8.8
HIGH CVSS 3.1
CVE-2026-43284
xfrm: esp: avoid in-place decrypt on shared skb frags
Description

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place over data that is not owned privately by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching TCP. Also make ESP input fall back to skb_cow_data() when the flag is present, so ESP does not decrypt externally backed frags in place. Private nonlinear skb frags still use the existing fast path. This intentionally does not change ESP output. In esp_output_head(), the path that appends the ESP trailer to existing skb tailroom without calling skb_cow_data() is not reachable for nonlinear skbs: skb_tailroom() returns zero when skb->data_len is nonzero, while ESP tailen is positive. Thus ESP output will either use the separate destination-frag path or fall back to skb_cow_data().

INFO

Published Date :

May 8, 2026, 8:16 a.m.

Last Modified :

July 10, 2026, 12:16 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2026-43284 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS 3.1 HIGH 134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS 3.1 HIGH 134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS 3.1 HIGH 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS 3.1 HIGH 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Solution
Apply kernel patches to prevent in-place decryption on shared skb fragments.
  • Update the Linux kernel to the latest patched version.
  • Apply the provided security patches for xfrm:esp.
  • Ensure shared fragments are marked correctly.
  • Validate ESP input fallback to COW.
Public PoC/Exploit Available at Github

CVE-2026-43284 has a 160 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-43284.

URL Resource
https://git.kernel.org/stable/c/50ed1e7873100f77abad20fd31c51029bc49cd03 Patch
https://git.kernel.org/stable/c/52646cbd00e765a6db9c3afe9535f26218276034 Patch
https://git.kernel.org/stable/c/5d55c7336f8032d434adcc5fab987ccc93a44aec Patch
https://git.kernel.org/stable/c/71a1d9d985d26716f74d21f18ee8cac821b06e97 Patch
https://git.kernel.org/stable/c/8253aab4659ca16116b522203c2a6b18dccacea7
https://git.kernel.org/stable/c/a6cb440f274a22456ef3e86b457344f1678f38f9 Patch
https://git.kernel.org/stable/c/ab8b995323e5237041472d07e5055f5f7dcdf15b Patch
https://git.kernel.org/stable/c/b54edf1e9a3fd3491bdcb82a21f8d21315271e0d Patch
https://git.kernel.org/stable/c/f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4
https://git.kernel.org/stable/c/fe785bb3a8096dffcc4048a85cd0c83337eeecad
http://www.openwall.com/lists/oss-security/2026/05/08/7 Mailing List
http://www.openwall.com/lists/oss-security/2026/05/13/6
http://www.openwall.com/lists/oss-security/2026/05/14/2
http://www.openwall.com/lists/oss-security/2026/05/14/4
https://www.vicarius.io/vsociety/posts/cve-2026-43284-detection-script-dirty-frag-linux-kernel-local-privilege-escalation
https://www.vicarius.io/vsociety/posts/cve-2026-43284-mitigation-script-dirty-frag-linux-kernel-local-privilege-escalation
https://access.redhat.com/errata/RHSA-2026:16061
https://access.redhat.com/errata/RHSA-2026:16062
https://access.redhat.com/errata/RHSA-2026:16100
https://access.redhat.com/errata/RHSA-2026:16155
https://access.redhat.com/errata/RHSA-2026:16157
https://access.redhat.com/errata/RHSA-2026:16160
https://access.redhat.com/errata/RHSA-2026:16161
https://access.redhat.com/errata/RHSA-2026:16171
https://access.redhat.com/errata/RHSA-2026:16176
https://access.redhat.com/errata/RHSA-2026:16180
https://access.redhat.com/errata/RHSA-2026:16195
https://access.redhat.com/errata/RHSA-2026:16196
https://access.redhat.com/errata/RHSA-2026:16201
https://access.redhat.com/errata/RHSA-2026:16202
https://access.redhat.com/errata/RHSA-2026:16203
https://access.redhat.com/errata/RHSA-2026:16204
https://access.redhat.com/errata/RHSA-2026:16206
https://access.redhat.com/errata/RHSA-2026:16254
https://access.redhat.com/errata/RHSA-2026:16312
https://access.redhat.com/errata/RHSA-2026:16314
https://access.redhat.com/errata/RHSA-2026:16328
https://access.redhat.com/errata/RHSA-2026:17795
https://access.redhat.com/errata/RHSA-2026:18025
https://access.redhat.com/errata/RHSA-2026:19074
https://access.redhat.com/errata/RHSA-2026:19225
https://access.redhat.com/errata/RHSA-2026:19564
https://access.redhat.com/errata/RHSA-2026:19568
https://access.redhat.com/errata/RHSA-2026:19569
https://access.redhat.com/errata/RHSA-2026:19572
https://access.redhat.com/errata/RHSA-2026:19573
https://access.redhat.com/errata/RHSA-2026:19574
https://access.redhat.com/errata/RHSA-2026:19575
https://access.redhat.com/errata/RHSA-2026:19577
https://access.redhat.com/errata/RHSA-2026:21695
https://access.redhat.com/errata/RHSA-2026:23233
https://access.redhat.com/errata/RHSA-2026:26542
https://access.redhat.com/errata/RHSA-2026:33486
https://access.redhat.com/errata/RHSA-2026:34098
https://access.redhat.com/security/cve/CVE-2026-43284
https://bugzilla.redhat.com/show_bug.cgi?id=2467771
https://github.com/V4bel/dirtyfrag Exploit Third Party Advisory
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43284.json
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-43284 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-43284 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

