CVE-2026-43500KEVEXPLOITEDPATCHED

linux · linux_kernel

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-owned paged fragments (e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via __ip_append_data, or a chained skb_has_frag_list()) falls through to the in-place decryption path, which binds the frag pages directly into the AEAD/skcipher SGL via skb_to_sgvec(). Extend the gate to also unshare when skb_has_frag_list() or skb_has_shared_frag() is true. This catches the splice-loopback vector and other externally-shared frag sources while preserving the zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC page_pool RX, GRO). The OOM/trace handling already in place is reused.

Affected Products

Vendor	Product	Versions
linux	linux_kernel	d0d5c0cd1e711c98703f3544c1e6fc1372898de5, d0d5c0cd1e711c98703f3544c1e6fc1372898de5, d0d5c0cd1e711c98703f3544c1e6fc1372898de5, d0d5c0cd1e711c98703f3544c1e6fc1372898de5, d0d5c0cd1e711c98703f3544c1e6fc1372898de5, 5.3

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
linux	linux	mitre_affected	90%

References

Related News (28 articles)

Tier B

CERT-FR1d ago

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (26 juin 2026)

→ No new info (linked only)

Tier D

The Hacker News18d ago

Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models

→ No new info (linked only)

Tier B

CERT-FR22d ago

Multiples vulnérabilités dans le noyau Linux de SUSE (05 juin 2026)

→ No new info (linked only)

Tier A

Fortinet PSIRT24d ago

Linux Kernel vulnerability Dirty Frag

→ No new info (linked only)

Tier B

CERT-FR26d ago

Multiples vulnérabilités dans les produits Mitel (01 juin 2026)

→ No new info (linked only)

Tier C

Rapid7 Blog29d ago

Metasploit Wrap Up 05/29/2026

→ No new info (linked only)

Tier C

Exploit-DB29d ago

[local] Linux Kernel - Local Privilege Escalation

→ No new info (linked only)

Tier B

CCCS Canada30d ago

Mitel security advisory (AV26-524)

→ No new info (linked only)

Tier E

Hacker News30d ago

Dirty Frag: a kernel zero-day vs. container and microVM sandboxes

→ No new info (linked only)

Tier C

Exploit-DB31d ago

[local] Linux Kernel - Local Privilege Escalation

→ No new info (linked only)

Tier B

CCCS Canada32d ago

[Control Systems] Moxa security advisory (AV26-509)

→ No new info (linked only)

Tier B

CERT-FR36d ago

Multiples vulnérabilités dans le noyau Linux de SUSE (22 mai 2026)

→ No new info (linked only)

Tier B

CERT/CC Vuln Notes38d ago

VU#980487: Local privilege escalation in Linux Kernel (Dirty Frag)

→ No new info (linked only)

Tier B

CERT-FR43d ago

Multiples vulnérabilités dans le noyau Linux de Debian (15 mai 2026)

→ No new info (linked only)

Tier B

CERT-FR43d ago

Multiples vulnérabilités dans le noyau Linux de SUSE (15 mai 2026)

→ No new info (linked only)

Tier D

Infosecurity Magazine44d ago

New Fragnesia Flaw Hands Linux Local Users Root Access

→ No new info (linked only)

Tier E

Reddit r/cybersecurity45d ago

Detecting CopyFail and DirtyFrag by thinking outside the box

→ No new info (linked only)

Tier A

Microsoft MSRC46d ago

CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

→ No new info (linked only)

Tier E

Hacker News47d ago

Just released: Dirty Frag (CVE-2026-43284 / CVE-2026-43500) Detection Script

→ No new info (linked only)

Tier E

Hacker News47d ago

New Linux kernel vulnerability: Dirty Frag family RxGK variants discovered

→ No new info (linked only)

Tier E

Lobsters Security47d ago

Load-Bearing Assumptions: the rxrpc case (CVE-2026-43500) and the constraint that was never there

→ No new info (linked only)

