CVE-2026-43500
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-owned paged fragments (e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via __ip_append_data, or a chained skb_has_frag_list()) falls through to the in-place decryption path, which binds the frag pages directly into the AEAD/skcipher SGL via skb_to_sgvec(). Extend the gate to also unshare when skb_has_frag_list() or skb_has_shared_frag() is true.
7 articles across 6 outlets · first covered May 8, 2026 · latest May 27, 2026
Tracked incidents
Coverage timeline
-
Moxa Linux Flaw Lets Local Users Gain Root Access via Dirty Fragsecurityonline.info · May 27, 2026
-
GitHub fixes SSRF bug CVE-2026-9312 and kernel flawssecurityonline.info · May 27, 2026
-
Dirty Frag Linux kernel flaw lets users gain root, patches issuedarstechnica.com · May 11, 2026
-
Dirty Frag exploit released, putting Linux root at riskwww.darkreading.com · May 11, 2026
-
Linux Kernel Dirty Frag Flaws Trigger Urgent Patch Rolloutwww.infosecurity-magazine.com · May 11, 2026
-
Dirty Frag (CVE-2026-43284) lets Linux users gain rootwww.securityweek.com · May 11, 2026
-
Dirty Frag Linux flaw (CVE-2026-43284) lets users gain rootwww.microsoft.com · May 8, 2026