C Python Makefile Batchfile Perl

Updated: 8 hours, 33 minutes ago
0 stars 0 fork 0 watcher
Born at : July 9, 2026, 11:35 a.m. This repo has been linked 15 different CVEs too.

IOCs and a read-only triage checklist from a real Linux root compromise: RedTail miner, XorDDoS persistence, MoneroOcean miner, DirtyFrag LPE (CVE-2026-43284/43500). CC0.

Shell

Updated: 2 days, 18 hours ago
1 stars 0 fork 0 watcher
Born at : July 7, 2026, 9:18 p.m. This repo has been linked 2 different CVEs too.

A curated, terminal-native privilege escalation engine.

Python

Updated: 5 days, 18 hours ago
0 stars 0 fork 0 watcher
Born at : July 4, 2026, 10:44 p.m. This repo has been linked 3 different CVEs too.

Full Weaponized LPE Toolkit 2026

exploit linux-privilege-escalation privilage-escalation rootkit toolkit

C

Updated: 2 days, 19 hours ago
1 stars 0 fork 0 watcher
Born at : July 3, 2026, 2:19 p.m. This repo has been linked 19 different CVEs too.

None

C Python

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : June 30, 2026, 10:36 p.m. This repo has been linked 3 different CVEs too.

Complete Pentester Roadmap using free TryHackMe rooms

Updated: 1 week, 2 days ago
0 stars 1 fork 1 watcher
Born at : June 30, 2026, 8:08 p.m. This repo has been linked 16 different CVEs too.

CVE-2026-43284 - CVE-2026-43500 - CVE-2026-46300 Variant of dirtyfrag exploit

Python Shell Perl C

Updated: 1 week, 2 days ago
1 stars 0 fork 0 watcher
Born at : June 30, 2026, 6:15 p.m. This repo has been linked 3 different CVEs too.

Multi-CVE audit for the Linux page-cache LPE family with Prometheus output and behavioural IoC hunt

Shell

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : June 29, 2026, 11:51 p.m. This repo has been linked 7 different CVEs too.

Standalone Python 3 proof-of-concept exploits for recent CVEs - each with a write-up and a screenshot of a real run. For authorized security testing and education only.

cve exploit penetration-testing poc proof-of-concept python security-research vulnerability

Python C

Updated: 2 weeks, 2 days ago
0 stars 0 fork 0 watcher
Born at : June 23, 2026, 8:55 a.m. This repo has been linked 38 different CVEs too.

Kernel page cache corruption POCs. Educational/research use only.

C

Updated: 2 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : June 23, 2026, 3:47 a.m. This repo has been linked 2 different CVEs too.

A dynamically growing portfolio of practical cybersecurity labs covering SOC operations, penetration testing, and real-world vulnerability mitigation.

Updated: 3 weeks ago
0 stars 0 fork 0 watcher
Born at : June 18, 2026, 8:32 p.m. This repo has been linked 3 different CVEs too.

