The "Dirty Frag" vulnerability (CVE-2026-43284, CVSS 8.8 HIGH) is a universal Local Privilege Escalation (LPE) flaw in the Linux kernel's ESP XFRM subsystem, allowing local attackers to gain root privileges. Affected versions include Linux kernel 4.11 to 5.10.254, 5.12 to 5.15.204, 5.16 to 6.1.170, 6.2 to 6.6.137, and 6.7 to 6.12.86. Red Hat has released live patch modules for RHEL 8.8 Update Services for SAP Solutions, while upstream fixes are available in kernel versions 5.10.255, 5.15.205, 6.1.171, 6.6.138, 6.12.87, 6.18.28, and 7.0.5.
Red Hat Product Errata RHSA-2026:19572 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19572 - Security Advisory Overview Updated Packages Synopsis Important: kpatch-patch-4_18_0-477_107_1, kpatch-patch-4_18_0-477_120_1, kpatch-patch-4_18_0-477_130_1, kpatch-patch-4_18_0-477_89_1, and kpatch-patch-4_18_0-477_97_1 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for multiple packages is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module is targeted for kernel-4.18.0-477.89.1.el8_8. Security Fix(es): kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64 Fixes BZ - 2467771 - CVE-2026-43284 kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel CVEs CVE-2026-43284 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 SRPM kpatch-patch-4_18_0-477_107_1-1-5.el8_8.src.rpm SHA-256: 797cc1aa7bf2fe7c590906246966548389604bbbeba233a9277a7c4c7c45fc27 kpatch-patch-4_18_0-477_120_1-1-4.el8_8.src.rpm SHA-256: 6b744ca3b16f3e83519e8f3024e8ecc730b6914c187e7e587c8df43f88838321 kpatch-patch-4_18_0-477_130_1-1-2.el8_8.src.rpm SHA-256: ab54f735a4b3775ce4ee8ee16e14e7377faa61df79127d8acac7710e253add01 kpatch-patch-4_18_0-477_89_1-1-11.el8_8.src.rpm SHA-256: 42ec89cec1b1b892003656662fd6e154b9a9403fbf994c3359295030f44d9e25 kpatch-patch-4_18_0-477_97_1-1-9.el8_8.src.rpm SHA-256: 14bf0599553a02f1629b8b6a563e35e4a8cdf18f3fe37b69471540fa81f4c5c7 x86_64 kpatch-patch-4_18_0-477_107_1-1-5.el8_8.x86_64.rpm SHA-256: 5576c337d7c1a77982fef425327b534b75aed64f9f54a403ae063ec567d24c1c kpatch-patch-4_18_0-477_107_1-debuginfo-1-5.el8_8.x86_64.rpm SHA-256: c9322513a1ed09c7cdcb2f505699a09a9fbd5df00c8d1048b00bf182625f69cf kpatch-patch-4_18_0-477_107_1-debugsource-1-5.el8_8.x86_64.rpm SHA-256: 588a2dac0d1b7a1f42437bcc29af5f93ff9cca0f12a1ab9165816e6f148572b1 kpatch-patch-4_18_0-477_120_1-1-4.el8_8.x86_64.rpm SHA-256: 5d32c7983ed211a8aabd9a3464a2a8d0b52e4991f5da433dfa97582149067d63 kpatch-patch-4_18_0-477_120_1-debuginfo-1-4.el8_8.x86_64.rpm SHA-256: 09e895171835af2a3398799fd373075b37f0532ca1546a52f30b3e6795e09a17 kpatch-patch-4_18_0-477_120_1-debugsource-1-4.el8_8.x86_64.rpm SHA-256: 4cb37c30609d61754f1deb19283062969a762e2a9710b6cbf074eb79ab2a973f kpatch-patch-4_18_0-477_130_1-1-2.el8_8.x86_64.rpm SHA-256: 7ca2487d3aa149dc14f39e5ca879319c84dd0b03bc79a99f559e16f7dfff9d74 kpatch-patch-4_18_0-477_130_1-debuginfo-1-2.el8_8.x86_64.rpm SHA-256: 95e1998cefbf7ff3d061505ce9e341d5dd2867c8712de2594ed31f6fbd3c4e2a