Red Hat has released an important kernel security update addressing CVE-2026-43284 ("Dirty Frag"), a universal Local Privilege Escalation (LPE) vulnerability in the ESP XFRM subsystem with a CVSS 3.1 score of 8.8 (High). The vulnerability affects Linux kernel versions from 4.11 up to, but not including, the fixed versions listed for each major branch (e.g., versions 4.11 through <5.10.255, 5.12 through <5.15.205). The fix requires applying the provided kernel update package and rebooting the system.
Red Hat Product Errata RHSA-2026:16328 - Security Advisory Issued: 2026-05-12 Updated: 2026-05-12 RHSA-2026:16328 - Security Advisory Overview Updated Packages Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2467771 - CVE-2026-43284 kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel CVEs CVE-2026-43284 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM kernel-5.14.0-284.170.1.el9_2.src.rpm SHA-256: b40ee0f60a47ddbc2a9c39ebf45026c1462fc1337316cb57bbfb8829b730285a x86_64 bpftool-7.0.0-284.170.1.el9_2.x86_64.rpm SHA-256: 8ff3ffd8b616813f384bae8535b3651cc38da564a6a69193a20de530c34f9d01 bpftool-debuginfo-7.0.0-284.170.1.el9_2.x86_64.rpm SHA-256: 7f734b742176899a146626bcfc53ee51a4e9fbbc55d1c9f8aa744662e5cde3f2 bpftool-debuginfo-7.0.0-284.170.1.el9_2.x86_64.rpm SHA-256: 7f734b742176899a146626bcfc53ee51a4e9fbbc55d1c9f8aa744662e5cde3f2 kernel-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: e79522459274ea51f0a865370bf11ae2114474a51527872785329ee5714c2371 kernel-abi-stablelists-5.14.0-284.170.1.el9_2.noarch.rpm SHA-256: a871979494c49ebc37592e05dc22ac58f7cb9b159f68618d64b0a58c72a056be kernel-core-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: f2e82efb017f66b948fe19f65a1cb4d62fdc54aae8197424348f1b3f8bdf42f7 kernel-debug-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 96a984da78f03c4ade23e1024dff8c94a2ebd2ec9fe3ca8b00bf3ea2f46c271c kernel-debug-core-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 5c957b74988c1b48eb9d003a2a9ffdf57a8f8e6b0c8b23b6c536ea6957ac6128 kernel-debug-debuginfo-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 2786874ead6b77bd9b979a06374440ac9519c4342b1f49662475d993263788dc kernel-debug-debuginfo-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 2786874ead6b77bd9b979a06374440ac9519c4342b1f49662475d993263788dc kernel-debug-devel-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: ef00ff70de415b5cb3d6449b53084e471a75251ae120c5a7d595be5860beed34 kernel-debug-devel-matched-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: b41c0d11e148c251c52875b960b39fab7075dbe8eb2da611f49fa0a8d91f65b0 kernel-debug-modules-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 55d0a2171c1a246abbfc22eb8e94dacecfdfaf08b8ee3bab8fcaeba82a6d7c05 kernel-debug-modules-core-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 49ff0577f22f1aa8055cc20f8c212d10204457177cb3011c5e7161abe2bd885f kernel-debug-modules-extra-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: f0d78356e7bf913e59847620da8c658df828ae575fc0591f975cc9e860ff65df kernel-debug-uki-virt-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: a6b5943b2d0c9caa9ce2b605d804fb3bee5ea73fc6590f82b98eec6232ab0fd3 kernel-debuginfo-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 3c5eb37c284ba530bfb24e86978f81c7a2dca1602fa223ef45b3ce1cf0f73426 kernel-debuginfo-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 3c5eb37c284ba530bfb24e86978f81c7a2dca1602fa223ef45b3ce1cf0f73426 kernel-debuginfo-common-x86_64-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 7d3b878251a7c7bd92b964ebdd5a0b490541d53611200c2e2e68221cd343e3e2 kernel-debuginfo-common-x86_64-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 7d3b878251a7c7bd92b964ebdd5a0b490541d53611200c2e2e68221cd343e3e2 kernel-devel-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: aeaf904a3497acb1b8214ccb144651a1c72bb0d70a3dc4b6a569af823962fdad kernel-devel-matched-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: ac2ab90056698cb24cec74803cd96566d0f6c8576515f54b4b6187fdab83552b kernel-doc-5.14.0-284.170.1.el9_2.noarch.rpm SHA-256: 9ec2b7ee2380a438d2f70f82f5680265670287a1ec73996e4ccdb5ea383257e8 kernel-headers-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: f49f6409a7df07167ef03eca8358213c54728c9cd519fed5901ce08aacb0fe5a kernel-modules-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: f883027b44f9eae1083a123a1be95be62d5283abc3596942b395e0045f030097 kernel-modules-core-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 