CVE-2026-43284 — Dirty Frag Tracking

This tracker is no longer updated. Both the original Dirty Frag chain (CVE-2026-43284 xfrm-ESP + CVE-2026-43500 RxRPC) and its post-disclosure variants are fixed in every tracked distribution.

Summary

An unprivileged local user can perform controlled writes into the page cache of files they only have read access to, by chaining two zero-copy splice() paths where the kernel performs in-place crypto on top of an attacker-pinned page-cache page:

• xfrm-ESP Page-Cache Write — esp_input() / esp6_input() skip skb_cow_data() for non-linear skbs without a frag list and run crypto_authenc_esn_decrypt() directly on the frag, performing a 4-byte STORE the attacker controls via XFRMA_REPLAY_ESN_VAL. Requires CAP_NET_ADMIN, satisfied by unshare(CLONE_NEWUSER|CLONE_NEWNET) on systems that allow unprivileged user namespaces.

• RxRPC Page-Cache Write — rxkad_verify_packet_1() performs an in-place pcbc(fcrypt) decrypt on the first 8 bytes of the rxrpc payload. The 8-byte STORE value is fcrypt_decrypt(C, K) where the attacker controls K via an unprivileged add_key("rxrpc", …). Useful on Ubuntu where AppArmor blocks unprivileged user-namespace creation.

Because the page cache is host-wide, both primitives also work as container-escape primitives on shared-kernel hosts. The on-disk file is unchanged — only the in-memory page cache is corrupted — so checksums, inotify, auditd file watches, and tripwire-style tools will not detect exploitation.

🚨 The publicly known Copy Fail mitigation (algif_aead blacklist) does NOT protect against Dirty Frag. The xfrm-ESP variant uses the same scratch-write sink as Copy Fail, but reaches it through esp_input rather than algif_aead and triggers regardless of whether the AEAD socket interface is available.

ℹ️ A second exploit, “Copy Fail 2: Electric Boogaloo”, targets the same code paths under a different name.

A cluster of post-disclosure variants — including CVE-2026-46300 (“Fragnesia”) — reached all current upstream stable point releases on 2026-05-23; all tracked distributions are now patched. See Post-disclosure variants.

Vulnerable commit range

The xfrm-ESP fix is two-sided: esp_input() / esp6_input() consult a new SKBFL_SHARED_FRAG flag in their skip_cow branch, and __ip_append_data() / __ip6_append_data() set that flag whenever MSG_NO_SHARED_FRAGS is not set on a frag-introducing append. Distro backports must include both pieces — checking only for the esp_input hunk is insufficient.

The effective lifetime of the xfrm-ESP variant is therefore about 9 years (2017–2026). The RxRPC variant is about 3 years old (2023–).

Upstream fixed versions

Stable-tree backport notes

xfrm-ESP — incomplete fix in v6.1.171 and v5.15.205:

• Backports 5d55c7336f80 (6.1.y) and ab8b995323e5 (5.15.y) set tx_flags instead of flags in net/ipv4/ip_output.c, leaving the IPv4 frag-tagging path ineffective.
• Greg Kroah-Hartman’s fix-up (8253aab4659c / fe785bb3a809, 2026-05-08) is included in v6.1.172 and v5.15.206 — these are the first fully-fixed releases on those branches.
• Distros that applied upstream f4c50a4034e6 directly (rather than pulling from the stable tree) are unaffected by this bug.

RxRPC — 6.12.y fixed in v6.12.88:

• 24481a7f5733 (“rxrpc: Fix conn-level packet handling to unshare RESPONSE packets”) was cherry-picked to 6.18.y as ca71ac2de389 (v6.18.27) but delayed for 6.12.y. It landed in v6.12.88 as 98a2046d155f.
• Three follow-ups that had already landed in 6.12.y without the base: 0422e7a4883f re-decryption fix (as 7b8986830505), 55b2984c96c3 DATA-only refinement (as 016725807ce3), and 1f2740150f90 UAF fix (as bf20f46d94f1).
• The paged-frags fix 3eae0f4f9f72 (the MITRE-defined CVE-2026-43500 complete fix — see below) also landed in v6.12.88 as 3711382a7734.
• v6.12.88 is the first fully fixed release on 6.12.y for CVE-2026-43500.

