issues include a privilege escalation or denial of service in KVM due to improper shadow page table entry handling (CVE-2026-23401), a heap overflow in the NFSv4.0 LOCK replay cache (CVE-2026-31402), and a use-after-free vulnerability in the bonding driver causing denial of service (CVE-2026-31419). These vulnerabilities affect Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions and related variants. Red Hat has released updated kpatch modules to remediate these issues. Users should apply these official patches to mitigate the risks. No known exploits in the wild have been reported at this time.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The advisory covers three kernel vulnerabilities addressed by kpatch live patch modules for Red Hat Enterprise Linux 9.4. CVE-2026-23401 involves privilege escalation or denial of service in the KVM subsystem caused by improper handling of shadow page table entries. CVE-2026-31402 is a heap overflow in the NFSv4.0 LOCK replay cache within the nfsd kernel service. CVE-2026-31419 is a use-after-free vulnerability in the bonding driver that can lead to denial of service. These issues are fixed by updated kpatch modules targeted at kernel version 5.14.0-427.68.2.el9_4. The advisory is rated as important by Red Hat Product Security, and the patches are available for affected Red Hat Enterprise Linux 9.4 variants.
Potential Impact
Successful exploitation of CVE-2026-23401 could allow an attacker to escalate privileges or cause a denial of service via the KVM kernel module. CVE-2026-31402 could lead to a heap overflow in the NFS daemon, potentially causing denial of service or other impacts. CVE-2026-31419 could cause a denial of service due to a use-after-free in the bonding driver. These vulnerabilities affect kernel components critical to system stability and security. No known exploits in the wild have been reported, but the impact includes potential privilege escalation and denial of service conditions.
Mitigation Recommendations
Red Hat has released official kpatch live patch modules that address these vulnerabilities for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions and related variants. Users should apply these official patches as detailed in the Red Hat advisory RHSA-2026:36533 and the referenced article https://access.redhat.com/articles/11258. Applying these patches mitigates the vulnerabilities without requiring a system reboot. Patch status is official-fix and remediation is available.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:36533
- Cve Count
- 3
- Additional Cves
- ["CVE-2026-31402","CVE-2026-31419"]
- Cvss Version
- null
Threat ID: 6a4e4edcc9d9e3dbe3288791
Added to database: 07/08/2026, 13:21:32 UTC
Last enriched: 07/08/2026, 13:33:46 UTC
Last updated: 07/09/2026, 02:28:06 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.