Red Hat published bulletin RHSB-2026-004 "File Descriptor Theft via Process Exit Race Condition" for a race condition in the Linux kernel: CVE-2026-46333, going around as "ssh-keysign-pwn" or "ptrace exit-race". Red Hat rates it Important, NVD lists CVSS 5.5. Affected are RHEL 8, 9 and 10 and OpenShift Container Platform 4. Rocky Linux and AlmaLinux already ship fixes, Red Hat tracks the rollout in the linked bulletin. Until the regular kernel patch is in, the official mitigation through the Yama ptrace scope applies.
Rocky Linux launches an optional security repository for critical hot-fixes as long as RHEL has no patch yet. First use case is Dirty Frag (CVE-2026-43284, CVE-2026-43500), a local privilege escalation in the Linux kernel with a working public PoC. The repo is not enabled by default and has to be switched on deliberately.
Red Hat has published bulletin RHSB-2026-003 "Dirty Frag" covering a local privilege escalation in the Linux kernel networking subsystem. The bulletin groups CVE-2026-43284 in the IPsec ESP path (Dirty Frag) and CVE-2026-46300 in the ESP-in-TCP variant (Fragnesia). Red Hat rates both as Important. Affected are RHEL 8, 9 and 10 plus OpenShift Container Platform 4. Patches are being expedited per the bulletin. Until they are in, one of the two official mitigations applies.
CVE-2026-31431 is a local privilege escalation in the Linux kernel crypto API. Red Hat rates it Important (CVSS 7.8). Affected are RHEL 8, 9 and 10 (kernel and kernel-rt) and OpenShift Container Platform 4. Until the kernel patch is in, the official boot-parameter mitigation should be on every RHEL host.
Firewall Builder (fwbuilder) has no nftables support and has not been actively developed for years. FirewallFabrik is its modern successor: a complete rewrite in Python and Qt6 with native nftables support, seamless migration of existing .fwb files, and a GUI that feels just like the original.
