Changeflow GovPing Data Privacy & Cybersecurity Red Hat Linux Kernel Multiple Vulnerabilities A...
Priority review Notice Added Final

Red Hat Linux Kernel Multiple Vulnerabilities Advisory

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published April 3rd, 2026
Detected April 3rd, 2026
Email

Summary

CERT-FR issued advisory CERTFR-2026-AVI-0396 alerting to multiple vulnerabilities in the Red Hat Linux kernel affecting Red Hat Enterprise Linux and CodeReady Linux Builder products across ARM64, IBM z Systems, Power, and x86_64 architectures. The vulnerabilities expose affected systems to data confidentiality breaches, security policy bypass, remote denial of service, and privilege escalation risks. Organizations running affected Red Hat products should apply the referenced security patches from Red Hat.

View original document View source feed page

What changed

CERT-FR published security advisory CERTFR-2026-AVI-0396 documenting multiple kernel vulnerabilities in Red Hat Linux products. The vulnerabilities enable privilege escalation, remote denial of service attacks, security policy bypass, and data confidentiality breaches. The affected products span multiple Red Hat Enterprise Linux editions including versions 8, 9.4, and 10.0 across architectures including ARM64 (aarch64), IBM z Systems (s390x), Power little endian (ppc64le), and x86_64. The advisory references Red Hat security bulletins RHSA-2026:6036, RHSA-2026:6037, RHSA-2026:6193, and RHSA-2026:6310 published between March 30 and April 1, 2026.

Organizations running any affected Red Hat Linux products should immediately identify their installed versions and apply the corresponding Red Hat security patches. System administrators should prioritize patching systems handling sensitive data or exposed to network access given the remote exploitation potential. Review network access controls and implement defense-in-depth measures while patches are being deployed.

What to do next

  1. Identify all Red Hat Enterprise Linux and CodeReady Linux Builder installations in your environment
  2. Apply Red Hat security patches referenced in RHSA-2026:6036, RHSA-2026:6037, RHSA-2026:6193, and RHSA-2026:6310
  3. Review system access controls and monitor for indicators of compromise until patches are applied

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 03 avril 2026 N° CERTFR-2026-AVI-0396 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans le noyau Linux de Red Hat

Gestion du document

| Référence | CERTFR-2026-AVI-0396 |
| Titre | Multiples vulnérabilités dans le noyau Linux de Red Hat |
| Date de la première version | 03 avril 2026 |
| Date de la dernière version | 03 avril 2026 |
| Source(s) | Bulletin de sécurité Red Hat RHSA-2026:6036 du 30 mars 2026
Bulletin de sécurité Red Hat RHSA-2026:6037 du 30 mars 2026
Bulletin de sécurité Red Hat RHSA-2026:6193 du 30 mars 2026
Bulletin de sécurité Red Hat RHSA-2026:6310 du 01 avril 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à la confidentialité des données
  • Contournement de la politique de sécurité
  • Déni de service à distance
  • Élévation de privilèges

Systèmes affectés

  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for x8664 - Extended Update Support 10.0 x8664
  • Red Hat CodeReady Linux Builder for x8664 - Extended Update Support 9.4 x8664
  • Red Hat CodeReady Linux Builder for x8664 8 x8664
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Real Time 8 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
  • Red Hat Enterprise Linux for x8664 - 4 years of updates 10.0 x8664
  • Red Hat Enterprise Linux for x8664 - Extended Life Cycle 8.10 x8664
  • Red Hat Enterprise Linux for x8664 - Extended Life Cycle 9.4 x8664
  • Red Hat Enterprise Linux for x8664 - Extended Update Support 10.0 x8664
  • Red Hat Enterprise Linux for x8664 - Extended Update Support 9.4 x8664
  • Red Hat Enterprise Linux for x8664 - Update Services for SAP Solutions 9.4 x8664
  • Red Hat Enterprise Linux for x8664 8 x8664
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le

Résumé

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 03 avril 2026 Version initiale

Named provisions

Risques Systèmes affectés

Related changes

Favicon for www.cert.ssi.gouv.fr Synology Mail Station Vulnerability Advisory
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Vulnerabilities in VMware Tanzu MySQL Kubernetes
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Microsoft Edge Multiple Security Vulnerabilities Advisory
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cssf.lu Active Supply Chain Attack Targeting Axios NPM
Urgent Apr 04, 2026 CSSF News Banking & Finance
Favicon for www.oig.dot.gov FAA High-Impact System Security Gaps in National Airspace
Priority review Apr 03, 2026 DOT OIG Reports Transportation
Favicon for www.enisa.europa.eu EU Digital Wallet Certification Scheme Public Consultation
Priority review Apr 03, 2026 ENISA News Data Privacy & Cybersecurity

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
April 3rd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
CERTFR-2026-AVI-0396

Who this affects

Applies to
Technology companies Government agencies Healthcare providers
Industry sector
5112 Software & Technology 9211 Government & Public Administration 6211 Healthcare Providers
Activity scope
Kernel Vulnerability Management Patch Management System Hardening
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Critical Infrastructure

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 43 Courts & Legal 358 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Government & Legislation 274 Healthcare 135 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 medical-board 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.