The "Dirty Frag" vulnerability (CVE-2026-43284) is a Local Privilege Escalation (LPE) flaw in the Linux kernel's ESP XFRM component, allowing an attacker to gain elevated privileges on a compromised host. It has a CVSS 3.1 score of 8.8 (High). Affected versions include Linux kernel 4.11 through 5.10.254, 5.12 through 5.15.204, 5.16 through 6.1.170, 6.2 through 6.6.137, and 6.7 through 6.12.86, with fixes available in kernel versions 5.10.255, 5.15.205, 6.1.171, 6.6.138, 6.12.87, and subsequent major version releases.
Red Hat Product Errata RHSA-2026:16100 - Security Advisory Issued: 2026-05-11 Updated: 2026-05-11 RHSA-2026:16100 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2467771 - CVE-2026-43284 kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel CVEs CVE-2026-43284 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM kernel-5.14.0-427.125.1.el9_4.src.rpm SHA-256: 338c33ff436b9ff331d57f4135d92b6ec61145aef6181cfbab11ee77b5e7d700 x86_64 bpftool-7.3.0-427.125.1.el9_4.x86_64.rpm SHA-256: 20025384da362e4def457f759f41a06399ac7e378f58bc76dd9a87d5317cc108 bpftool-debuginfo-7.3.0-427.125.1.el9_4.x86_64.rpm SHA-256: 061ead3a27df111db4265e6a6d75ea5ede57f1d965364fbc1ecef23a7521a239 bpftool-debuginfo-7.3.0-427.125.1.el9_4.x86_64.rpm SHA-256: 061ead3a27df111db4265e6a6d75ea5ede57f1d965364fbc1ecef23a7521a239 bpftool-debuginfo-7.3.0-427.125.1.el9_4.x86_64.rpm SHA-256: 061ead3a27df111db4265e6a6d75ea5ede57f1d965364fbc1ecef23a7521a239 bpftool-debuginfo-7.3.0-427.125.1.el9_4.x86_64.rpm SHA-256: 061ead3a27df111db4265e6a6d75ea5ede57f1d965364fbc1ecef23a7521a239 kernel-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: edd3fb097fe178bbf664943dfb937f14338a1f886f8106699d94bda52f093f95 kernel-abi-stablelists-5.14.0-427.125.1.el9_4.noarch.rpm SHA-256: fffd64db5c52c4b4c3dedd8e237c02b74fd5c78d9e07562d524cb421d7de83df kernel-core-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 5c8c77b7715c32d57fe9a13f289c6f6d93d6cb25f4184cb8b9f68776e53b3f45 kernel-debug-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 6cea739f27b4cf8909e071be5d8131cfbb9b16bc1d44e0734fb700fc1554031f kernel-debug-core-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 4d51e93e4f95fb022abcaafcee5f82a2cef707ded12fb971ea44e81095e44b48 kernel-debug-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 450f271342731e97131c0413eb89edb5cb1190659db4fe925762b3f446b4a443 kernel-debug-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 450f271342731e97131c0413eb89edb5cb1190659db4fe925762b3f446b4a443 kernel-debug-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 450f271342731e97131c0413eb89edb5cb1190659db4fe925762b3f446b4a443 kernel-debug-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 450f271342731e97131c0413eb89edb5cb1190659db4fe925762b3f446b4a443 kernel-debug-devel-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 2893712f4d3dbace7e264d41a573b575ba5bc330707ab959731c2e7cd9477685 kernel-debug-devel-matched-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 066430552fe2bb96fb6f5a053ad31619f3434c9694678d206fc9797a012a6ceb kernel-debug-modules-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: d5ac895550be733595fd4d0ea5590c0b33fc9bf201168bd6da2e18af373770c0 kernel-debug-modules-core-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 41798174659c0e649f4a4ea72b36e7841499cc240580dde2f9c871d46d732a28 kernel-debug-modules-extra-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: aedad74730b807c6d5725dfa194694263706f8f44cf1d13fbb4fd37f8018cec0 kernel-debug-uki-virt-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 71223f741254f8e6c3b58a626698ef09a7217c41d2d653ecbb1e0c1a3b4054db kernel-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: f7b089ad63e20efc97d41dd670562adb29760a1a600359d8eb4b67653b311318 kernel-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: f7b089ad63e20efc97d41dd670562adb29760a1a600359d8eb4b67653b311318 kernel-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: f7b089ad63e20efc97d41dd670562adb29760a1a600359d8eb4b67653b311318 kernel-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: