The "Dirty Frag" vulnerability (CVE-2026-43284, CVSS 8.8 High) is a universal Local Privilege Escalation flaw in the Linux kernel's ESP XFRM component. Affected versions include Linux kernel 4.11 through 5.10.254, 5.12 through 5.15.204, 5.16 through 6.1.170, 6.2 through 6.6.137, and 6.7 through 6.12.86. Red Hat has released live patch modules (kpatch-patch) for Red Hat Enterprise Linux 9.6 Extended Update Support to address this issue without a full reboot.
Red Hat Product Errata RHSA-2026:18025 - Security Advisory Issued: 2026-05-18 Updated: 2026-05-18 RHSA-2026:18025 - Security Advisory Overview Updated Packages Synopsis Important: kpatch-patch-5_14_0-570_17_1, kpatch-patch-5_14_0-570_39_1, kpatch-patch-5_14_0-570_66_1, and kpatch-patch-5_14_0-570_94_1 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for multiple packages is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module is targeted for kernel-5.14.0-570.17.1.el9_6. Security Fix(es): kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Fixes BZ - 2467771 - CVE-2026-43284 kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel CVEs CVE-2026-43284 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM kpatch-patch-5_14_0-570_17_1-1-14.el9_6.src.rpm SHA-256: 252e9f9f273282fea986ce5f6cf46de00cc33ee8cc07d8e54b2c02cb84573e6f kpatch-patch-5_14_0-570_39_1-1-5.el9_6.src.rpm SHA-256: 9593a689b42418e221d1be8be53bf2c7a8c4303a6bdcbdde6d6739d3377b4e79 kpatch-patch-5_14_0-570_66_1-1-4.el9_6.src.rpm SHA-256: 89b94eec893d0d0c2e372f4e9621806c8681da486128b0a70b084f6dc6586923 kpatch-patch-5_14_0-570_94_1-1-2.el9_6.src.rpm SHA-256: 603489f27172355b87976222cb6e55a1a4fab79540b8d79dfcf81c0825c0a646 x86_64 kpatch-patch-5_14_0-570_17_1-1-14.el9_6.x86_64.rpm SHA-256: de3504b60ed0e7deaaab755fc891e6308316a55cb0dff99287b25a775756b3e4 kpatch-patch-5_14_0-570_17_1-debuginfo-1-14.el9_6.x86_64.rpm SHA-256: 8020dccdf116057ed5aae8ac13d4aaa0fd0a47f78169d6d2024c34d5cb128c54 kpatch-patch-5_14_0-570_17_1-debugsource-1-14.el9_6.x86_64.rpm SHA-256: c839ee118bef2c6ad7614766345e219f83e4014ca04b14ee69f2a44839332e52 kpatch-patch-5_14_0-570_39_1-1-5.el9_6.x86_64.rpm SHA-256: 290f3f19d648ba594f3a8ea9bb629019b09c8085a69dd5848c1a0673e28f89a0 kpatch-patch-5_14_0-570_39_1-debuginfo-1-5.el9_6.x86_64.rpm SHA-256: 2de289a8b1c6a3f5d503c59e7e3c2fccb9dfac5b265b8f27b5e43380a245aae1 kpatch-patch-5_14_0-570_39_1-debugsource-1-5.el9_6.x86_64.rpm SHA-256: 9b1adaba7bb472e6dc392432295726a6729eb9a13a776f198818df0dd8371f69 kpatch-patch-5_14_0-570_66_1-1-4.el9_6.x86_64.rpm SHA-256: 2cb6c97b2f0f605ef2e706c79163e3c648f968b7a034379849c66004b505175c kpatch-patch-5_14_0-570_66_1-debuginfo-1-4.el9_6.x86_64.rpm SHA-256: c279cba03eb4eb8261428381cbd2ccef1dac96d02c371a8925619908dc158f58 kpatch-patch-5_14_0-570_66_1-debugsource-1-4.el9_6.x86_64.rpm SHA-256: c7ab683c1ff931851804ebd5c1a9a822ac3eadbd0b325f49deb895e6de7df1d5 