{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-46333","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-13T15:03:33.113Z","datePublished":"2026-05-15T12:58:44.599Z","dateUpdated":"2026-07-01T12:05:06.860Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-14T18:09:28.322Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner 'get_dumpable()' logic\n\nThe 'dumpability' of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don't have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses 'dumpable' to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS).  Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt's not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn't make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don't have a\nMM pointer, we'll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["include/linux/sched.h","kernel/exit.c","kernel/ptrace.c"],"versions":[{"version":"bfedb589252c01fa505ac9f6f2a3d5d68d707ef4","lessThan":"93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6","status":"affected","versionType":"git"},{"version":"bfedb589252c01fa505ac9f6f2a3d5d68d707ef4","lessThan":"15b828a46f305ae9f05a7c16914b3ce273474205","status":"affected","versionType":"git"},{"version":"bfedb589252c01fa505ac9f6f2a3d5d68d707ef4","lessThan":"4709234fd1b95136ceb789f639b1e7ea5de1b181","status":"affected","versionType":"git"},{"version":"bfedb589252c01fa505ac9f6f2a3d5d68d707ef4","lessThan":"8f907d345bae8f4b3f004c5abc56bf2dfb851ea7","status":"affected","versionType":"git"},{"version":"bfedb589252c01fa505ac9f6f2a3d5d68d707ef4","lessThan":"6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d","status":"affected","versionType":"git"},{"version":"bfedb589252c01fa505ac9f6f2a3d5d68d707ef4","lessThan":"2a93a4fac7b6051d3be7cd1b015fe7320cd0404d","status":"affected","versionType":"git"},{"version":"bfedb589252c01fa505ac9f6f2a3d5d68d707ef4","lessThan":"01363cb3fbd0238ffdeb09f53e9039c9edf8a730","status":"affected","versionType":"git"},{"version":"bfedb589252c01fa505ac9f6f2a3d5d68d707ef4","lessThan":"31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a","status":"affected","versionType":"git"},{"version":"d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12","status":"affected","versionType":"git"},{"version":"03eed7afbc09e061f66b448daf7863174c3dc3f3","status":"affected","versionType":"git"},{"version":"e45692fa1aea06676449b63ef3c2b6e1e72b7578","status":"affected","versionType":"git"},{"version":"694a95fa6dae4991f16cda333d897ea063021fed","status":"affected","versionType":"git"},{"version":"3.16.52","lessThan":"3.17","status":"affected","versionType":"semver"},{"version":"4.4.40","lessThan":"4.5","status":"affected","versionType":"semver"},{"version":"4.8.16","lessThan":"4.9","status":"affected","versionType":"semver"},{"version":"4.9.1","lessThan":"4.10","status":"affected","versionType":"semver"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["include/linux/sched.h","kernel/exit.c","kernel/ptrace.c"],"versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","status":"unaffected","versionType":"semver"},{"version":"5.10.256","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.207","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.173","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.139","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.89","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.31","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.8","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.10.256"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.15.207"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.1.173"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.6.139"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.12.89"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.18.31"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"7.0.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"7.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.52"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.40"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6"},{"url":"https://git.kernel.org/stable/c/15b828a46f305ae9f05a7c16914b3ce273474205"},{"url":"https://git.kernel.org/stable/c/4709234fd1b95136ceb789f639b1e7ea5de1b181"},{"url":"https://git.kernel.org/stable/c/8f907d345bae8f4b3f004c5abc56bf2dfb851ea7"},{"url":"https://git.kernel.org/stable/c/6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d"},{"url":"https://git.kernel.org/stable/c/2a93a4fac7b6051d3be7cd1b015fe7320cd0404d"},{"url":"https://git.kernel.org/stable/c/01363cb3fbd0238ffdeb09f53e9039c9edf8a730"},{"url":"https://git.kernel.org/stable/c/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a"}],"title":"ptrace: slightly saner 'get_dumpable()' logic","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2026/05/15/9"},{"url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00032.html"},{"url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00035.html"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/20/14"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/20/16"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-05-20T18:47:13.604Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-269","lang":"en","description":"CWE-269 Improper Privilege Management"}]}],"references":[{"url":"https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-21T00:00:00+00:00","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-46333"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-22T03:55:24.391Z"}},{"affected":[{"cpes":["cpe:/a:redhat:enterprise_linux_nvidia:10::el10"],"defaultStatus":"affected","product":"NVIDIA for RHEL 10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.20::el8","cpe:/a:redhat:openshift:4.20::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.20","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.9.0)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_e4s:8.6::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.6)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.6)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_e4s:9.0::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::crb"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CRB (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.4::crb"],"defaultStatus":"affected","product":"Red Hat CodeReady Linux Builder EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"],"defaultStatus":"affected","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::crb"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux NFV (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.0::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux NFV E4S (v.9.0)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.4::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux RT (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.0::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time E4S (v.9.0)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.4::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"}],"datePublic":"2026-05-15T05:55:00.000Z","descriptions":[{"lang":"en","value":"A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully terminates. Successful exploitation may lead to the disclosure of sensitive data such as SSH host private keys or /etc/shadow contents."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"Improper Privilege Management","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-46333"},{"name":"RHBZ#2477802","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477802"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46333.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19540"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:33486"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21701"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21702"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:20299"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19569"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19705"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:20593"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:20054"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:20129"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19568"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19666"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23470"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:20130"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:20051"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19521"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23471"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23469"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24814"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23468"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19664"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19711"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19875"}],"solutions":[{"lang":"en","value":"RHSA-2026:19540: NVIDIA for RHEL 10"},{"lang":"en","value":"RHSA-2026:33486: NVIDIA for RHEL 10"},{"lang":"en","value":"RHSA-2026:21701: Red Hat OpenShift Container Platform 4.20"},{"lang":"en","value":"RHSA-2026:21702: Red Hat OpenShift Container Platform 4.20"},{"lang":"en","value":"RHSA-2026:20299: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"},{"lang":"en","value":"RHSA-2026:19569: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"},{"lang":"en","value":"RHSA-2026:19705: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"},{"lang":"en","value":"RHSA-2026:20593: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"},{"lang":"en","value":"RHSA-2026:20054: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"},{"lang":"en","value":"RHSA-2026:20129: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:19568: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"},{"lang":"en","value":"RHSA-2026:19666: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"},{"lang":"en","value":"RHSA-2026:23470: Red Hat Enterprise Linux BaseOS (v. 8)"},{"lang":"en","value":"RHSA-2026:20130: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"},{"lang":"en","value":"RHSA-2026:20051: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"},{"lang":"en","value":"RHSA-2026:19521: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"},{"lang":"en","value":"RHSA-2026:23471: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"},{"lang":"en","value":"RHSA-2026:23469: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"},{"lang":"en","value":"RHSA-2026:24814: Red Hat Enterprise Linux BaseOS E4S (v.9.4)"},{"lang":"en","value":"RHSA-2026:23468: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:19664: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"},{"lang":"en","value":"RHSA-2026:19711: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"},{"lang":"en","value":"RHSA-2026:19875: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"}],"timeline":[{"lang":"en","time":"2026-05-15T08:27:21.590Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-15T05:55:00.000Z","value":"Made public."}],"title":"kernel: Read root-owned files as an unprivileged user","workarounds":[{"lang":"en","value":"See the security bulletin for a detailed mitigation procedure."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-01T12:05:06.860Z"}}]}}