SB2026050637 - Red Hat Enterprise Linux 9 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026050637

SB2026050637 - Red Hat Enterprise Linux 9 update for kernel

Published: May 6, 2026

Security Bulletin ID SB2026050637
CSH Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

High 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2026-23191)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the is_access_interleaved() and loopback_check_format() functions in sound/drivers/aloop.c. A local user can escalate privileges on the system.


2) Double free (CVE-ID: CVE-2025-71238)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the qla2x00_update_optrom() function in drivers/scsi/qla2xxx/qla_bsg.c. A local user can perform a denial of service (DoS) attack.


3) Improper resource shutdown or release (CVE-ID: CVE-2026-23401)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper handling of SPTE updates in KVM MMU when installing emulated MMIO SPTEs. A local user can trigger a page fault after host userspace modifies guest memory mappings to switch from memslot to emulated MMIO, leading to an attempt to mark an already present SPTE as MMIO, which results in a kernel warning and potential guest crash. A local user can send a specially crafted request to cause a denial of service.

The issue arises when KVM fails to drop the existing shadow-present SPTE before installing an MMIO SPTE, resulting in inconsistent MMU state and triggering a kernel warning that can crash the guest.


4) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-31431)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper memory handling within the authencesn cryptographic template in algif_aead when processing AEAD operations. A local user can trigger the vulnerable code path to execute arbitrary code on the system.

Note, this vulnerability was dubbed "Copy Fail". 


5) Use-after-free (CVE-ID: CVE-2026-31532)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a use-after-free in raw_rcv() when processing CAN frames after a raw CAN socket is released. A local user can trigger concurrent socket release and packet reception to cause a denial of service.

The issue involves the percpu uniq storage referenced through RCU-delayed receiver deletion.


Remediation

Install update from vendor's website.

References