f7b089ad63e20efc97d41dd670562adb29760a1a600359d8eb4b67653b311318 kernel-debuginfo-common-x86_64-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 38fbce9b0456b65ed98cf50fa88871eb2317315a257ba6ddec4c83d7969c2c3a kernel-debuginfo-common-x86_64-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 38fbce9b0456b65ed98cf50fa88871eb2317315a257ba6ddec4c83d7969c2c3a kernel-debuginfo-common-x86_64-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 38fbce9b0456b65ed98cf50fa88871eb2317315a257ba6ddec4c83d7969c2c3a kernel-debuginfo-common-x86_64-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 38fbce9b0456b65ed98cf50fa88871eb2317315a257ba6ddec4c83d7969c2c3a kernel-devel-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: e4281cd1c11f945f4b8e40f7d66acffb546d4f93cd0174824a0231c009dddb83 kernel-devel-matched-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: ecb5ad2a166b08da076acf2e7e6443fa93007d337b99e7f61af626fd4e7df623 kernel-doc-5.14.0-427.125.1.el9_4.noarch.rpm SHA-256: 97e85009afab11103c9b0eed98cc05482b354f7e21f6302954a25068609d249e kernel-headers-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: e22596f548c6dd079fb43cbb606acdbce6611a6f58670fb956a21fb649ecde46 kernel-modules-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: f12b527864d4143db7379369d874a692edf7e7f13ea873989ca2f2b190ee7e67 kernel-modules-core-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 7ebdaf19fbb07e48be7ab12e9827fec7c72b0af2a5f8fc7242aa7ad074d292a6 kernel-modules-extra-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: f7043f45038e562c646df3dd85a3412fee481efec95ef351d48e89b9a4cb5fbb kernel-rt-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 3dd674a41992b41fe0c07318c38677747836c343214550b8f8fb95a478986b20 kernel-rt-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 3dd674a41992b41fe0c07318c38677747836c343214550b8f8fb95a478986b20 kernel-rt-core-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 849b2a6ed40a4e20ce018b072e78383d5a9af54a863e787f81558f369b748527 kernel-rt-core-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 849b2a6ed40a4e20ce018b072e78383d5a9af54a863e787f81558f369b748527 kernel-rt-debug-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 9082dbc8b4e0e55c3ebd4c3844c7609e52ce160052af766d39d261744bd2e565 kernel-rt-debug-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 9082dbc8b4e0e55c3ebd4c3844c7609e52ce160052af766d39d261744bd2e565 kernel-rt-debug-core-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 64b3744fb8897a4e81c6e127f5da9c9c527d9f21daf8beeba90267d18b2d8b03 kernel-rt-debug-core-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 64b3744fb8897a4e81c6e127f5da9c9c527d9f21daf8beeba90267d18b2d8b03 kernel-rt-debug-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 98d29a108d324950a82a493d6434a091b0d30be392f70e57c150c263cb81658f kernel-rt-debug-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 98d29a108d324950a82a493d6434a091b0d30be392f70e57c150c263cb81658f kernel-rt-debug-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 98d29a108d324950a82a493d6434a091b0d30be392f70e57c150c263cb81658f kernel-rt-debug-debuginfo-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 98d29a108d324950a82a493d6434a091b0d30be392f70e57c150c263cb81658f kernel-rt-debug-devel-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: e773d640b9ff7a6dc677bf47f7d1286a9292a210b75da23fc67418dcf00853ae kernel-rt-debug-devel-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: e773d640b9ff7a6dc677bf47f7d1286a9292a210b75da23fc67418dcf00853ae kernel-rt-debug-kvm-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: c7b4efd5209299323b0ba64be4a3caeede56340da42dedb8cf7c7ab9a15c2276 kernel-rt-debug-modules-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: f3341c053a141b80fb47b45e271c98fde77db8031177384472758a0d71006486 kernel-rt-debug-modules-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: f3341c053a141b80fb47b45e271c98fde77db8031177384472758a0d71006486 kernel-rt-debug-modules-core-5.14.0-427.125.1.el9_4.x86_64.rpm SHA-256: 4919ae958ad82