12cc387d42ec977577043a5106112fefcd3547119acfb72dc7388a2d4075e97e kernel-modules-extra-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: dc41fbd742b64f9a7190202b72dacbec09eac5bb9252599c760c9c189059cbbf kernel-tools-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: eef2edbd4429728988f5e1148efa4e247c7dace215445011e49ff19a187cd12e kernel-tools-debuginfo-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 3033b56eb5f191859cc18faa9cd472842bb196fff9e6894441caf2c5ee66d943 kernel-tools-debuginfo-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 3033b56eb5f191859cc18faa9cd472842bb196fff9e6894441caf2c5ee66d943 kernel-tools-libs-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: d80676e7790c5fe8c3f893113f59b7e8394312780d8f6b7a057f2fa767c092f8 kernel-uki-virt-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 001bc3ad078818ba5438f453bb335d715516447509674546a301398978057386 perf-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: c95b4ca72f86b15efeeebfd7ad6f7fe9c43dc6d788ae481756cf359d37feef61 perf-debuginfo-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: b8561fe50fcc813183c0c8e994cdccbfcc0fab8e43544af0de4ef233aa7708be perf-debuginfo-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: b8561fe50fcc813183c0c8e994cdccbfcc0fab8e43544af0de4ef233aa7708be python3-perf-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: 63d92f7f71dc90d56f8caea0e4ec45da2ecb345f457755f5cec85422a8aa054c python3-perf-debuginfo-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: acb01782478083a51ec88773606ceb090b1d40f91a8b74ca50a376507a0ed8fd python3-perf-debuginfo-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: acb01782478083a51ec88773606ceb090b1d40f91a8b74ca50a376507a0ed8fd rtla-5.14.0-284.170.1.el9_2.x86_64.rpm SHA-256: e5b9c2ebf9d1fa1ec8e1efe63ab14b472dac40640f2e4200216f1f61059aea79 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM kernel-5.14.0-284.170.1.el9_2.src.rpm SHA-256: b40ee0f60a47ddbc2a9c39ebf45026c1462fc1337316cb57bbfb8829b730285a ppc64le bpftool-7.0.0-284.170.1.el9_2.ppc64le.rpm SHA-256: 73416198441c849980a3578d824bd1608071352e169a3169acd54bb057a74103 bpftool-debuginfo-7.0.0-284.170.1.el9_2.ppc64le.rpm SHA-256: 92fa5677e5d68e0cb2994e2fd1efad034528b0a8eeb8d2948957914ff5c42e67 bpftool-debuginfo-7.0.0-284.170.1.el9_2.ppc64le.rpm SHA-256: 92fa5677e5d68e0cb2994e2fd1efad034528b0a8eeb8d2948957914ff5c42e67 kernel-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: 533e7355d0eedac843f1d131e757f16044887b741ceecf803503102c205a0492 kernel-abi-stablelists-5.14.0-284.170.1.el9_2.noarch.rpm SHA-256: a871979494c49ebc37592e05dc22ac58f7cb9b159f68618d64b0a58c72a056be kernel-core-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: 42d4604c0690631bfd2734e4e48ffb253ce0b1cab7e0a6d287ba4c38fbcf776d kernel-debug-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: 236c3e02c07caf04ded55b98590409cb4eb82fcae393e8a8aa90cbe6a883ae83 kernel-debug-core-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: bfced3c5c562d99607065769e260d7ecc0a310a7bccff6e4cf234a73ef917599 kernel-debug-debuginfo-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: 7cb8edd8137ae6629b64c97711a58b3fefde58c2c18d6e1e026ed7b223611d23 kernel-debug-debuginfo-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: 7cb8edd8137ae6629b64c97711a58b3fefde58c2c18d6e1e026ed7b223611d23 kernel-debug-devel-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: ecceee6d9cede4ac766efdf24b63186376775676978940ea7d31b5a89670f451 kernel-debug-devel-matched-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: 5f84daaf8fa478192b690e394a9dc6120b04b31015a5e8f34fa78b8118c3e864 kernel-debug-modules-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: d54a9a47ef511b60cedc56810b58a7ed6c20d818a57564eec34f2385b9b95198 kernel-debug-modules-core-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: a5ec8c9448c1213066506fb95889b45ae50d069b12737463a6a1e27b676577e1 kernel-debug-modules-extra-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: 6b6a8d8ebd85f5cef734a4fb30644fa50bf2fff31fe9ae25393ccbd7f6b719c2 kernel-debuginfo-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: ce8be6a88dd6a86f1828703e036b53054c5c05bf18344570c9236c795507bfa5 kernel-debuginfo-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: ce8be6a88dd6a86f1828703e036b53054c5c05bf18344570c9236c795507bfa5 kernel-debuginfo-common-ppc64le-5.14.0-284.170.1.el9_2.ppc64le.rpm SHA-256: 0d25268a0bb79609a54703c82ef4628