SB2026050542 - Red Hat Enterprise Linux 8 update for kernel
Published: May 5, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Improper locking (CVE-ID: CVE-2026-23097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the unmap_and_move_huge_page() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2026-23193)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iscsit_dec_session_usage_count() function in drivers/target/iscsi/iscsi_target_util.c. A local user can escalate privileges on the system.
3) Double free (CVE-ID: CVE-2025-71238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the qla2x00_update_optrom() function in drivers/scsi/qla2xxx/qla_bsg.c. A local user can perform a denial of service (DoS) attack.
4) Heap-based buffer overflow (CVE-ID: CVE-2026-31402)
The vulnerability allows a remote attacker to corrupt heap memory.
The vulnerability exists due to a heap-based buffer overflow in the NFSv4.0 LOCK replay cache when encoding denied LOCK operation responses. A remote attacker can trigger conflicting lock requests with a large lock owner value to corrupt heap memory.
The issue is caused by copying an encoded LOCK denied response into a fixed 112-byte inline replay buffer without sufficient bounds checking, resulting in a slab out-of-bounds write of up to 944 bytes. Exploitation requires two cooperating NFSv4.0 clients and can be performed remotely without authentication.
Remediation
Install update from vendor's website.