VDB

RHSA-2026%3A16155

RHSA-2026%3A16155 PUBLISHED CVSS 7.800000190734863 HIGH

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The xfrm-ESP variant requires unprivileged user or network namespace creation, while the RxRPC variant depends on the rxrpc module being available on the target system.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red Hatrhcos-ppc64le-4.21.9.6.202605110143-0 as a component of Red Hat OpenShift Container Platform 4.214.21.9.6.202605110143-0, 4.21.9.6.202605110143-0, rhcos-ppc64le-4.21.9.6.202605110143-0
Red Hatrhcos-s390x-4.21.9.6.202605110143-0 as a component of Red Hat OpenShift Container Platform 4.214.21.9.6.202605110143-0, 4.21.9.6.202605110143-0, *
Red Hatrhcos-x86_64-4.21.9.6.202605110143-0 as a component of Red Hat OpenShift Container Platform 4.214.21.9.6.202605110143-0, 4.21.9.6.202605110143-0, rhcos-x86_64-4.21.9.6.202605110143-0
Red Hatrhcos-aarch64-4.21.9.6.202605110143-0 as a component of Red Hat OpenShift Container Platform 4.214.21.9.6.202605110143-0, rhcos-aarch64-4.21.9.6.202605110143-0, 4.21.9.6.202605110143-0

Timeline

  • May 13, 2026 CVE Published
  • May 13, 2026 Distribution Patch
  • May 13, 2026 Distribution Patch
  • May 13, 2026 Security Advisory
  • May 13, 2026 Security Advisory
  • May 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›