Detections
Analytics

RockyLinux 10 : kernel (RLSA-2026:19569)

high Nessus Plugin ID 318832

Synopsis

The remote RockyLinux host is missing one or more security updates.

Description

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19569 advisory.

 * kernel: net: af_can: do not leave a dangling sk pointer in can_create() (CVE-2024-56603)

 * kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766)

 * kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CVE-2025-68724)

 * kernel: scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741)

 * kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270)

 * kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401)

 * kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)

 * kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408)

 * kernel: usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607)

 * kernel: RDMA/umem: Fix double dma_buf_unpin in failure path (CVE-2026-43128)

 * kernel: Dirty Frag is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284)

 * kernel: Fragnesia is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300)

 * kernel: Read root-owned files as an unprivileged user (CVE-2026-46333)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://errata.rockylinux.org/RLSA-2026:19569

https://bugzilla.redhat.com/show_bug.cgi?id=2334439

https://bugzilla.redhat.com/show_bug.cgi?id=2454844

https://bugzilla.redhat.com/show_bug.cgi?id=2448745

https://bugzilla.redhat.com/show_bug.cgi?id=2453803

https://bugzilla.redhat.com/show_bug.cgi?id=2467771

https://bugzilla.redhat.com/show_bug.cgi?id=2394648

https://bugzilla.redhat.com/show_bug.cgi?id=2425046

https://bugzilla.redhat.com/show_bug.cgi?id=2477015

https://bugzilla.redhat.com/show_bug.cgi?id=2461521

https://bugzilla.redhat.com/show_bug.cgi?id=2467144

https://bugzilla.redhat.com/show_bug.cgi?id=2424886

https://bugzilla.redhat.com/show_bug.cgi?id=2455334

https://bugzilla.redhat.com/show_bug.cgi?id=2477802

Plugin Details

Severity: High

ID: 318832

File Name: rocky_linux_RLSA-2026-19569.nasl

Version: 1.1

Type: Local

Published: 6/5/2026

Updated: 6/5/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 10.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-46300

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:rocky:linux:libperf, p-cpe:/a:rocky:linux:kernel-debug-modules, p-cpe:/a:rocky:linux:kernel-debug-core, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-core, p-cpe:/a:rocky:linux:kernel-rt-64k, p-cpe:/a:rocky:linux:kernel-rt-64k-debug, p-cpe:/a:rocky:linux:kernel-rt-64k-devel, p-cpe:/a:rocky:linux:kernel-debug, p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-debug-devel-matched, p-cpe:/a:rocky:linux:kernel-uki-virt, p-cpe:/a:rocky:linux:kernel-debuginfo-common-s390x, p-cpe:/a:rocky:linux:kernel-tools, p-cpe:/a:rocky:linux:kernel-64k-devel-matched, p-cpe:/a:rocky:linux:kernel-rt-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-devel, p-cpe:/a:rocky:linux:python3-perf, p-cpe:/a:rocky:linux:kernel-devel, p-cpe:/a:rocky:linux:kernel-rt-debuginfo, p-cpe:/a:rocky:linux:kernel, p-cpe:/a:rocky:linux:kernel-rt-debug-core, p-cpe:/a:rocky:linux:kernel-64k-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-modules-extra, p-cpe:/a:rocky:linux:kernel-rt-64k-modules, p-cpe:/a:rocky:linux:kernel-rt-modules-core, p-cpe:/a:rocky:linux:kernel-rt-modules-extra, p-cpe:/a:rocky:linux:libperf-debuginfo, p-cpe:/a:rocky:linux:kernel-devel-matched, p-cpe:/a:rocky:linux:kernel-core, p-cpe:/a:rocky:linux:kernel-modules-extra-matched, p-cpe:/a:rocky:linux:kernel-64k-debug-core, p-cpe:/a:rocky:linux:kernel-zfcpdump-devel, p-cpe:/a:rocky:linux:perf-debuginfo, p-cpe:/a:rocky:linux:kernel-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-devel, p-cpe:/a:rocky:linux:kernel-tools-debuginfo, p-cpe:/a:rocky:linux:kernel-debuginfo-common-ppc64le, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules, p-cpe:/a:rocky:linux:kernel-zfcpdump-devel-matched, p-cpe:/a:rocky:linux:perf, p-cpe:/a:rocky:linux:kernel-rt-debug-modules, p-cpe:/a:rocky:linux:kernel-rt-debug-modules-core, p-cpe:/a:rocky:linux:kernel-64k-modules-core, p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules, p-cpe:/a:rocky:linux:kernel-64k-core, p-cpe:/a:rocky:linux:kernel-64k-debug-modules, p-cpe:/a:rocky:linux:kernel-modules-core, p-cpe:/a:rocky:linux:kernel-modules-extra, p-cpe:/a:rocky:linux:rtla, p-cpe:/a:rocky:linux:kernel-rt-modules, p-cpe:/a:rocky:linux:kernel-tools-libs-devel, p-cpe:/a:rocky:linux:kernel-64k-debug-devel-matched, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:rocky:linux:kernel-64k-debug, p-cpe:/a:rocky:linux:kernel-rt-64k-modules-extra, p-cpe:/a:rocky:linux:kernel-tools-libs, p-cpe:/a:rocky:linux:rv, p-cpe:/a:rocky:linux:kernel-uki-virt-addons, p-cpe:/a:rocky:linux:kernel-rt-64k-modules-core, p-cpe:/a:rocky:linux:kernel-debug-uki-virt, p-cpe:/a:rocky:linux:kernel-64k-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-64k, p-cpe:/a:rocky:linux:kernel-64k-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-debug-modules-core, p-cpe:/a:rocky:linux:kernel-zfcpdump-core, p-cpe:/a:rocky:linux:kernel-debug-modules-core, p-cpe:/a:rocky:linux:kernel-rt-64k-debuginfo, p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:rocky:linux:kernel-zfcpdump, p-cpe:/a:rocky:linux:kernel-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-64k-core, p-cpe:/a:rocky:linux:kernel-rt-core, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-devel, p-cpe:/a:rocky:linux:kernel-zfcpdump-debuginfo, p-cpe:/a:rocky:linux:python3-perf-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-rt, cpe:/o:rocky:linux:10, p-cpe:/a:rocky:linux:kernel-abi-stablelists, p-cpe:/a:rocky:linux:kernel-modules, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules-extra, p-cpe:/a:rocky:linux:kernel-64k-modules, p-cpe:/a:rocky:linux:kernel-rt-debug, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules-core, p-cpe:/a:rocky:linux:kernel-debuginfo

Required KB Items: Host/local_checks_enabled, Host/RockyLinux/release, Host/RockyLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/29/2026

Vulnerability Publication Date: 12/27/2024

Reference Information

CVE: CVE-2024-56603, CVE-2025-39766, CVE-2025-68724, CVE-2025-68741, CVE-2026-23270, CVE-2026-23401, CVE-2026-31402, CVE-2026-31408, CVE-2026-31607, CVE-2026-43128, CVE-2026-43284, CVE-2026-46300, CVE-2026-46333