Automated AWS network exposure analysis for BOD 26-04 compliance using VPC Network Access Analyzer and Boto3

Python Shell

Updated: 3 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : June 18, 2026, 12:21 a.m. This repo has been linked 1 different CVEs too.

Local Linux CLI collector for Dirty Frag evidence and package inventory

Makefile C Python

Updated: 3 weeks, 2 days ago
0 stars 0 fork 0 watcher
Born at : June 17, 2026, 3:41 a.m. This repo has been linked 2 different CVEs too.

Kernel-level Linux rootkit · 4.17–6.x · x86_64 · ftrace hooks (24) · Google C2 · Zero non-Google traffic · Self-rebuilds on kernel upgrade · Evades chkrootkit, rkhunter, and unhide

bypass chkrootkit linux rkhunter rkhunter-antirootkit rootkit c2 calendar gdrive google backdoor clamav lyris malware unhide apt apt41

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : June 14, 2026, 11:21 a.m. This repo has been linked 2 different CVEs too.

Go-based Scanner for several 2025-2026 Linux root kernel vulnerabilities (DirtyFrag, Fragnesia, Copy Fail, Fragnesia, DirtyPipe, DirtyClone, pedit COW))

appsec detection-engineering kernel-vulnerability linux security vulnerability-scanner

Makefile Go

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : June 13, 2026, 3:05 a.m. This repo has been linked 7 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-43284 vulnerability anywhere in the article.

  • The Hacker News
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-202 ... Read more

Published Date: Jul 06, 2026 (4 days ago)
  • The Hacker News
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration f ... Read more

Published Date: Jun 26, 2026 (2 weeks ago)
  • The Hacker News
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models

University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, gene ... Read more

Published Date: Jun 09, 2026 (1 month ago)
  • europa.eu
Cyber Brief 26-06 - May 2026

Cyber Brief (May 2026)June 2, 2026 - Version: 1TLP:CLEARExecutive summaryWe analysed 325 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, Europol supported inter ... Read more

Published Date: Jun 02, 2026 (1 month, 1 week ago)
  • CybersecurityNews
GitHub Enterprise Server 3.20.3 Released With Fox for Critical Vulnerabilities

GitHub has shipped GitHub Enterprise Server (GHES) 3.20.3 as a security‑driven patch release that fixes multiple critical and high‑severity vulnerabilities and rotates the signing key used to validate ... Read more

Published Date: May 27, 2026 (1 month, 1 week ago)
  • CybersecurityNews
Multiple cPanel Vulnerabilities Allows Access to Sensitive System Resources

In a severe blow to web hosting environments worldwide, administrators are racing against the clock to patch a massive wave of security vulnerabilities affecting cPanel and WebHost Manager (WHM). Thre ... Read more

Published Date: May 15, 2026 (1 month, 3 weeks ago)
  • Ars Technica
Linux bitten by second severe vulnerability in as many weeks

Both privilege escalation vulnerabilities stem from bugs in the kernel’s handling of page caches stored in memory, allowing untrusted users to modify them. They target caches in networking and memory- ... Read more

Published Date: May 11, 2026 (1 month, 4 weeks ago)
  • security.nl
Veel QNAP NAS-systemen kwetsbaar voor Linux Dirty Frag-lek

Veel NAS-systemen van fabrikant QNAP zijn kwetsbaar voor het Linux Dirty Frag-lek. Een beveiligingsupdate is echter nog niet beschikbaar. Dirty Frag combineert twee verschillende kernel-kwetsbaarheden ... Read more

Published Date: May 11, 2026 (1 month, 4 weeks ago)

The following table lists the changes that have been made to the CVE-2026-43284 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c

