AlmaLinux 9 : kernel (ALSA-2026:30848)

high Nessus Plugin ID 323945

Synopsis

The remote AlmaLinux host is missing one or more security updates.

Description

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:30848 advisory.

* kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation (CVE-2026-31488)
* kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038)
* kernel: netfilter: flowtable: strictly check for maximum number of actions (CVE-2026-43329)
* kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop (CVE-2026-46090)
* kernel: selinux: fix overlayfs mmap() and mprotect() access checks (CVE-2026-46054)
* kernel: RDMA/iwcm: Fix workqueue list corruption by removing work_list (CVE-2026-45898)
* kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path (CVE-2026-46189)
* kernel: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() (CVE-2026-46176)
* kernel: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry (CVE-2026-46316)

Bug Fix(es) and Enhancement(s):

* [AlmaLinux-9.8.z]: Update the mlx5 drivers to v6.19 (JIRA:AlmaLinux-169057)
* iavf: during POD churn vlan filters may not be added for a vlan interface, spoofchk drops subsequent packets [almalinux-9.8.z] (JIRA:AlmaLinux-172993)
* nf_conntrack_sctp: vtag corruption with late INIT in ESTABLISHED state across conntrack zones [almalinux-9.8.z] (JIRA:AlmaLinux-178273)
* sched/fair: Skip sched_balance_running cmpxchg when balance is not due [almalinux-9.8.z] (JIRA:AlmaLinux-182776)
* [REGRESSION] ISST-Spyre: Jenkins workload causes soft lock warning to appear on screen. Workload hangs. [almalinux-9.8.z] (JIRA:AlmaLinux-183183)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2026:30848

https://errata.almalinux.org/9/ALSA-2026-30848.html

Plugin Details

Severity: High

ID: 323945

File Name: alma_linux_ALSA-2026-30848.nasl

Version: 1.1

Type: Local

Published: 6/30/2026

Updated: 6/30/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-46189

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:alma:linux:kernel-headers, p-cpe:/a:alma:linux:kernel-core, cpe:/o:alma:linux:9::supplementary, cpe:/o:alma:linux:9::resilientstorage, p-cpe:/a:alma:linux:kernel-zfcpdump-modules, p-cpe:/a:alma:linux:kernel-64k, p-cpe:/a:alma:linux:kernel-rt-64k-debug-devel, cpe:/o:alma:linux:9::sap_hana, p-cpe:/a:alma:linux:kernel-rt, p-cpe:/a:alma:linux:kernel-debug-modules, p-cpe:/a:alma:linux:kernel-devel-matched, p-cpe:/a:alma:linux:kernel-rt-debug-modules-core, p-cpe:/a:alma:linux:kernel-64k-modules, p-cpe:/a:alma:linux:kernel-rt-64k-debug, p-cpe:/a:alma:linux:kernel-abi-stablelists, p-cpe:/a:alma:linux:kernel-debug-devel-matched, p-cpe:/a:alma:linux:kernel-tools-libs, cpe:/o:alma:linux:9::nfv, p-cpe:/a:alma:linux:kernel-debug-uki-virt, cpe:/o:alma:linux:9::baseos, p-cpe:/a:alma:linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:alma:linux:kernel-tools, cpe:/o:alma:linux:9::appstream, p-cpe:/a:alma:linux:kernel-rt-modules-core, p-cpe:/a:alma:linux:libperf, p-cpe:/a:alma:linux:kernel-rt-64k, p-cpe:/a:alma:linux:kernel-rt-core, p-cpe:/a:alma:linux:kernel-64k-modules-core, p-cpe:/a:alma:linux:kernel-zfcpdump-core, p-cpe:/a:alma:linux:kernel-rt-debug-devel, p-cpe:/a:alma:linux:kernel-rt-64k-modules, p-cpe:/a:alma:linux:kernel-zfcpdump-devel-matched, p-cpe:/a:alma:linux:kernel-rt-modules, p-cpe:/a:alma:linux:kernel-64k-core, p-cpe:/a:alma:linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:alma:linux:kernel-zfcpdump-modules-core, p-cpe:/a:alma:linux:kernel-rt-modules-extra, p-cpe:/a:alma:linux:perf, p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra, p-cpe:/a:alma:linux:kernel-64k-debug-modules-extra, cpe:/o:alma:linux:9::highavailability, p-cpe:/a:alma:linux:kernel-rt-64k-debug-modules, p-cpe:/a:alma:linux:kernel-64k-debug-devel-matched, cpe:/o:alma:linux:9::sap, cpe:/o:alma:linux:9::crb, p-cpe:/a:alma:linux:kernel-debug-devel, p-cpe:/a:alma:linux:kernel-zfcpdump-devel, cpe:/o:alma:linux:9, p-cpe:/a:alma:linux:kernel-rt-devel, p-cpe:/a:alma:linux:kernel-64k-debug, p-cpe:/a:alma:linux:rv, p-cpe:/a:alma:linux:kernel-cross-headers, p-cpe:/a:alma:linux:kernel-debug-modules-extra, p-cpe:/a:alma:linux:kernel-uki-virt-addons, p-cpe:/a:alma:linux:rtla, p-cpe:/a:alma:linux:kernel-64k-debug-devel, p-cpe:/a:alma:linux:kernel-debug, p-cpe:/a:alma:linux:kernel-tools-libs-devel, p-cpe:/a:alma:linux:kernel-modules-core, p-cpe:/a:alma:linux:kernel, p-cpe:/a:alma:linux:kernel-64k-devel, p-cpe:/a:alma:linux:kernel-zfcpdump, p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra, p-cpe:/a:alma:linux:kernel-debug-modules-core, p-cpe:/a:alma:linux:kernel-64k-debug-core, p-cpe:/a:alma:linux:kernel-rt-64k-debug-core, p-cpe:/a:alma:linux:kernel-rt-debug-core, p-cpe:/a:alma:linux:kernel-rt-debug, p-cpe:/a:alma:linux:kernel-devel, cpe:/o:alma:linux:9::realtime, p-cpe:/a:alma:linux:kernel-uki-virt, p-cpe:/a:alma:linux:kernel-64k-debug-modules-core, p-cpe:/a:alma:linux:kernel-debug-core, p-cpe:/a:alma:linux:kernel-modules, p-cpe:/a:alma:linux:kernel-rt-64k-modules-extra, p-cpe:/a:alma:linux:kernel-rt-64k-modules-core, p-cpe:/a:alma:linux:kernel-64k-devel-matched, p-cpe:/a:alma:linux:kernel-rt-64k-devel, p-cpe:/a:alma:linux:kernel-rt-64k-core, p-cpe:/a:alma:linux:python3-perf, p-cpe:/a:alma:linux:kernel-64k-modules-extra, p-cpe:/a:alma:linux:kernel-modules-extra, p-cpe:/a:alma:linux:kernel-rt-debug-modules, p-cpe:/a:alma:linux:kernel-64k-debug-modules

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/AlmaLinux/release, Host/AlmaLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/29/2026

Vulnerability Publication Date: 4/7/2026

Reference Information

CVE: CVE-2026-31488, CVE-2026-43038, CVE-2026-43329, CVE-2026-45898, CVE-2026-46054, CVE-2026-46090, CVE-2026-46176, CVE-2026-46189

CWE: 1288, 1341, 280, 364, 770, 825, 843

RHSA: 2026:30848