RHSA-2026:13932 | Mondoo Vulnerability Intelligence

RHSA-2026:13932

HIGH8.1

Red Hat Security Advisory: kernel security update

Published May 6, 2026

Modified Yesterday

Fix available

Details

Details:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191)
kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation. (CVE-2025-71238)
kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401)
kernel: crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431)
kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Packages(78 packages)

bpftool

Red Hat rhel_eus 9.4 appstreamRed Hat rhel_eus 9.4 baseosRed Hat rhel_eus 9.4 crbRed Hat rhel_eus 9.4 nfvRed Hat rhel_eus 9.4 realtime

Fixed in:

0:7.3.0-427.124.1.el9_4

bpftool-debuginfo

Red Hat rhel_eus 9.4 appstreamRed Hat rhel_eus 9.4 baseosRed Hat rhel_eus 9.4 crbRed Hat rhel_eus 9.4 nfvRed Hat rhel_eus 9.4 realtime

Fixed in:

0:7.3.0-427.124.1.el9_4

kernel

Red Hat rhel_eus 9.4 appstreamRed Hat rhel_eus 9.4 baseosRed Hat rhel_eus 9.4 crbRed Hat rhel_eus 9.4 nfvRed Hat rhel_eus 9.4 realtime

Fixed in:

0:5.14.0-427.124.1.el9_4

kernel-64k

Red Hat rhel_eus 9.4 appstreamRed Hat rhel_eus 9.4 baseosRed Hat rhel_eus 9.4 crbRed Hat rhel_eus 9.4 nfvRed Hat rhel_eus 9.4 realtime

Fixed in:

0:5.14.0-427.124.1.el9_4

kernel-64k-core

Red Hat rhel_eus 9.4 appstreamRed Hat rhel_eus 9.4 baseosRed Hat rhel_eus 9.4 crbRed Hat rhel_eus 9.4 nfvRed Hat rhel_eus 9.4 realtime

Fixed in:

0:5.14.0-427.124.1.el9_4

kernel-64k-debug

Red Hat rhel_eus 9.4 appstreamRed Hat rhel_eus 9.4 baseosRed Hat rhel_eus 9.4 crbRed Hat rhel_eus 9.4 nfvRed Hat rhel_eus 9.4 realtime

Fixed in:

0:5.14.0-427.124.1.el9_4

kernel-64k-debug-core

Red Hat rhel_eus 9.4 appstreamRed Hat rhel_eus 9.4 baseosRed Hat rhel_eus 9.4 crbRed Hat rhel_eus 9.4 nfvRed Hat rhel_eus 9.4 realtime

Fixed in:

0:5.14.0-427.124.1.el9_4

kernel-64k-debug-debuginfo

Red Hat rhel_eus 9.4 appstreamRed Hat rhel_eus 9.4 baseosRed Hat rhel_eus 9.4 crbRed Hat rhel_eus 9.4 nfvRed Hat rhel_eus 9.4 realtime

Fixed in:

0:5.14.0-427.124.1.el9_4

kernel-64k-debug-devel

Red Hat rhel_eus 9.4 appstreamRed Hat rhel_eus 9.4 baseosRed Hat rhel_eus 9.4 crbRed Hat rhel_eus 9.4 nfvRed Hat rhel_eus 9.4 realtime

Fixed in:

0:5.14.0-427.124.1.el9_4

kernel-64k-debug-devel-matched

Red Hat rhel_eus 9.4 appstreamRed Hat rhel_eus 9.4 baseosRed Hat rhel_eus 9.4 crbRed Hat rhel_eus 9.4 nfvRed Hat rhel_eus 9.4 realtime

Fixed in:

0:5.14.0-427.124.1.el9_4

References

https://access.redhat.com/errata/RHSA-2026:13932

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=2439947

https://bugzilla.redhat.com/show_bug.cgi?id=2444398

https://bugzilla.redhat.com/show_bug.cgi?id=2453803

https://bugzilla.redhat.com/show_bug.cgi?id=2460538

https://bugzilla.redhat.com/show_bug.cgi?id=2461107

https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_13932.json

CVSS Analysis

CVSS v3.1

8.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.1/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Upstream

CVE-2025-71238 CVE-2026-23191 CVE-2026-23401 CVE-2026-31431 CVE-2026-31532 CVE-2026-43077

Ecosystems

Red Hat rhel_eus 9.4 appstream Red Hat rhel_eus 9.4 baseos Red Hat rhel_eus 9.4 crb Red Hat rhel_eus 9.4 nfv Red Hat rhel_eus 9.4 realtime

Timeline

PublishedMay 6, 2026

ModifiedMay 19, 2026