    Jul. 10, 2026

    Action Type Old Value New Value
    Added Reference https://access.redhat.com/errata/RHSA-2026:34098
    Changed Affected [{'cpes': ['cpe:/a:redhat:enterprise_linux_nvidia:10::el10'], 'vendor': 'Red Hat', 'product': 'NVIDIA for RHEL 10', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.12::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.12', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.13::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.13', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.14::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.14', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.15::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.15', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.16::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.16', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.18::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.18', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.19::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.19', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.20::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.20', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.21::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.21', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus_long_life:8.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_tus:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:8.8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_tus:8.8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:9.0::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:9.2::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus:9.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus:9.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:9::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CRB (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux NFV (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux NFV E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux RT (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:6'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux 6', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux 7', 'defaultStatus': 'unaffected'}] [{'cpes': ['cpe:/a:redhat:enterprise_linux_nvidia:10::el10'], 'vendor': 'Red Hat', 'product': 'NVIDIA for RHEL 10', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.12::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.12', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.13::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.13', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.14::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.14', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.15::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.15', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.16::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.16', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.17::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.17', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.18::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.18', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.19::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.19', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.20::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.20', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.21::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.21', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus_long_life:8.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_tus:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:8.8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_tus:8.8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:9.0::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:9.2::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus:9.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus:9.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:9::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CRB (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux NFV (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux NFV E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux RT (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:6'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux 6', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux 7', 'defaultStatus': 'unaffected'}]
  • CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c

    Jul. 01, 2026

    Action Type Old Value New Value
    Added Reference https://access.redhat.com/errata/RHSA-2026:33486
  • CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c

    Jun. 30, 2026

    Action Type Old Value New Value
    Added Affected [{'cpes': ['cpe:/a:redhat:enterprise_linux_nvidia:10::el10'], 'vendor': 'Red Hat', 'product': 'NVIDIA for RHEL 10', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.12::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.12', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.13::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.13', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.14::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.14', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.15::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.15', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.16::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.16', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.18::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.18', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.19::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.19', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.20::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.20', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4.21::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.21', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus_long_life:8.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_tus:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:8.8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_tus:8.8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:9.0::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:9.2::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus:9.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus:9.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:9::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CRB (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux NFV (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux NFV E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::nfv'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time for NFV (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux RT (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::realtime'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Real Time (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:6'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux 6', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux 7', 'defaultStatus': 'unaffected'}]
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-123
    Added Reference https://access.redhat.com/errata/RHSA-2026:16061
    Added Reference https://access.redhat.com/errata/RHSA-2026:16062
    Added Reference https://access.redhat.com/errata/RHSA-2026:16100
    Added Reference https://access.redhat.com/errata/RHSA-2026:16155
    Added Reference https://access.redhat.com/errata/RHSA-2026:16157
    Added Reference https://access.redhat.com/errata/RHSA-2026:16160
    Added Reference https://access.redhat.com/errata/RHSA-2026:16161
    Added Reference https://access.redhat.com/errata/RHSA-2026:16171
    Added Reference https://access.redhat.com/errata/RHSA-2026:16176
    Added Reference https://access.redhat.com/errata/RHSA-2026:16180
    Added Reference https://access.redhat.com/errata/RHSA-2026:16195
    Added Reference https://access.redhat.com/errata/RHSA-2026:16196
    Added Reference https://access.redhat.com/errata/RHSA-2026:16201
    Added Reference https://access.redhat.com/errata/RHSA-2026:16202
    Added Reference https://access.redhat.com/errata/RHSA-2026:16203
    Added Reference https://access.redhat.com/errata/RHSA-2026:16204
    Added Reference https://access.redhat.com/errata/RHSA-2026:16206
    Added Reference https://access.redhat.com/errata/RHSA-2026:16254
    Added Reference https://access.redhat.com/errata/RHSA-2026:16312
    Added Reference https://access.redhat.com/errata/RHSA-2026:16314
    Added Reference https://access.redhat.com/errata/RHSA-2026:16328
    Added Reference https://access.redhat.com/errata/RHSA-2026:17795
    Added Reference https://access.redhat.com/errata/RHSA-2026:18025
    Added Reference https://access.redhat.com/errata/RHSA-2026:19074
    Added Reference https://access.redhat.com/errata/RHSA-2026:19225
    Added Reference https://access.redhat.com/errata/RHSA-2026:19564
    Added Reference https://access.redhat.com/errata/RHSA-2026:19568
    Added Reference https://access.redhat.com/errata/RHSA-2026:19569
    Added Reference https://access.redhat.com/errata/RHSA-2026:19572
    Added Reference https://access.redhat.com/errata/RHSA-2026:19573
    Added Reference https://access.redhat.com/errata/RHSA-2026:19574
    Added Reference https://access.redhat.com/errata/RHSA-2026:19575
    Added Reference https://access.redhat.com/errata/RHSA-2026:19577
    Added Reference https://access.redhat.com/errata/RHSA-2026:21695
    Added Reference https://access.redhat.com/errata/RHSA-2026:23233
    Added Reference https://access.redhat.com/errata/RHSA-2026:26542
    Added Reference https://access.redhat.com/security/cve/CVE-2026-43284
    Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2467771
    Added Reference https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43284.json
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 17, 2026