RxRPC — 6.6.y fixed in v6.6.140:

• Base fix c0428a22daf6 (“rxrpc: Fix conn-level packet handling to unshare RESPONSE packets”) and paged-frags fix 7c504ffab3ef (“rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present”) both landed together in v6.6.140. v6.6.140 is the first fully fixed release on 6.6.y for CVE-2026-43500.

RxRPC — paged-frags fix 3eae0f4f9f72 is the MITRE-defined CVE-2026-43500 complete fix:

• “rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present” — addresses the case where an skb is not cloned but still carries externally-owned paged fragments and performs in-place decryption. Per MITRE’s published CVE-2026-43500 record (state: PUBLISHED, 2026-05-11), this is the fix that makes a kernel fully fixed for CVE-2026-43500: v6.18.29 (commit 3eae0f4f9f72), v7.0.6 (commit d45179f87952), 7.1-rc3 (commit aa54b1d27fe0).
• 6.18.27 and 6.18.28 (containing only the conn_event fix ca71ac2de389) are partially mitigated but still CVE-2026-43500- vulnerable per MITRE for the paged-frags path.
• Backported to 6.12.y as 3711382a7734 in v6.12.88 (alongside the base commit 98a2046d155f).

RxRPC — improvement commits: one in 7.0.y, one still pending:

David Howells merged two further hardening commits to netdev/net on 2026-05-16, both tagged cc: stable@kernel.org.

• d2bc90cf6c75 (“rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg”) — eliminates the remaining in-place DATA-packet decrypt path by unconditionally using a per-call bounce buffer. Backported to 7.0.y as c58008774371; present in v7.0.11. Not yet backported to 6.18.y or 6.12.y.
• 8bfab4b6ffc2 (“rxrpc: Fix RESPONSE packet verification to extract skb to a linear buffer”) — avoids in-place decryption of RESPONSE packets sent via splice() to a local address by copying the payload into a kmalloc’d linear buffer before crypto; Fixes: 24481a7f5733. Pending — not yet in any stable branch as of v6.12.92 / v6.18.34 / v7.0.11.

Neither commit introduces a new CVE; both improve robustness of the CVE-2026-43500 fix.

Distribution status

Debian

Main references: Debian Security Tracker — CVE-2026-43284 · Debian Security Tracker — CVE-2026-43500

Debian 11 and 12 ship kernels older than 6.4, so they predate the RxRPC variant’s introducing commit. DSA-6258-1, DLA-4572-1, and DLA-4574-1 each address CVE-2026-43284 (xfrm-ESP); CVE-2026-43500 appears in the advisory listings for completeness but the RxRPC code path is absent from 5.10.x and 6.1.x. DLA-4574-1 covers Bullseye users running the optional linux-6.1 backport kernel provided by Debian LTS.

Trixie’s linux 6.12.86-1 wraps upstream 6.12.86, which by itself lacks the CVE-2026-43500 paged-frags fix (3eae0f4f9f72, first upstream in v6.12.88 as backport 3711382a7734). Debian cherry-picked that commit directly into the 6.12.86-1 source as the quilt patch bugfix/all/rxrpc-Also-unshare-DATA-RESPONSE-packets-when-paged-.patch, so DSA-6253-1 genuinely covers both CVEs ahead of the upstream 6.12.88 release. The later trixie-security upload 6.12.88-1 (DSA-6274-1, 2026-05-15) is unrelated — it addresses a different set of CVEs.

Proxmox Virtual Environment

Main references: Proxmox PVE security advisories · ProxmoxSecurityAdvisory posts

Proxmox ships its own pve-kernel packages, built independently from Debian’s kernel packages. Track PVE 9 and PVE 8 separately:

On PVE kernels esp4, esp6, and rxrpc are loadable modules (not built-in), so the modprobe blacklist mitigation should work as an interim measure on unpatched nodes. Verify with lsmod and modules.builtin before relying on it.

NixOS

Main reference: NixOS security tracker

Each release line (25.11 and unstable) has a default channel and a faster -small (server-oriented subset) channel.

