CVE-2026-43284

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description Dirty Frag is a local privilege escalation issue in the Linux kernel networking functionality related to xfrm/IPsec ESP and RxRPC. The problem occurs because IPv4/IPv6 datagram append paths failed to set the SKBFL SHARED FRAG flag when splicing pages into UDP skbs. This allows an ESP-in-UDP packet made from shared pipe pages to be treated as an ordinary uncloned nonlinear skb. Consequently, the ESP input uses a fast path that decrypts data in place over memory not privately owned by the skb, leading to a page cache write error. A local unprivileged attacker can abuse these paths to modify page cache contents and escalate privileges to root.

Recommendations Update the kernel to a version containing the fix, such as version 6.18.28. As a temporary workaround, disable the esp4, esp6, and rxrpc kernel modules. Restrict the use of the kafs module as it depends on the vulnerable components.