kpatch-patch-4_18_0-477_130_1-debugsource-1-2.el8_8.x86_64.rpm SHA-256: b78c7cf962d75e3e99334965ff412f9d040fcbcc612e374f103a0b1150210c46 kpatch-patch-4_18_0-477_89_1-1-11.el8_8.x86_64.rpm SHA-256: 798b7489f6d93075aeb51849b6527f63629b67e07fd4bbbddeb7b7db7a7141c5 kpatch-patch-4_18_0-477_89_1-debuginfo-1-11.el8_8.x86_64.rpm SHA-256: 1184262f2c50c230ff9474cd2b5944a7c314217e5a10c74c330013cedfd9477f kpatch-patch-4_18_0-477_89_1-debugsource-1-11.el8_8.x86_64.rpm SHA-256: 0ad2fd9ed73ef1c50326e488c1f8c32a6e1304c513919848a4f3eb881ad84ff7 kpatch-patch-4_18_0-477_97_1-1-9.el8_8.x86_64.rpm SHA-256: 08c681fb18fc6aeb52fb37142f0b42349c7afe66753dcecec061245e67a4ba58 kpatch-patch-4_18_0-477_97_1-debuginfo-1-9.el8_8.x86_64.rpm SHA-256: 1cb0e8e5ff8002320558f666524b0272f4abf02e6067319a44c2f5aad34a10b8 kpatch-patch-4_18_0-477_97_1-debugsource-1-9.el8_8.x86_64.rpm SHA-256: 6647144485a70fee1df6b4e14024a19bc162f5f8c30df844c512a60ea80c6ad4 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 SRPM kpatch-patch-4_18_0-477_107_1-1-5.el8_8.src.rpm SHA-256: 797cc1aa7bf2fe7c590906246966548389604bbbeba233a9277a7c4c7c45fc27 kpatch-patch-4_18_0-477_120_1-1-4.el8_8.src.rpm SHA-256: 6b744ca3b16f3e83519e8f3024e8ecc730b6914c187e7e587c8df43f88838321 kpatch-patch-4_18_0-477_130_1-1-2.el8_8.src.rpm SHA-256: ab54f735a4b3775ce4ee8ee16e14e7377faa61df79127d8acac7710e253add01 kpatch-patch-4_18_0-477_89_1-1-11.el8_8.src.rpm SHA-256: 42ec89cec1b1b892003656662fd6e154b9a9403fbf994c3359295030f44d9e25 kpatch-patch-4_18_0-477_97_1-1-9.el8_8.src.rpm SHA-256: 14bf0599553a02f1629b8b6a563e35e4a8cdf18f3fe37b69471540fa81f4c5c7 ppc64le kpatch-patch-4_18_0-477_107_1-1-5.el8_8.ppc64le.rpm SHA-256: 8fb71410aad0e4973e65d7fa480ca3e21439d75c1b86db56fa757eeb71decb78 kpatch-patch-4_18_0-477_107_1-debuginfo-1-5.el8_8.ppc64le.rpm SHA-256: ef486c848c353e16ab0a20da25856f66194ceb6268273281f8d82ff378328bfa kpatch-patch-4_18_0-477_107_1-debugsource-1-5.el8_8.ppc64le.rpm SHA-256: c78f40187adbc594a5ffdec1936ec5785b81567ae44817b697be3c7bbb9399d1 kpatch-patch-4_18_0-477_120_1-1-4.el8_8.ppc64le.rpm SHA-256: d937ade6d5bf01c029384df5f5ff0884c533e445078b6c48466361006665798f kpatch-patch-4_18_0-477_120_1-debuginfo-1-4.el8_8.ppc64le.rpm SHA-256: e1d39c52d4b8c6294b91a1cb552f26bf6ebda10ba852600330b511ad105a636e kpatch-patch-4_18_0-477_120_1-debugsource-1-4.el8_8.ppc64le.rpm SHA-256: aa7e7f0d17cb890b13bc539bdd1d6847f8576de430ad853dc1a8d90bcfe6e697 kpatch-patch-4_18_0-477_130_1-1-2.el8_8.ppc64le.rpm SHA-256: bfd5d14f31639f19bea4dff2581fd970ea4ff578f1b1583dd3231039427d945e kpatch-patch-4_18_0-477_130_1-debuginfo-1-2.el8_8.ppc64le.rpm SHA-256: 48b1a1fc5e74aa5c00afd7d1ede1c4c1f254f2aeebca6780d16a48224670a79f kpatch-patch-4_18_0-477_130_1-debugsource-1-2.el8_8.ppc64le.rpm SHA-256: cd8ec5302cb83e083d915143b740f789564a98207e7b36c08fd309ea721fa50e kpatch-patch-4_18_0-477_89_1-1-11.el8_8.ppc64le.rpm SHA-256: d4ea1647785b135b0d7ce2565fb58b959829987194e08fc7e68c3e19adac7b0a kpatch-patch-4_18_0-477_89_1-debuginfo-1-11.el8_8.ppc64le.rpm