The channel’s pkgs.linuxPackages (its implicit boot.kernelPackages unless overridden in NixOS configuration) is annotated with (default), while pkgs.linuxPackages_latest is annotated with (latest).

Dates above are bump-commit dates on the channel branch. Flake users tracking the branch directly see the fix the moment the commit lands; nix-channel --update / nixos-rebuild --upgrade-all users wait for the channel pointer to advance once Hydra has built and cached the new commit, typically some hours later.

Rocky Linux

Main references: Rocky Linux errata · Red Hat security search

Red Hat shipped fixes across multiple advisories and streams:

• EUS-stream (2026-05-11): RHSA-2026:16061 (RHEL 8.8 EUS), RHSA-2026:16100 (RHEL 9.4 EUS), RHSA-2026:16062 (RHEL 10.1).
• Current-stream (2026-05-12, CVE-2026-43284): RHSA-2026:16195 (RHEL 8.10, kernel-4.18.0-553.124.1.el8_10) and RHSA-2026:16206 (RHEL 9.7, kernel-5.14.0-611.55.1.el9_7).
• Additional EUS / NFV advisories: RHEL 8.4 (RHSA-2026:16201), RHEL 8.6 (RHSA-2026:16204), RHEL 8 NFV/RT (RHSA-2026:16196), RHEL 9.0 (RHSA-2026:16202 / NFV), RHEL 9.2 (RHSA-2026:16328 / NFV), RHEL 9.6 (RHSA-2026:16312), RHEL 10.0 EUS (RHSA-2026:16314).
• Rocky Linux tracks current-stream RHEL (8.10, 9.7) — so RHSA-2026:16195 and RHSA-2026:16206 are the upstream advisories for Rocky. Rocky’s matching RLSAs all shipped 2026-05-14: RLSA-2026:16062 (RL10), RLSA-2026:16206 (RL9), RLSA-2026:16195 (RL8), RLSA-2026:16196 (RL8 kernel-rt).
• RHEL 10 (6.12.x) caveat: CVE-2026-43500 (RxRPC) is not explicitly listed in the RHSA advisory text, though AlmaLinux’s analogous package (kernel-6.12.0-124.55.2.el10_1) fixes both — suggesting an EL-side cherry-pick was applied.

AlmaLinux moved fixes to its production repositories on 2026-05-08 (initially released to testing on 2026-05-07; see AlmaLinux Dirty Frag blog post):

• AlmaLinux 10: kernel-6.12.0-124.55.2.el10_1 — production, 2026-05-08 (CVE-2026-43284 + CVE-2026-43500)
• AlmaLinux 9: kernel-5.14.0-611.54.3.el9_7 — production, 2026-05-08 (CVE-2026-43284 + CVE-2026-43500)
• AlmaLinux 8: kernel-4.18.0-553.123.2.el8_10 — production, 2026-05-08 (CVE-2026-43284 xfrm-ESP only; AL8 predates the RxRPC introducing commit)

The most recent pre-fix Rocky advisories — RLSA-2026:13566 (RL10, kernel-6.12.0-124.55.1.el10_1) and RLSA-2026:13565 (RL9, kernel-5.14.0-611.54.1.el9_7), both issued 2026-05-06 — do not address CVE-2026-43284 or CVE-2026-43500.

esp4, esp6, and rxrpc are all loadable modules (not built-in) on the EL family — the AlmaLinux blog explicitly confirms the modprobe blacklist mitigation is safe to apply on any supported release that is not actively using IPsec ESP transports or AFS/RxRPC.

Rocky 8 (4.18) and Rocky 9 (5.14) predate the RxRPC introducing commit, so the RxRPC variant likely does not apply to them. Confirm against the distro’s actual config before declaring it out of scope.

Amazon Linux

Main references: Amazon Linux Security Center · AL2023 · AL2

Amazon Linux 2023

The default 6.1 stream predates the RxRPC introducing commit, so the RxRPC variant does not apply. Amazon’s advisories for kernel6.12 and kernel6.18 cover CVE-2026-43284 (xfrm-ESP) only — Amazon backported the fix independently to their own kernel builds (6.12.83 and 6.18.25) rather than waiting for upstream point releases (6.12.87 / 6.18.28). CVE-2026-43500 (RxRPC) is not listed in any ALAS advisory; status for the kernel6.12 and kernel6.18 streams is unconfirmed.