kpatch-patch-5_14_0-570_94_1-1-2.el9_6.x86_64.rpm SHA-256: 012b51b5f493b56199cea7583b893779bce028e2afc340cbd311733f970dd8ed kpatch-patch-5_14_0-570_94_1-debuginfo-1-2.el9_6.x86_64.rpm SHA-256: a739c98a3f7e73abc912f1c231fe5469bf9723faaff09bcee0b0ab2cc34983c7 kpatch-patch-5_14_0-570_94_1-debugsource-1-2.el9_6.x86_64.rpm SHA-256: a6ee9daa98e223394b4c1cbb65866ef94b5d9b1bccfa670f98046e5372f4b297 Red Hat Enterprise Linux Server - AUS 9.6 SRPM kpatch-patch-5_14_0-570_17_1-1-14.el9_6.src.rpm SHA-256: 252e9f9f273282fea986ce5f6cf46de00cc33ee8cc07d8e54b2c02cb84573e6f kpatch-patch-5_14_0-570_39_1-1-5.el9_6.src.rpm SHA-256: 9593a689b42418e221d1be8be53bf2c7a8c4303a6bdcbdde6d6739d3377b4e79 kpatch-patch-5_14_0-570_66_1-1-4.el9_6.src.rpm SHA-256: 89b94eec893d0d0c2e372f4e9621806c8681da486128b0a70b084f6dc6586923 kpatch-patch-5_14_0-570_94_1-1-2.el9_6.src.rpm SHA-256: 603489f27172355b87976222cb6e55a1a4fab79540b8d79dfcf81c0825c0a646 x86_64 kpatch-patch-5_14_0-570_17_1-1-14.el9_6.x86_64.rpm SHA-256: de3504b60ed0e7deaaab755fc891e6308316a55cb0dff99287b25a775756b3e4 kpatch-patch-5_14_0-570_17_1-debuginfo-1-14.el9_6.x86_64.rpm SHA-256: 8020dccdf116057ed5aae8ac13d4aaa0fd0a47f78169d6d2024c34d5cb128c54 kpatch-patch-5_14_0-570_17_1-debugsource-1-14.el9_6.x86_64.rpm SHA-256: c839ee118bef2c6ad7614766345e219f83e4014ca04b14ee69f2a44839332e52 kpatch-patch-5_14_0-570_39_1-1-5.el9_6.x86_64.rpm SHA-256: 290f3f19d648ba594f3a8ea9bb629019b09c8085a69dd5848c1a0673e28f89a0 kpatch-patch-5_14_0-570_39_1-debuginfo-1-5.el9_6.x86_64.rpm SHA-256: 2de289a8b1c6a3f5d503c59e7e3c2fccb9dfac5b265b8f27b5e43380a245aae1 kpatch-patch-5_14_0-570_39_1-debugsource-1-5.el9_6.x86_64.rpm SHA-256: 9b1adaba7bb472e6dc392432295726a6729eb9a13a776f198818df0dd8371f69 kpatch-patch-5_14_0-570_66_1-1-4.el9_6.x86_64.rpm SHA-256: 2cb6c97b2f0f605ef2e706c79163e3c648f968b7a034379849c66004b505175c kpatch-patch-5_14_0-570_66_1-debuginfo-1-4.el9_6.x86_64.rpm SHA-256: c279cba03eb4eb8261428381cbd2ccef1dac96d02c371a8925619908dc158f58 kpatch-patch-5_14_0-570_66_1-debugsource-1-4.el9_6.x86_64.rpm SHA-256: c7ab683c1ff931851804ebd5c1a9a822ac3eadbd0b325f49deb895e6de7df1d5 kpatch-patch-5_14_0-570_94_1-1-2.el9_6.x86_64.rpm SHA-256: 012b51b5f493b56199cea7583b893779bce028e2afc340cbd311733f970dd8ed kpatch-patch-5_14_0-570_94_1-debuginfo-1-2.el9_6.x86_64.rpm SHA-256: a739c98a3f7e73abc912f1c231fe5469bf9723faaff09bcee0b0ab2cc34983c7 kpatch-patch-5_14_0-570_94_1-debugsource-1-2.el9_6.x86_64.rpm SHA-256: a6ee9daa98e223394b4c1cbb65866ef94b5d9b1bccfa670f98046e5372f4b297 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM kpatch-patch-5_14_0-570_17_1-1-14.el9_6.src.rpm SHA-256: 252e9f9f273282fea986ce5f6cf46de00cc33ee8cc07d8e54b2c02cb84573e6f kpatch-patch-5_14_0-570_39_1-1-5.el9_6.src.rpm SHA-256: 9593a689b42418e221d1be8be53bf2c7a8c4303a6bdcbdde6d6739d3377b4e79 kpatch-patch-5_14_0-570_66_1-1-4.el9_6.src.rpm