CVE-2026-43284

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A local privilege escalation issue, known as Dirty Frag, exists in the Linux kernel networking functionality related to xfrm/IPsec ESP and RxRPC. The problem occurs because IPv4/IPv6 datagram append paths fail to set the SKBFL SHARED FRAG flag when splicing pages into UDP skbs. This allows ESP-in-UDP packets made from shared pipe pages to be treated as ordinary uncloned nonlinear skbs. Consequently, the ESP input process uses a fast path that decrypts data in place over memory not privately owned by the skb, leading to a page cache write error. A local unprivileged attacker can abuse these paths to modify page cache contents and escalate privileges to root.

Recommendations Update the kernel to the latest version provided by the vendor. As a temporary mitigation, disable the esp4, esp6, and rxrpc kernel modules if they are not required. Restrict the use of the kafs module as it depends on the vulnerable components.