CVE-2026-46300 (Fragnesia) — all AL2023 streams fixed 2026-05-15:

Amazon Linux 2

All AL2 kernel streams ship pre-6.4 kernels and therefore predate the RxRPC introducing commit. Only the xfrm-ESP variant applies.

CVE-2026-46300 (Fragnesia) — all AL2 streams fixed 2026-05-15:

Detection

Check whether the affected modules are loadable or built in

lsmod | grep -E '^(esp4|esp6|rxrpc) '

If the output is empty, check for built-ins:

grep -E '/(esp4|esp6|rxrpc)\.ko' /lib/modules/$(uname -r)/modules.builtin

Or, if the kernel config is readable, check directly:

grep -E 'CONFIG_(INET_ESP|INET6_ESP|AF_RXRPC)' /boot/config-$(uname -r)

Interpret the output:

• =y → built-in, cannot be unloaded — the modprobe mitigation will not work for that module on this kernel
• =m → loadable module — modprobe blacklist will work
• no output → not present in this kernel — that variant’s surface is unavailable

Fallback if /boot/config-* is unreadable and CONFIG_IKCONFIG_PROC=y:

zgrep -E 'CONFIG_(INET_ESP|INET6_ESP|AF_RXRPC)' /proc/config.gz

Public PoC

The upstream PoC is in V4bel/dirtyfrag (exp.c):

git clone https://github.com/V4bel/dirtyfrag.git
cd dirtyfrag
gcc -O0 -Wall -o exp exp.c -lutil
./exp

Do not run this on a system you are not authorised to test. The exploit attempts to obtain root by writing into the page cache of /usr/bin/su (xfrm-ESP variant) or /etc/passwd (RxRPC variant).

Mitigation

⚠️ The standard Copy Fail mitigation (algif_aead blacklist) does NOT protect against Dirty Frag. Apply the mitigation below in addition to, not instead of, any Copy Fail mitigation.

Modprobe blacklist (when modules are loadable)

Following the upstream README, block the three vulnerable modules and remove them if loaded:

printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf

rmmod esp4 esp6 rxrpc 2>/dev/null || true

Verify:

lsmod | grep -E '^(esp4|esp6|rxrpc) ' && echo "STILL LOADED" || echo "Not loaded"

What this breaks: IPsec/XFRM ESP transports (both v4 and v6), and any application that uses AF_RXRPC (rare; mostly OpenAFS / kAFS clients). If you rely on IPsec ESP for site-to-site VPN, transport-mode encryption, or kAFS, this mitigation will break those workloads.

What this does NOT break: non-ESP IPsec (AH only), WireGuard, OpenVPN, kTLS, dm-crypt/LUKS, SSH, OpenSSL/GnuTLS/NSS default builds.

Boot parameter mitigation (when modules are built in)

If esp4/esp6/rxrpc are built into the kernel rather than loadable, the modprobe approach silently does nothing. On systems using BLS config (Rocky/RHEL 8+, Fedora, AL2023), an initcall_blacklist boot parameter targeting the relevant init functions is the analogous workaround:

sudo grubby --update-kernel=ALL --args="initcall_blacklist=esp4_init,esp6_init,af_rxrpc_init"

sudo reboot

Then verify:

grep -o 'initcall_blacklist=[^ ]*' /proc/cmdline

The exact init function names depend on the kernel version. Inspect System.map to confirm before relying on this.

grep '_init$' /boot/System.map-$(uname -r) | grep -E 'esp4|esp6|rxrpc'

Risk notes

• Container hosts: The host-wide page cache means a container breakout is possible on shared-kernel deployments (Docker, Kubernetes without microVM or gVisor isolation). Apply the mitigation before running untrusted workloads.
• Ubuntu / AppArmor namespace restriction: Hardening that blocks unprivileged user-namespace creation defeats the xfrm-ESP variant but not RxRPC. The chained PoC specifically routes around this.
• CI/CD runners: Self-hosted GitHub Actions, GitLab Runners, and Jenkins agents executing untrusted PR code are directly in scope.
• Forensics: Both variants modify only the in-memory page cache. The on-disk file is untouched. Memory forensics or runtime detection (Falco, eBPF) is required.
• Embedded / appliance kernels: May lag significantly behind distro kernel updates. Audit separately.