SHA-256: ac68a84e6bc9704c655fb5d10209104becb6505e49eb0dca94a36842d5bf5b30 kpatch-patch-4_18_0-477_89_1-debugsource-1-11.el8_8.ppc64le.rpm SHA-256: 90112073b4f3a48436c75ca014323d99a0df096eb10599d267a2e4cf1f06064e kpatch-patch-4_18_0-477_97_1-1-9.el8_8.ppc64le.rpm SHA-256: a91d093ddc0716c7d39c91cff7c1de12cc1d0ee96681bdd99a9a7f6825704409 kpatch-patch-4_18_0-477_97_1-debuginfo-1-9.el8_8.ppc64le.rpm SHA-256: bbbdb05434c43140d45beaebd8f143bc55c830b39295e54a5bf55d17a51de6ff kpatch-patch-4_18_0-477_97_1-debugsource-1-9.el8_8.ppc64le.rpm SHA-256: c702146a03bdc0f4c0458a1de1189d92150d980f558e9355d295bae6acefe881 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 SRPM kpatch-patch-4_18_0-477_107_1-1-5.el8_8.src.rpm SHA-256: 797cc1aa7bf2fe7c590906246966548389604bbbeba233a9277a7c4c7c45fc27 kpatch-patch-4_18_0-477_120_1-1-4.el8_8.src.rpm SHA-256: 6b744ca3b16f3e83519e8f3024e8ecc730b6914c187e7e587c8df43f88838321 kpatch-patch-4_18_0-477_130_1-1-2.el8_8.src.rpm SHA-256: ab54f735a4b3775ce4ee8ee16e14e7377faa61df79127d8acac7710e253add01 kpatch-patch-4_18_0-477_89_1-1-11.el8_8.src.rpm SHA-256: 42ec89cec1b1b892003656662fd6e154b9a9403fbf994c3359295030f44d9e25 kpatch-patch-4_18_0-477_97_1-1-9.el8_8.src.rpm SHA-256: 14bf0599553a02f1629b8b6a563e35e4a8cdf18f3fe37b69471540fa81f4c5c7 x86_64 kpatch-patch-4_18_0-477_107_1-1-5.el8_8.x86_64.rpm SHA-256: 5576c337d7c1a77982fef425327b534b75aed64f9f54a403ae063ec567d24c1c kpatch-patch-4_18_0-477_107_1-debuginfo-1-5.el8_8.x86_64.rpm SHA-256: c9322513a1ed09c7cdcb2f505699a09a9fbd5df00c8d1048b00bf182625f69cf kpatch-patch-4_18_0-477_107_1-debugsource-1-5.el8_8.x86_64.rpm SHA-256: 588a2dac0d1b7a1f42437bcc29af5f93ff9cca0f12a1ab9165816e6f148572b1 kpatch-patch-4_18_0-477_120_1-1-4.el8_8.x86_64.rpm SHA-256: 5d32c7983ed211a8aabd9a3464a2a8d0b52e4991f5da433dfa97582149067d63 kpatch-patch-4_18_0-477_120_1-debuginfo-1-4.el8_8.x86_64.rpm SHA-256: 09e895171835af2a3398799fd373075b37f0532ca1546a52f30b3e6795e09a17 kpatch-patch-4_18_0-477_120_1-debugsource-1-4.el8_8.x86_64.rpm SHA-256: 4cb37c30609d61754f1deb19283062969a762e2a9710b6cbf074eb79ab2a973f kpatch-patch-4_18_0-477_130_1-1-2.el8_8.x86_64.rpm SHA-256: 7ca2487d3aa149dc14f39e5ca879319c84dd0b03bc79a99f559e16f7dfff9d74 kpatch-patch-4_18_0-477_130_1-debuginfo-1-2.el8_8.x86_64.rpm SHA-256: 95e1998cefbf7ff3d061505ce9e341d5dd2867c8712de2594ed31f6fbd3c4e2a kpatch-patch-4_18_0-477_130_1-debugsource-1-2.el8_8.x86_64.rpm SHA-256: b78c7cf962d75e3e99334965ff412f9d040fcbcc612e374f103a0b1150210c46 kpatch-patch-4_18_0-477_89_1-1-11.el8_8.x86_64.rpm SHA-256: 798b7489f6d93075aeb51849b6527f63629b67e07fd4bbbddeb7b7db7a7141c5 kpatch-patch-4_18_0-477_89_1-debuginfo-1-11.el8_8.x86_64.rpm SHA-256: 1184262f2c50c230ff9474cd2b5944a7c314217e5a10c74c330013cedfd9477f kpatch-patch-4_18_0-477_89_1-debugsource-1-11.el8_8.x86_64.rpm SHA-256: 0ad2fd9ed73ef1c50326e488c1f8c32a6e1304c513919848a4f3eb881ad84ff7 kpatch-patch-4_18_0-477_97_1-1-9.el8_8.x86_64.rpm SHA-256: 08c681fb18fc6aeb52fb37142f0b42349c7afe6