Threats Tagged 'cve-2026-23401'

Red Hat has issued a security advisory for the kernel-rt packages, which provide the Real Time Linux Kernel for systems requiring high determinism. The update addresses multiple vulnerabilities including denial of service, use-after-free, privilege escalation, memory corruption, deadlocks, and heap overflow issues across various kernel components such as SCSI, ALSA, RDMA, KVM, and NFS. These vulnerabilities affect Red Hat Enterprise Linux 9. 0 and related products. The advisory rates the update as Important and requires a system reboot after applying the patch. No known exploits in the wild have been reported at this time.

Red Hat has issued a security advisory for multiple vulnerabilities in the Linux kernel packages used in Red Hat Enterprise Linux 8 and related products. The update addresses several issues including a double free vulnerability in the NVMe driver (CVE-2024-41073), out-of-bounds reads in network drivers, overflow and heap overflow issues in cryptographic and NFS components, and privilege escalation or denial of service in the KVM virtualization module. These vulnerabilities have been rated with a security impact of Important by Red Hat. The advisory includes fixes for seven CVEs affecting various kernel subsystems. Systems must be updated and rebooted to apply the fixes. No known exploits in the wild have been reported at this time.

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 10. 0 Extended Update Support and related products. The issues include denial of service due to deadlocks and memory corruption, privilege escalation risks, heap overflow, and use-after-free bugs. The advisory rates the overall security impact as Important and provides updated kernel packages to fix these vulnerabilities. Systems must be rebooted after applying the update for the fixes to take effect.

A security update for the Red Hat kernel-rt packages addresses multiple vulnerabilities affecting the Real Time Linux Kernel used in Red Hat Enterprise Linux 8 and related variants. The update fixes issues including double free, out-of-bounds reads, heap overflow, privilege escalation, and cryptographic key generation overflow. These vulnerabilities impact kernel components such as NVMe, network drivers, cryptographic keys, NFS server, and KVM virtualization. The update is rated as important by Red Hat and requires a system reboot to take effect.

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9. 0 and related variants. The issues include denial of service, use-after-free, heap overflow, memory corruption, privilege escalation, and race conditions across various kernel subsystems such as SCSI, ALSA, RDMA, KVM, and NFS. The advisory rates the overall security impact as Important and provides updated kernel packages to remediate these vulnerabilities. A system reboot is required to apply the updates. No known exploits are reported in the wild at this time.

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9. 6 Extended Update Support and related products. The issues include memory corruption, denial of service, privilege escalation, and use-after-free bugs across various kernel components such as NFS daemon, SCSI, RDMA, KVM, crypto, and CAN raw sockets. The advisory rates the overall impact as Important and provides updated kernel packages to fix these vulnerabilities. Systems must be rebooted after applying the update for the fixes to take effect.

A security advisory from Red Hat addresses multiple vulnerabilities in the Linux kernel packages used in Red Hat Enterprise Linux 9. 4 Extended Update Support and related products. The vulnerabilities include a double free in the qla2xxx driver (CVE-2025-71238) that can lead to denial of service and potential privilege escalation, privilege escalation or denial of service in KVM due to improper shadow page table handling (CVE-2026-23401), and several use-after-free and race condition issues in kernel components such as ALSA aloop, crypto algif_aead, and CAN raw sockets. These issues are rated as important by Red Hat and require applying the provided kernel update and rebooting the system. No known exploits in the wild have been reported. The advisory covers multiple architectures and product variants of Red Hat Enterprise Linux 9. 4 EUS.

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: proc: fix UAF in proc_get_inode() (CVE-2025-21999) * kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation. (CVE-2025-71238) * kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243) * kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401) * kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532) * kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300) * kernel: Read root-owned files as an unprivileged user (CVE-2026-46333) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.