Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
This update includes the following RPMs: ngtcp2: * ngtcp2-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-crypto-gnutls-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-crypto-gnutls-devel-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-crypto-ossl-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-crypto-ossl-devel-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-devel-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-doc-1.22.1-1.hum1 (noarch) * ngtcp2-1.22.1-1.hum1.src (src)
AI Analysis
Technical Summary
CVE-2026-40170 is a high-severity vulnerability affecting the ngtcp2 RPM packages included in Red Hat Hardened Images. The issue is categorized under CWE-120, which typically relates to buffer overflow or similar memory corruption vulnerabilities. The advisory lists updated RPM packages for ngtcp2 version 1.22.1-1.hum1 for aarch64 and x86_64 architectures, suggesting a bug fix and enhancement update. However, the vendor advisory content does not explicitly confirm patch availability or provide specific remediation instructions. There are no known exploits in the wild reported at this time.
Potential Impact
The vulnerability is classified as high severity and relates to a buffer-related weakness (CWE-120) in ngtcp2 packages. Such vulnerabilities can potentially lead to memory corruption, which may be exploitable to cause denial of service or code execution depending on the context. No confirmed exploitation in the wild has been reported. The impact is limited to affected Red Hat Hardened Images RPM packages for ngtcp2 on aarch64 and x86_64 architectures.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-40170 for current remediation guidance. Since the advisory mentions an update including new RPM versions, it is recommended to monitor Red Hat's official channels for the release and apply updates promptly once available. No explicit vendor instructions for mitigation or workarounds are provided in the advisory content.
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Description
This update includes the following RPMs: ngtcp2: * ngtcp2-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-crypto-gnutls-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-crypto-gnutls-devel-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-crypto-ossl-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-crypto-ossl-devel-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-devel-1.22.1-1.hum1 (aarch64, x86_64) * ngtcp2-doc-1.22.1-1.hum1 (noarch) * ngtcp2-1.22.1-1.hum1.src (src)
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40170 is a high-severity vulnerability affecting the ngtcp2 RPM packages included in Red Hat Hardened Images. The issue is categorized under CWE-120, which typically relates to buffer overflow or similar memory corruption vulnerabilities. The advisory lists updated RPM packages for ngtcp2 version 1.22.1-1.hum1 for aarch64 and x86_64 architectures, suggesting a bug fix and enhancement update. However, the vendor advisory content does not explicitly confirm patch availability or provide specific remediation instructions. There are no known exploits in the wild reported at this time.
Potential Impact
The vulnerability is classified as high severity and relates to a buffer-related weakness (CWE-120) in ngtcp2 packages. Such vulnerabilities can potentially lead to memory corruption, which may be exploitable to cause denial of service or code execution depending on the context. No confirmed exploitation in the wild has been reported. The impact is limited to affected Red Hat Hardened Images RPM packages for ngtcp2 on aarch64 and x86_64 architectures.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-40170 for current remediation guidance. Since the advisory mentions an update including new RPM versions, it is recommended to monitor Red Hat's official channels for the release and apply updates promptly once available. No explicit vendor instructions for mitigation or workarounds are provided in the advisory content.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:9113
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a298f90c9170919df395ea5
Added to database: 6/10/2026, 4:23:44 PM
Last enriched: 6/10/2026, 4:33:21 PM
Last updated: 6/10/2026, 6:34:31 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.