SHA-256: 89b94eec893d0d0c2e372f4e9621806c8681da486128b0a70b084f6dc6586923 kpatch-patch-5_14_0-570_94_1-1-2.el9_6.src.rpm SHA-256: 603489f27172355b87976222cb6e55a1a4fab79540b8d79dfcf81c0825c0a646 ppc64le kpatch-patch-5_14_0-570_17_1-1-14.el9_6.ppc64le.rpm SHA-256: 0cb1834ba2f5344d69f8fa5e5ead9b960ed79d7c60571a1f671051a310e81142 kpatch-patch-5_14_0-570_17_1-debuginfo-1-14.el9_6.ppc64le.rpm SHA-256: 663debd1ecb9f1f2447ecf2e9c79857c217bc58002b40854a22964803b4b604d kpatch-patch-5_14_0-570_17_1-debugsource-1-14.el9_6.ppc64le.rpm SHA-256: db0e6da754787bdd386b5294dbac2cc9067f17b762bab9147c52efcaf752d499 kpatch-patch-5_14_0-570_39_1-1-5.el9_6.ppc64le.rpm SHA-256: cbb686059065c238a4473da5e3dad90de37c8c9a79d1ef1870b1bf94737552c7 kpatch-patch-5_14_0-570_39_1-debuginfo-1-5.el9_6.ppc64le.rpm SHA-256: fe605e90988bb7e1c72e0e33a0b1a979a29f2696038236c339d708b895d9a1e1 kpatch-patch-5_14_0-570_39_1-debugsource-1-5.el9_6.ppc64le.rpm SHA-256: ee253eb04bd63c2015b15f47481865f8e4eaebc5565531b6efc6088346a77af1 kpatch-patch-5_14_0-570_66_1-1-4.el9_6.ppc64le.rpm SHA-256: ead8d0786f4346ecd648026b69ae477cd72ef055a51620b116ac2a5cbca31fcc kpatch-patch-5_14_0-570_66_1-debuginfo-1-4.el9_6.ppc64le.rpm SHA-256: 6f1d288b1cdf377fcc86a27816daa3e2373a3aeeedd8adb8f7cfe819a9aa3518 kpatch-patch-5_14_0-570_66_1-debugsource-1-4.el9_6.ppc64le.rpm SHA-256: ad36019afdd95bb8e9423c7442294eb42f5469ebcc0dce51c16274504a61437c kpatch-patch-5_14_0-570_94_1-1-2.el9_6.ppc64le.rpm SHA-256: 5bba4b31e1ad82a0b70627b0c54b1a5ea1da0211efa76ac9afa4f0965a1fc3a9 kpatch-patch-5_14_0-570_94_1-debuginfo-1-2.el9_6.ppc64le.rpm SHA-256: 94faa36d7fc6ac3cff0c2b78bf1b116cb022e090653c0266941e4e544b31766d kpatch-patch-5_14_0-570_94_1-debugsource-1-2.el9_6.ppc64le.rpm SHA-256: 553327880498d8fd64d7d46c6e77ace8c990b24c07c81dfe0c1608725e139c56 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM kpatch-patch-5_14_0-570_17_1-1-14.el9_6.src.rpm SHA-256: 252e9f9f273282fea986ce5f6cf46de00cc33ee8cc07d8e54b2c02cb84573e6f kpatch-patch-5_14_0-570_39_1-1-5.el9_6.src.rpm SHA-256: 9593a689b42418e221d1be8be53bf2c7a8c4303a6bdcbdde6d6739d3377b4e79 kpatch-patch-5_14_0-570_66_1-1-4.el9_6.src.rpm SHA-256: 89b94eec893d0d0c2e372f4e9621806c8681da486128b0a70b084f6dc6586923 kpatch-patch-5_14_0-570_94_1-1-2.el9_6.src.rpm SHA-256: 603489f27172355b87976222cb6e55a1a4fab79540b8d79dfcf81c0825c0a646 ppc64le kpatch-patch-5_14_0-570_17_1-1-14.el9_6.ppc64le.rpm SHA-256: 0cb1834ba2f5344d69f8fa5e5ead9b960ed79d7c60571a1f671051a310e81142 kpatch-patch-5_14_0-570_17_1-debuginfo-1-14.el9_6.ppc64le.rpm SHA-256: 663debd1ecb9f1f2447ecf2e9c79857c217bc58002b40854a22964803b4b604d kpatch-patch-5_14_0-570_17_1-debugsource-1-14.el9_6.ppc64le.rpm SHA-256: db0e6da754787bdd386b5294dbac2cc9067f17b762bab9147c52efcaf752d499 kpatch-patch-5_14_0-570_39_1-1-5.el9_6.ppc64le.rpm SHA-256: cbb686059065c238a4473da5e3dad90de37c8c9a79d1ef1870b1bf947