Threats Tagged 'cve-2026-31532'

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 10. 0 Extended Update Support and related products. The issues include denial of service due to deadlocks and memory corruption, privilege escalation risks, heap overflow, and use-after-free bugs. The advisory rates the overall security impact as Important and provides updated kernel packages to fix these vulnerabilities. Systems must be rebooted after applying the update for the fixes to take effect.

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9. 6 Extended Update Support and related products. The issues include memory corruption, denial of service, privilege escalation, and use-after-free bugs across various kernel components such as NFS daemon, SCSI, RDMA, KVM, crypto, and CAN raw sockets. The advisory rates the overall impact as Important and provides updated kernel packages to fix these vulnerabilities. Systems must be rebooted after applying the update for the fixes to take effect.

A security advisory from Red Hat addresses multiple vulnerabilities in the Linux kernel packages used in Red Hat Enterprise Linux 9. 4 Extended Update Support and related products. The vulnerabilities include a double free in the qla2xxx driver (CVE-2025-71238) that can lead to denial of service and potential privilege escalation, privilege escalation or denial of service in KVM due to improper shadow page table handling (CVE-2026-23401), and several use-after-free and race condition issues in kernel components such as ALSA aloop, crypto algif_aead, and CAN raw sockets. These issues are rated as important by Red Hat and require applying the provided kernel update and rebooting the system. No known exploits in the wild have been reported. The advisory covers multiple architectures and product variants of Red Hat Enterprise Linux 9. 4 EUS.

This Red Hat security advisory addresses multiple vulnerabilities in the kernel-rt packages, which provide the Real Time Linux Kernel for systems requiring high determinism. The update fixes use-after-free, double free, denial of service, memory corruption, and local privilege escalation vulnerabilities across various kernel components including proc, qla2xxx, RDMA umad, KVM, CAN raw sockets, ESP/XFRM, and file access controls. The advisory rates the security impact as Important and affects Red Hat Enterprise Linux 9. 2 Real Time variants. A system reboot is required after applying the update for the fixes to take effect.

This advisory addresses multiple security vulnerabilities in the Red Hat Real Time Linux Kernel (kernel-rt) packages. The issues include a use-after-free bug in the CAN raw socket receive function (CVE-2026-31532), a local privilege escalation vulnerability related to a variant of the Dirty Frag vulnerability in ESP/XFRM (CVE-2026-46300), and an information disclosure vulnerability allowing unprivileged users to read root-owned files (CVE-2026-46333). Red Hat has released updated kernel-rt packages to fix these vulnerabilities. Systems must be rebooted after applying the update for the fixes to take effect. The update is rated as Important by Red Hat Product Security. No known exploits in the wild have been reported at this time.