Tier C

VulDB47d ago

CVE-2026-43500 | Linux Kernel up to 6.18.28/7.0.5/7.1-rc2 rxrpc rxrpc_input_call_event infinite loop

→ No new info (linked only)

Tier C

Linux Kernel CVEs47d ago

CVE-2026-43500: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

→ No new info (linked only)

Tier B

CERT-FR47d ago

Bulletin d'actualité CERTFR-2026-ACT-021 (11 mai 2026)

→ No new info (linked only)

Tier E

Hacker News49d ago

"Dirty Frag" (CVE-2026-43284): The Second Linux Root Exploit in Eight Days

→ No new info (linked only)

Tier E

Hacker News49d ago

CVE-2026-43284 ("Dirty Frag") Alma Linux

→ No new info (linked only)

Tier E

Hacker News49d ago

Dirty Frag: Ongoing Linux Kernel Privilege Escalation Vulnerability Since 2017

→ No new info (linked only)

Tier B

BSI Advisories50d ago

[NEU] [hoch] Linux Kernel (Dirty Frag): Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

3eae0f4f9f7206a4801efa5e0235c25bbd5a412cd45179f8795222ce858770dc619abe51f9d24411aa54b1d27fe0c2b78e664a34fd0fdf7cd1960d7106.18.297.0.67.1-rc3

PublishedMay 11, 2026

Last enriched24d agov8

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-31431EXPKEV

crypto: algif_aead - Revert to operating out-of-place

Trending: 121

HIGHCVE-2026-43284EXPKEV

xfrm: esp: avoid in-place decrypt on shared skb frags

Trending: 116

HIGHCVE-2026-46333EXP

ptrace: slightly saner 'get_dumpable()' logic

Trending: 78

HIGHCVE-2026-46300EXP

net: skbuff: preserve shared-frag marker during coalescing

Trending: 68

HIGHCVE-2026-43503EXP

net: skbuff: propagate shared-frag marker through frag-transfer helpers

Trending: 58

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 11, 2026

Added to CISA KEV

May 11, 2026

Discovered by ZDM

May 11, 2026

Updated: affectedVersions

May 11, 2026

Updated: description, affectedVersions, severity, cweIds, exploitAvailable, tags

May 20, 2026

Updated: cweIds

May 26, 2026

Updated: affectedVersions, tags

May 28, 2026

Updated: description, affectedVersions, severity, cweIds

May 29, 2026

Updated: cweIds, tags

May 29, 2026

Updated: cvssEstimate

Jun 3, 2026

Actively Exploited

Jun 14, 2026

Exploit Available

Jun 14, 2026

Patch Available

Jun 14, 2026

Version History

Last enriched 24d ago

v8Tier A24d ago

Updated CVSS from 7.8 to 7.9, added new CWE IDs CVE-2026-43284 and CVE-2026-43500, and set patchAvailable to null.

cvssEstimate

via Fortinet PSIRT

v7Tier C29d ago

Added new CWE IDs related to the 'Dirty Frag' vulnerabilities and included new relevant tags.

cweIdstags

via Rapid7 Blog

v6Tier C29d ago

Updated description with new exploit details, added affected versions for various distributions, changed severity to HIGH, added new CWE, and updated tags.

descriptionaffectedVersionsseveritycweIds

via Exploit-DB

v5Tier C30d ago

Updated description with detailed exploit information, added affected versions, changed severity to HIGH, and included new tags.

affectedVersionstags

via Exploit-DB

v4Tier B32d ago

Added new CWE-119 related to the vulnerability.

cweIds

via CCCS Canada

v3Tier B38d ago

Updated description with detailed technical information, added affected version 4.10, changed severity to CRITICAL, and included new CWE IDs.

descriptionaffectedVersionsseveritycweIdsexploitAvailabletags

via CERT/CC Vuln Notes

v2Tier C47d ago

Updated description with critical vulnerability details, changed severity to CRITICAL, and added affected versions 6.18.28, 7.0.5, and 7.1-rc2.

affectedVersions

via VulDB

v147d ago

Initial creation