SB2026050510 - Red Hat Enterprise Linux 8 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026050510

SB2026050510 - Red Hat Enterprise Linux 8 update for kernel

Published: May 5, 2026

Security Bulletin ID SB2026050510
CSH Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 17% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Double free (CVE-ID: CVE-2024-41073)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.


2) Out-of-bounds read (CVE-ID: CVE-2025-40252)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qede_tpa_cont() and qede_tpa_end() functions in drivers/net/ethernet/qlogic/qede/qede_fp.c. A local user can perform a denial of service (DoS) attack.


3) Integer overflow (CVE-ID: CVE-2025-68724)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the asymmetric_key_generate_id() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can execute arbitrary code.


4) Heap-based buffer overflow (CVE-ID: CVE-2026-31402)

The vulnerability allows a remote attacker to corrupt heap memory.

The vulnerability exists due to a heap-based buffer overflow in the NFSv4.0 LOCK replay cache when encoding denied LOCK operation responses. A remote attacker can trigger conflicting lock requests with a large lock owner value to corrupt heap memory.

The issue is caused by copying an encoded LOCK denied response into a fixed 112-byte inline replay buffer without sufficient bounds checking, resulting in a slab out-of-bounds write of up to 944 bytes. Exploitation requires two cooperating NFSv4.0 clients and can be performed remotely without authentication.


5) Improper resource shutdown or release (CVE-ID: CVE-2026-23401)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper handling of SPTE updates in KVM MMU when installing emulated MMIO SPTEs. A local user can trigger a page fault after host userspace modifies guest memory mappings to switch from memslot to emulated MMIO, leading to an attempt to mark an already present SPTE as MMIO, which results in a kernel warning and potential guest crash. A local user can send a specially crafted request to cause a denial of service.

The issue arises when KVM fails to drop the existing shadow-present SPTE before installing an MMIO SPTE, resulting in inconsistent MMU state and triggering a kernel warning that can crash the guest.


6) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-31431)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper memory handling within the authencesn cryptographic template in algif_aead when processing AEAD operations. A local user can trigger the vulnerable code path to execute arbitrary code on the system.

Note, this vulnerability was dubbed "Copy Fail". 


Remediation

Install update from vendor's website.

References