The "Dirty Frag" vulnerability (CVE-2026-43284) is a universal Local Privilege Escalation flaw in the Linux kernel's ESP XFRM component, allowing a local attacker to gain root privileges. It has a CVSS v3.1 score of 8.8 (High) and affects kernel versions from 4.11 up to but not including 5.10.255, 5.12 to 5.15.205, 5.16 to 6.1.171, 6.2 to 6.6.138, and 6.7 to 6.12.87. The fix requires upgrading to specific patched kernel versions, such as 5.10.255, 5.15.205, 6.1.171, 6.6.138, 6.12.87, 6.18.28, or 7.0.5, and a system reboot.
Red Hat Product Errata RHSA-2026:17795 - Security Advisory Issued: 2026-05-15 Updated: 2026-05-15 RHSA-2026:17795 - Security Advisory Overview Updated Packages Synopsis Critical: kernel security update Type/Severity Security Advisory: Critical Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for NVIDIA for RHEL 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the NVIDIA for RHEL 10 Release Notes linked from the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for ARM 64 10 aarch64 Fixes BZ - 2467771 - CVE-2026-43284 kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel CVEs CVE-2026-43284 References https://access.redhat.com/security/updates/classification/#critical Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for ARM 64 10 SRPM kernel-6.12.0-211.7.el10nv.src.rpm SHA-256: 33223318c86a12b10634654df76e37350c97d2523428b532313b5acfd2857e16 aarch64 kernel-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 75fc4c63da9d4a0b8edc9bf53eb7d53f7ef833cbc3353126419da12c0cf14fe4 kernel-64k-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 2426cb8e12ad725142fbf3b4c1e9ae4903b0ba8b96aa531743181e84e27cd7fa kernel-64k-core-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: bf9793bf82e1bcc95831e572c6a86ac04be14ff8b6b79069cb5baa38921ffd0c kernel-64k-debug-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 80a39668f40642c448fa7c3f95dfec9898301eae6c8ec57c84c250948de44e0a kernel-64k-debug-core-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: f1a630216d9debad06c96f1502b2e7cd6cbe995bb3d43ac891375a098b9f4ca5 kernel-64k-debug-debuginfo-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 2288cb46660013745cd69cd6db2d1ce60c67f0c22dc1e5eeb3d0004d7f7e0bf9 kernel-64k-debug-modules-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 3fad014e7312e7a4755d2596b5f4b7fd62426ba873932141eb6660796d37dd1a kernel-64k-debug-modules-core-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 0253088f1b778d7e2f5af558eac03ee9e4c838c65e7fe38d415834b2e2cf8e17 kernel-64k-debug-modules-extra-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: b87fe97dfddd98f7adcad7e1acc40735840edacc703b5f031d84a340687df392 kernel-64k-debuginfo-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: cefd59c2ddd3a47ecc2e0430f61db49aea2d7ffb2ba95825a206700811efb89b kernel-64k-modules-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: dbca0eef922a9ca3d5777ae3c1aa0021daafb04bb98be32f582d7c2adc6ef2b7 kernel-64k-modules-core-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 923df9018437b630b27f507089188f57171e692d235473bf2db94688b1d4ff26 kernel-64k-modules-extra-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 128d424bc83ca0d114ad68968f8f922b7be0e448f05125a6e4fcf0c2de0d1a55 kernel-abi-stablelists-6.12.0-211.7.el10nv.noarch.rpm SHA-256: 8d53807ea4303a67ba717a0882e561083cf64ecebe9b1e321a80de6ad3623337 kernel-core-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 21c4c11d60cddaa9073f57a33beb0937baae2ce8a9e2f1648d51592f90440857 kernel-debug-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 56810e2fc1ea6fa675edf03fa0be867356b150fdbc24e828f1bc0ae95775cf3a kernel-debug-core-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 9cfe263c00dff008488be9756f13dbd1f739408c0fefec124bf36c8dd44b2ca1 kernel-debug-debuginfo-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 