The in-memory corruption is transient: dropping the pagecache clears it, and a reboot achieves the same.

echo 1 > /proc/sys/vm/drop_caches

Post-disclosure variants

ℹ️ Both variant fixes landed in all current upstream stable point releases on 2026-05-23 (v7.0.10, v6.18.33, v6.12.91, v6.6.141, v6.1.174, v5.15.208, v5.10.257). Debian (sid 7.0.9-1, forky 7.0.9-1, trixie 6.12.90-1, bookworm 6.1.174-1 DSA-6306-1, bullseye 5.10.257-1 DLA-4606-1 and linux-6.1 6.1.174-1~deb11u1 DLA-4607-1), NixOS (nixos-unstable, nixos-unstable-small, nixos-25.11-small, and nixos-25.11 — 7.0.10 / 6.18.33 / 6.12.91), Proxmox (PSA-2026-00020-1, 2026-05-18), and Red Hat / Rocky Linux 8 (RHSA-2026:19666 / RLSA-2026:19666, 2026-05-20/23), Rocky Linux 9 (RLSA-2026:19568, 2026-05-28; kernel-5.14.0-687.10.1.el9_8.0.1), and Rocky Linux 10 (RLSA-2026:19569, 2026-05-29; kernel-6.12.0-211.16.1.el10_2.0.1) have shipped packages containing these fixes. The modprobe mitigation remains advisable until you confirm a fully patched kernel is installed.

Dirty Frag’s xfrm-ESP fix (f4c50a4034e6) makes esp_input() / esp6_input() consult the SKBFL_SHARED_FRAG skb flag before decrypting in place. That defence is only as complete as the flag’s coverage — and after public disclosure, several other skb frag-transfer paths were found to silently drop the flag, letting the same in-place page-cache write be reached by a different route. Five such variants were publicly disclosed between 2026-05-13 and 2026-05-15; upstream refers to them collectively as the Dirty Frag variants.

Both follow-up commits carry Fixes: f4c50a4034e6 (and Fixes: cef401de7be8) — they patch gaps in Dirty Frag’s own fix rather than introducing a new vulnerability class.

• f84eca581739 — Fragnesia / CVE-2026-46300 (net: skbuff: preserve shared-frag marker during coalescing; William Bowling, v12-security; netdev/net, 2026-05-13). skb_try_coalesce() can attach paged frags from one skb onto another but drops the SKBFL_SHARED_FRAG marker; TCP receive coalescing then hands ESP an unmarked skb still referencing page-cache pages. The PoC writes a position-independent ELF stub over the first 192 bytes of /usr/bin/su in the page cache and execve()s it for a root shell.
• 48f6a5356a33 — the other four variants (net: skbuff: propagate shared-frag marker through frag-transfer helpers; Hyunwoo Kim; netdev/net, 2026-05-16). Restores the marker in __pskb_copy_fclone(), skb_shift(), skb_gro_receive(), skb_gro_receive_list() and skb_segment(). One reachable route: a single nft 'dup to <local>' rule lands a pskb_copy()’d skb in esp_input() with the marker stripped. Upstream confirmed the fifth (v12-security) PoC is also blocked by this commit.

Only the Fragnesia variant carries a CVE — CVE-2026-46300 (MITRE record still RESERVED, but the ID is already in active use by distributions). The remaining four variants have no separate CVE assigned and are tracked here by fix commit and disclosure reference.

Upstream’s own assessment is that the cluster is open-ended: “As long as the in-place path in esp remains, further variants of this kind are expected to be found in the esp module.”

Upstream stable-tree fixed versions. Both f84eca581739 and 48f6a5356a33 were backported to every current stable branch and first appeared in released kernels on 2026-05-23:

Distribution status (CVE-2026-46300). Fixes reached upstream stable releases on 2026-05-23; all tracked distributions are now patched. Per-release status (Debian security tracker for the Debian rows):

Verification log

Last verified 2026-06-04.