    Action Type Old Value New Value
    Added Affected [{'repo': 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git', 'vendor': 'Linux', 'product': 'Linux', 'versions': [{'status': 'affected', 'version': 'cac2661c53f35cbe651bef9b07026a5a05ab8ce0', 'lessThan': 'a6cb440f274a22456ef3e86b457344f1678f38f9', 'versionType': 'git'}, {'status': 'affected', 'version': 'cac2661c53f35cbe651bef9b07026a5a05ab8ce0', 'lessThan': 'ab8b995323e5237041472d07e5055f5f7dcdf15b', 'versionType': 'git'}, {'status': 'affected', 'version': 'cac2661c53f35cbe651bef9b07026a5a05ab8ce0', 'lessThan': 'fe785bb3a8096dffcc4048a85cd0c83337eeecad', 'versionType': 'git'}, {'status': 'affected', 'version': 'cac2661c53f35cbe651bef9b07026a5a05ab8ce0', 'lessThan': '5d55c7336f8032d434adcc5fab987ccc93a44aec', 'versionType': 'git'}, {'status': 'affected', 'version': 'cac2661c53f35cbe651bef9b07026a5a05ab8ce0', 'lessThan': '8253aab4659ca16116b522203c2a6b18dccacea7', 'versionType': 'git'}, {'status': 'affected', 'version': 'cac2661c53f35cbe651bef9b07026a5a05ab8ce0', 'lessThan': '50ed1e7873100f77abad20fd31c51029bc49cd03', 'versionType': 'git'}, {'status': 'affected', 'version': 'cac2661c53f35cbe651bef9b07026a5a05ab8ce0', 'lessThan': 'b54edf1e9a3fd3491bdcb82a21f8d21315271e0d', 'versionType': 'git'}, {'status': 'affected', 'version': 'cac2661c53f35cbe651bef9b07026a5a05ab8ce0', 'lessThan': '71a1d9d985d26716f74d21f18ee8cac821b06e97', 'versionType': 'git'}, {'status': 'affected', 'version': 'cac2661c53f35cbe651bef9b07026a5a05ab8ce0', 'lessThan': '52646cbd00e765a6db9c3afe9535f26218276034', 'versionType': 'git'}, {'status': 'affected', 'version': 'cac2661c53f35cbe651bef9b07026a5a05ab8ce0', 'lessThan': 'f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4', 'versionType': 'git'}], 'programFiles': ['net/ipv4/esp4.c', 'net/ipv4/ip_output.c', 'net/ipv6/esp6.c', 'net/ipv6/ip6_output.c'], 'defaultStatus': 'unaffected'}, {'repo': 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git', 'vendor': 'Linux', 'product': 'Linux', 'versions': [{'status': 'affected', 'version': '4.11'}, {'status': 'unaffected', 'version': '0', 'lessThan': '4.11', 'versionType': 'semver'}, {'status': 'unaffected', 'version': '5.10.255', 'versionType': 'semver', 'lessThanOrEqual': '5.10.*'}, {'status': 'unaffected', 'version': '5.15.205', 'versionType': 'semver', 'lessThanOrEqual': '5.15.*'}, {'status': 'unaffected', 'version': '5.15.206', 'versionType': 'semver', 'lessThanOrEqual': '5.15.*'}, {'status': 'unaffected', 'version': '6.1.171', 'versionType': 'semver', 'lessThanOrEqual': '6.1.*'}, {'status': 'unaffected', 'version': '6.1.172', 'versionType': 'semver', 'lessThanOrEqual': '6.1.*'}, {'status': 'unaffected', 'version': '6.6.138', 'versionType': 'semver', 'lessThanOrEqual': '6.6.*'}, {'status': 'unaffected', 'version': '6.12.87', 'versionType': 'semver', 'lessThanOrEqual': '6.12.*'}, {'status': 'unaffected', 'version': '6.18.28', 'versionType': 'semver', 'lessThanOrEqual': '6.18.*'}, {'status': 'unaffected', 'version': '7.0.5', 'versionType': 'semver', 'lessThanOrEqual': '7.0.*'}, {'status': 'unaffected', 'version': '7.1', 'versionType': 'original_commit_for_fix', 'lessThanOrEqual': '*'}], 'programFiles': ['net/ipv4/esp4.c', 'net/ipv4/ip_output.c', 'net/ipv6/esp6.c', 'net/ipv6/ip6_output.c'], 'defaultStatus': 'affected'}]
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 17, 2026