7d0ee7752c9525b59e5e133defe8f01d6cd76502a33dd706eeebfb5cee49a4ad kernel-debug-devel-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 0373fe4ac9e7101b749dc86614aae5e884ff57382a3408a844d086abf07878fb kernel-debug-devel-matched-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: fbaf64bd82a8d5d31e269ae373cc6904b1159e0229eb077ff6965e8027e221d6 kernel-debug-modules-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 1384fac7b22565991f3a542668ce493fc23af7bdc74c35c6a2dac7d8e415944a kernel-debug-modules-core-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 2ceef2f500d90af1ff6363a1751c53f8d31158121664162dbfe200115a7cf1ca kernel-debug-modules-extra-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 97c3c79d92aad710b0c0c8325d088e031c1c5e7d03a08af4f4df17a3b7d03529 kernel-debuginfo-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: c63782cfa1533af40a9660b36a0df3ad7410874f76b682a297cb1ccabe397d23 kernel-debuginfo-common-aarch64-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: ae2a456cc164e7e6a9407dbb4870f53f6bb8fe9957c233de4b7554cfbaec96fb kernel-devel-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 2b26955c24cb3059b629a9a86b93faed692ce0309d2955604912184a659744bf kernel-devel-matched-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 7627817b39b91f4aa7a6aa02b355bf1e04c8748af800e2116e5a06f73f5b4e4b kernel-doc-6.12.0-211.7.el10nv.noarch.rpm SHA-256: db35287c3e7baea36085f369466552ef89b01ab15dba04b69d05b62083f0eb22 kernel-headers-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 972d1f0704adcec28f514a4c2ff4011a1fafc4189daa2f85695f5d5b4a45237f kernel-modules-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 26f1bb67bd57df3d0b20c16db64f8d64934f114262e75d54688c0d6182b419a0 kernel-modules-core-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 93c5e4c31cc18a624c8cb508a526535cb6edd0a34e8d6fa948038b615f42a32f kernel-modules-extra-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 74195dfd8ddc262aaa286b124c1baaffdd7203192880807e71ca3c5740fe9a53 kernel-modules-extra-matched-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: b97d69e6b80a09e026acdb8eb572ee5b0e93bc9d44b149cc77a588bcda39a9e8 kernel-tools-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 54ec9c54f092198de1b384b32aaa074042446d77d190e58e41f21a5ea56a544a kernel-tools-debuginfo-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: fd92424996145951c3a07af4256a48fbf0160b998bab30b3df5e2aa1665a8c7f kernel-tools-libs-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 031a533e90399b5c40fe2a357b390540ea65350b41a0ae1b3e5893935680db40 kernel-uki-virt-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: bf1eedc56172d4dec14489ed091b648532cc723c8b6e067484312a00eba2c9c9 kernel-uki-virt-addons-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: c35e3c8157270e0d9e910e45954ff41d0f99689b8342255ccfd990d67dbe285f libperf-debuginfo-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: b1a2936bd1a090c57cd68863e9beffc20a927b2fe24b1bdcd42234ed5b6db3bf perf-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: f3c1441745c4d53136ae3008843421e97c789d21bf85c66c1fb72cbc4e213aca perf-debuginfo-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 49a0098f2be86fa7347730141a0e973eae5b7e2d37ad33b8878e75573738e3a7 python3-perf-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 01c867051e495854f8ca83b99c8585771475782b8def220250e7c6392e41fd57 python3-perf-debuginfo-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 0242628f5595286d03bd34a07876e8db3442f5f37bb5798623d5a742024daaf1 rtla-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 1223c53c7a0e623c83563e5d83dfb6801578b0c54fdd0750699dbbec88fc8a1a rv-6.12.0-211.7.el10nv.aarch64.rpm SHA-256: 148ce96cf61676da3e93e86064c5c55abf6382148798f1fbd038b32a99473557 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .