RHSA-2026:19521
Advisory lineage Upstream: 8 Downstream: 0
Published: 20 May 2026, 10:10
Last modified:04 Jun 2026, 10:06
Vulnerability Summary
Overall Risk (default)
medium
32/100 CVSS Score
8.1 HIGH
3.1 (osv_red_hat)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
20 May 2026, 10:10
Published
Vulnerability first disclosed
04 Jun 2026, 10:06
Last Modified
Vulnerability information updated
Description
Red Hat Security Advisory: kernel security update
CVSS Metrics
- v3.1•HIGH•Score: 8.1CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Systems
- redhat•bpftool
< 0:4.18.0-477.143.1.el8_8
- redhat•bpftool-debuginfo
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-abi-stablelists
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-core
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-debug
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-debug-core
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-debug-debuginfo
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-debug-devel
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-debug-modules
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-debug-modules-extra
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-debuginfo
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-debuginfo-common-ppc64le
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-debuginfo-common-x86_64
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-devel
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-doc
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-modules
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-modules-extra
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-tools
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-tools-debuginfo
< 0:4.18.0-477.143.1.el8_8
- redhat•kernel-tools-libs
< 0:4.18.0-477.143.1.el8_8
- redhat•perf
< 0:4.18.0-477.143.1.el8_8
- redhat•perf-debuginfo
< 0:4.18.0-477.143.1.el8_8
- redhat•python3-perf
< 0:4.18.0-477.143.1.el8_8
- redhat•python3-perf-debuginfo
< 0:4.18.0-477.143.1.el8_8
References (45)
- https://access.redhat.com/errata/RHSA-2026:19521
- https://access.redhat.com/security/updates/classification/#important
- https://bugzilla.redhat.com/show_bug.cgi?id=2373354
- https://bugzilla.redhat.com/show_bug.cgi?id=2439947
- https://bugzilla.redhat.com/show_bug.cgi?id=2448594
- https://bugzilla.redhat.com/show_bug.cgi?id=2453803
- https://bugzilla.redhat.com/show_bug.cgi?id=2457829
- https://bugzilla.redhat.com/show_bug.cgi?id=2461107
- https://bugzilla.redhat.com/show_bug.cgi?id=2477015
- https://bugzilla.redhat.com/show_bug.cgi?id=2477802
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19521.json
- https://access.redhat.com/security/cve/CVE-2025-38024
- https://www.cve.org/CVERecord?id=CVE-2025-38024
- https://nvd.nist.gov/vuln/detail/CVE-2025-38024
- https://lore.kernel.org/linux-cve-announce/2025061847-CVE-2025-38024-2904@gregkh/T
- https://access.redhat.com/security/cve/CVE-2026-23191
- https://www.cve.org/CVERecord?id=CVE-2026-23191
- https://nvd.nist.gov/vuln/detail/CVE-2026-23191
- https://lore.kernel.org/linux-cve-announce/2026021433-CVE-2026-23191-f990@gregkh/T
- https://access.redhat.com/security/cve/CVE-2026-23243
- https://www.cve.org/CVERecord?id=CVE-2026-23243
- https://nvd.nist.gov/vuln/detail/CVE-2026-23243
- https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2026-23243-b88e@gregkh/T
- https://access.redhat.com/security/cve/CVE-2026-23401
- https://www.cve.org/CVERecord?id=CVE-2026-23401
- https://nvd.nist.gov/vuln/detail/CVE-2026-23401
- https://lore.kernel.org/linux-cve-announce/2026040108-CVE-2026-23401-956d@gregkh/T
- https://access.redhat.com/security/cve/CVE-2026-31419
- https://www.cve.org/CVERecord?id=CVE-2026-31419
- https://nvd.nist.gov/vuln/detail/CVE-2026-31419
- https://lore.kernel.org/linux-cve-announce/2026041353-CVE-2026-31419-e176@gregkh/T
- https://access.redhat.com/security/cve/CVE-2026-31532
- https://www.cve.org/CVERecord?id=CVE-2026-31532
- https://nvd.nist.gov/vuln/detail/CVE-2026-31532
- https://lore.kernel.org/linux-cve-announce/2026042349-CVE-2026-31532-a820@gregkh/T
- https://access.redhat.com/security/cve/CVE-2026-46300
- https://access.redhat.com/security/vulnerabilities/RHSB-2026-003
- https://www.cve.org/CVERecord?id=CVE-2026-46300
- https://nvd.nist.gov/vuln/detail/CVE-2026-46300
- https://access.redhat.com/security/cve/CVE-2026-46333
- https://access.redhat.com/security/vulnerabilities/RHSB-2026-004
- https://www.cve.org/CVERecord?id=CVE-2026-46333
- https://nvd.nist.gov/vuln/detail/CVE-2026-46333
- https://github.com/torvalds/linux/commit/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
- https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-local-root-privilege-escalation-and-credential-disclosure-in-the-linux-kernel-ptrace-path