    Action Type Old Value New Value
    Added SSVC {'id': 'CVE-2026-43284', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-05-08T00:00:00+00:00'}
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    May. 26, 2026

    Action Type Old Value New Value
    Added Reference https://www.vicarius.io/vsociety/posts/cve-2026-43284-detection-script-dirty-frag-linux-kernel-local-privilege-escalation
    Added Reference https://www.vicarius.io/vsociety/posts/cve-2026-43284-mitigation-script-dirty-frag-linux-kernel-local-privilege-escalation
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    May. 14, 2026

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2026/05/14/4
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    May. 14, 2026

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2026/05/14/2
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    May. 13, 2026

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2026/05/13/6
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 11, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 11, 2026

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    May. 08, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
    Removed CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-123
    Removed CWE CWE-416
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 08, 2026

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/8253aab4659ca16116b522203c2a6b18dccacea7
    Added Reference https://git.kernel.org/stable/c/fe785bb3a8096dffcc4048a85cd0c83337eeecad
  • Initial Analysis by [email protected]

    May. 08, 2026

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.11 up to (excluding) 5.10.255 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.12 up to (excluding) 5.15.205 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.171 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.18.28 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.138 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.87 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 7.0 up to (excluding) 7.0.5
    Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2026/05/08/7 Types: Mailing List
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/50ed1e7873100f77abad20fd31c51029bc49cd03 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/52646cbd00e765a6db9c3afe9535f26218276034 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/5d55c7336f8032d434adcc5fab987ccc93a44aec Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/71a1d9d985d26716f74d21f18ee8cac821b06e97 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/a6cb440f274a22456ef3e86b457344f1678f38f9 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ab8b995323e5237041472d07e5055f5f7dcdf15b Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/b54edf1e9a3fd3491bdcb82a21f8d21315271e0d Types: Patch
    Added Reference Type CISA-ADP: https://github.com/V4bel/dirtyfrag Types: Exploit, Third Party Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    May. 08, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-416
    Added Reference https://github.com/V4bel/dirtyfrag
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 08, 2026

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/5d55c7336f8032d434adcc5fab987ccc93a44aec
    Added Reference https://git.kernel.org/stable/c/a6cb440f274a22456ef3e86b457344f1678f38f9
    Added Reference https://git.kernel.org/stable/c/ab8b995323e5237041472d07e5055f5f7dcdf15b
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    May. 08, 2026

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2026/05/08/7
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 08, 2026

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place over data that is not owned privately by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching TCP. Also make ESP input fall back to skb_cow_data() when the flag is present, so ESP does not decrypt externally backed frags in place. Private nonlinear skb frags still use the existing fast path. This intentionally does not change ESP output. In esp_output_head(), the path that appends the ESP trailer to existing skb tailroom without calling skb_cow_data() is not reachable for nonlinear skbs: skb_tailroom() returns zero when skb->data_len is nonzero, while ESP tailen is positive. Thus ESP output will either use the separate destination-frag path or fall back to skb_cow_data().
    Added Reference https://git.kernel.org/stable/c/50ed1e7873100f77abad20fd31c51029bc49cd03
    Added Reference https://git.kernel.org/stable/c/52646cbd00e765a6db9c3afe9535f26218276034
    Added Reference https://git.kernel.org/stable/c/71a1d9d985d26716f74d21f18ee8cac821b06e97
    Added Reference https://git.kernel.org/stable/c/b54edf1e9a3fd3491bdcb82a21f8d21315271e0d
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.