{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43284","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:55.998Z","datePublished":"2026-05-08T07:21:47.524Z","dateUpdated":"2026-07-01T12:05:07.760Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-14T17:44:56.673Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: esp: avoid in-place decrypt on shared skb frags\n\nMSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP\nmarks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(),\nso later paths that may modify packet data can first make a private\ncopy. The IPv4/IPv6 datagram append paths did not set this flag when\nsplicing pages into UDP skbs.\n\nThat leaves an ESP-in-UDP packet made from shared pipe pages looking\nlike an ordinary uncloned nonlinear skb. ESP input then takes the no-COW\nfast path for uncloned skbs without a frag_list and decrypts in place\nover data that is not owned privately by the skb.\n\nMark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching\nTCP. Also make ESP input fall back to skb_cow_data() when the flag is\npresent, so ESP does not decrypt externally backed frags in place.\nPrivate nonlinear skb frags still use the existing fast path.\n\nThis intentionally does not change ESP output. In esp_output_head(),\nthe path that appends the ESP trailer to existing skb tailroom without\ncalling skb_cow_data() is not reachable for nonlinear skbs:\nskb_tailroom() returns zero when skb->data_len is nonzero, while ESP\ntailen is positive. Thus ESP output will either use the separate\ndestination-frag path or fall back to skb_cow_data()."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv4/esp4.c","net/ipv4/ip_output.c","net/ipv6/esp6.c","net/ipv6/ip6_output.c"],"versions":[{"version":"cac2661c53f35cbe651bef9b07026a5a05ab8ce0","lessThan":"a6cb440f274a22456ef3e86b457344f1678f38f9","status":"affected","versionType":"git"},{"version":"cac2661c53f35cbe651bef9b07026a5a05ab8ce0","lessThan":"ab8b995323e5237041472d07e5055f5f7dcdf15b","status":"affected","versionType":"git"},{"version":"cac2661c53f35cbe651bef9b07026a5a05ab8ce0","lessThan":"fe785bb3a8096dffcc4048a85cd0c83337eeecad","status":"affected","versionType":"git"},{"version":"cac2661c53f35cbe651bef9b07026a5a05ab8ce0","lessThan":"5d55c7336f8032d434adcc5fab987ccc93a44aec","status":"affected","versionType":"git"},{"version":"cac2661c53f35cbe651bef9b07026a5a05ab8ce0","lessThan":"8253aab4659ca16116b522203c2a6b18dccacea7","status":"affected","versionType":"git"},{"version":"cac2661c53f35cbe651bef9b07026a5a05ab8ce0","lessThan":"50ed1e7873100f77abad20fd31c51029bc49cd03","status":"affected","versionType":"git"},{"version":"cac2661c53f35cbe651bef9b07026a5a05ab8ce0","lessThan":"b54edf1e9a3fd3491bdcb82a21f8d21315271e0d","status":"affected","versionType":"git"},{"version":"cac2661c53f35cbe651bef9b07026a5a05ab8ce0","lessThan":"71a1d9d985d26716f74d21f18ee8cac821b06e97","status":"affected","versionType":"git"},{"version":"cac2661c53f35cbe651bef9b07026a5a05ab8ce0","lessThan":"52646cbd00e765a6db9c3afe9535f26218276034","status":"affected","versionType":"git"},{"version":"cac2661c53f35cbe651bef9b07026a5a05ab8ce0","lessThan":"f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv4/esp4.c","net/ipv4/ip_output.c","net/ipv6/esp6.c","net/ipv6/ip6_output.c"],"versions":[{"version":"4.11","status":"affected"},{"version":"0","lessThan":"4.11","status":"unaffected","versionType":"semver"},{"version":"5.10.255","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.205","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.15.206","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.171","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.1.172","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.138","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.87","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.28","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.5","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.10.255"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.15.205"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.15.206"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.1.171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.1.172"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.6.138"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.12.87"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.18.28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"7.0.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a6cb440f274a22456ef3e86b457344f1678f38f9"},{"url":"https://git.kernel.org/stable/c/ab8b995323e5237041472d07e5055f5f7dcdf15b"},{"url":"https://git.kernel.org/stable/c/fe785bb3a8096dffcc4048a85cd0c83337eeecad"},{"url":"https://git.kernel.org/stable/c/5d55c7336f8032d434adcc5fab987ccc93a44aec"},{"url":"https://git.kernel.org/stable/c/8253aab4659ca16116b522203c2a6b18dccacea7"},{"url":"https://git.kernel.org/stable/c/50ed1e7873100f77abad20fd31c51029bc49cd03"},{"url":"https://git.kernel.org/stable/c/b54edf1e9a3fd3491bdcb82a21f8d21315271e0d"},{"url":"https://git.kernel.org/stable/c/71a1d9d985d26716f74d21f18ee8cac821b06e97"},{"url":"https://git.kernel.org/stable/c/52646cbd00e765a6db9c3afe9535f26218276034"},{"url":"https://git.kernel.org/stable/c/f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4"}],"title":"xfrm: esp: avoid in-place decrypt on shared skb frags","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-05-26T17:32:27.236Z"},"references":[{"url":"http://www.openwall.com/lists/oss-security/2026/05/08/7"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/13/6"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/14/2"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/14/4"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2026-43284-detection-script-dirty-frag-linux-kernel-local-privilege-escalation"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2026-43284-mitigation-script-dirty-frag-linux-kernel-local-privilege-escalation"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-123","lang":"en","description":"CWE-123 Write-what-where Condition"}]}],"references":[{"url":"https://github.com/V4bel/dirtyfrag","tags":["exploit"]}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-05-08T00:00:00+00:00","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-43284"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-09T03:55:46.272Z"}},{"affected":[{"cpes":["cpe:/a:redhat:enterprise_linux_nvidia:10::el10"],"defaultStatus":"affected","product":"NVIDIA for RHEL 10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.12::el8"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.12","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.13::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.13","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.14::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.15::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.15","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.16::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.16","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.18::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.18","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.19::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.19","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.20::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.20","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.21::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.21","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.9.0)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_e4s:8.6::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.6)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.6)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_e4s:9.0::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::crb"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CRB (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.4::crb"],"defaultStatus":"affected","product":"Red Hat CodeReady Linux Builder EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"],"defaultStatus":"affected","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::crb"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux NFV (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.0::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux NFV E4S (v.9.0)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.4::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux RT (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.0::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time E4S (v.9.0)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.4::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"}],"datePublic":"2026-05-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The xfrm-ESP variant requires unprivileged user or network namespace creation, while the RxRPC variant depends on the rxrpc module being available on the target system."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-123","description":"Write-what-where Condition","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-43284"},{"name":"RHBZ#2467771","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467771"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43284.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17795"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:33486"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16180"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21695"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26542"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16176"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23233"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16171"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16160"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16161"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16157"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16155"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16314"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16062"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19569"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19074"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16202"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16328"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16100"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16312"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16206"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19568"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19225"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16195"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19574"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16201"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16204"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19564"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16061"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19572"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19575"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19573"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19577"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:18025"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16196"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16203"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16254"}],"solutions":[{"lang":"en","value":"RHSA-2026:17795: NVIDIA for RHEL 10"},{"lang":"en","value":"RHSA-2026:33486: NVIDIA for RHEL 10"},{"lang":"en","value":"RHSA-2026:16180: Red Hat OpenShift Container Platform 4.12"},{"lang":"en","value":"RHSA-2026:21695: Red Hat OpenShift Container Platform 4.12"},{"lang":"en","value":"RHSA-2026:26542: Red Hat OpenShift Container Platform 4.13"},{"lang":"en","value":"RHSA-2026:16176: Red Hat OpenShift Container Platform 4.14"},{"lang":"en","value":"RHSA-2026:23233: Red Hat OpenShift Container Platform 4.15"},{"lang":"en","value":"RHSA-2026:16171: Red Hat OpenShift Container Platform 4.16"},{"lang":"en","value":"RHSA-2026:16160: Red Hat OpenShift Container Platform 4.18"},{"lang":"en","value":"RHSA-2026:16161: Red Hat OpenShift Container Platform 4.19"},{"lang":"en","value":"RHSA-2026:16157: Red Hat OpenShift Container Platform 4.20"},{"lang":"en","value":"RHSA-2026:16155: Red Hat OpenShift Container Platform 4.21"},{"lang":"en","value":"RHSA-2026:16314: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"},{"lang":"en","value":"RHSA-2026:16062: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"},{"lang":"en","value":"RHSA-2026:19569: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"},{"lang":"en","value":"RHSA-2026:19074: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"},{"lang":"en","value":"RHSA-2026:16202: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"},{"lang":"en","value":"RHSA-2026:16328: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"},{"lang":"en","value":"RHSA-2026:16100: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"},{"lang":"en","value":"RHSA-2026:16312: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:16206: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"},{"lang":"en","value":"RHSA-2026:19568: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"},{"lang":"en","value":"RHSA-2026:19225: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"},{"lang":"en","value":"RHSA-2026:16195: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"},{"lang":"en","value":"RHSA-2026:19574: Red Hat Enterprise Linux BaseOS (v. 8)"},{"lang":"en","value":"RHSA-2026:16201: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"},{"lang":"en","value":"RHSA-2026:16204: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"},{"lang":"en","value":"RHSA-2026:19564: Red Hat Enterprise Linux BaseOS E4S (v.8.6)"},{"lang":"en","value":"RHSA-2026:16061: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"},{"lang":"en","value":"RHSA-2026:19572: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"},{"lang":"en","value":"RHSA-2026:19575: Red Hat Enterprise Linux BaseOS E4S (v.9.0)"},{"lang":"en","value":"RHSA-2026:19573: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"},{"lang":"en","value":"RHSA-2026:19577: Red Hat Enterprise Linux BaseOS EUS (v.9.4)"},{"lang":"en","value":"RHSA-2026:18025: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:16196: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"},{"lang":"en","value":"RHSA-2026:16203: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"},{"lang":"en","value":"RHSA-2026:16254: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"}],"timeline":[{"lang":"en","time":"2026-05-07T15:56:04.044Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-07T00:00:00.000Z","value":"Made public."}],"title":"kernel: \"Dirty Frag\" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel","workarounds":[{"lang":"en","value":"See the security bulletin for a detailed mitigation procedure."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-01T12:05:07.760Z"}}]}}