Upstream

All supported stable branches carry their applicable fixes at the current tag, verified against the local stable clone:

• xfrm-ESP (CVE-2026-43284): v7.0.11, v6.18.34, v6.12.92, v6.6.142, v6.1.175, v5.15.209, v5.10.258.
• RxRPC paged-frags (CVE-2026-43500): v7.0.11, v6.18.34, v6.12.92, v6.6.142 — pre-6.6 branches (6.1.y, 5.15.y, 5.10.y) predate RxRPC and are out of scope for CVE-2026-43500.
• RxRPC improvement commits: d2bc90cf6c75 (2026-05-16) landed in v7.0.11 as stable backport c58008774371; not yet in 6.18.y or 6.12.y. 8bfab4b6ffc2 (2026-05-16) remains pending in all stable branches. Neither introduces a new CVE; both carry Fixes: 24481a7f5733.
• Post-disclosure variants (CVE-2026-46300 cluster): both fix commits (f84eca581739 / 48f6a5356a33) are backported to all stable branches and first appeared in released kernels on 2026-05-23 — see upstream stable-tree fixed versions table under Post-disclosure variants above.

The historical xfrm-ESP stable-backport bug in v6.1.171 / v5.15.205 was resolved in v6.1.172 / v5.15.206 — see Stable-tree backport notes under Upstream fixed versions above.

Distributions

• Debian: CVE-2026-43284/43500 remain fixed in all tracked suites. CVE-2026-46300 is now fixed across all suites: sid (7.0.9-1), forky (7.0.9-1), trixie (6.12.90-1, DSA-6295-1), bookworm (DSA-6306-1, linux 6.1.174-1, 2026-05-28), and bullseye — DLA-4606-1 (linux 5.10.257-1) and DLA-4607-1 (linux-6.1 6.1.174-1~deb11u1) published.
• Proxmox: PSA-2026-00019-2 (2026-05-08) — fixed for CVE-2026-43284/43500. PSA-2026-00020-1 (2026-05-18) — fixed for CVE-2026-46300 (Fragnesia): proxmox-kernel-6.17.13-8-pve / 6.14.11-9-pve (PVE 9, Trixie-based) and proxmox-kernel-6.8.12-24-pve / 6.14.11-9-pve-bpo12 (PVE 8, Bookworm-based).
• NixOS: Channel pins re-verified via per-channel git-revision pointer and local nixpkgs clone. nixos-unstable-small and nixos-25.11-small are both at 7.0.11 / 6.18.34 / 6.12.92 (unstable-small bump commits 3e9caa186f62 / 28254d87ca1a / 221fae9c48d2, 2026-06-01; 25.11-small bump commits 935feb016cc2 / d87275b816f6 / a430b4f7abc6, 2026-06-01); the two remaining channels (nixos-unstable, nixos-25.11) remain at 7.0.10 / 6.18.33 / 6.12.91. All four channels remain fixed for CVE-2026-43284/43500 and CVE-2026-46300.
• Rocky Linux / Red Hat:
  • Current-stream and EUS-stream RHSAs shipped 2026-05-11 / 2026-05-12; Rocky RLSAs followed 2026-05-14 — see Rocky table.
  • CVE-2026-43500 not explicitly cited in the RHEL 10 advisory text, but likely addressed per AlmaLinux precedent.
  • CVE-2026-46300 (Fragnesia): Red Hat shipped RHSA-2026:19666 (RHEL 8, kernel-4.18.0-553.125.1.el8_10), RHSA-2026:19664 (RHEL 8 NFV/RT), RHSA-2026:19568 (RHEL 9, kernel-5.14.0-687.10.1.el9_8), and RHSA-2026:19569 (RHEL 10, kernel-6.12.0-211.16.1.el10_2) on 2026-05-20. Rocky Linux 8 followed with RLSA-2026:19666 and RLSA-2026:19664 on 2026-05-23. Rocky Linux 9 followed with RLSA-2026:19568 (kernel-5.14.0-687.10.1.el9_8.0.1, 2026-05-28) and Rocky Linux 10 with RLSA-2026:19569 (kernel-6.12.0-211.16.1.el10_2.0.1, 2026-05-29).
  • Layered RHSAs for OpenShift (RHSA-2026:16155/16157/16160/16161/ 16171/16176/16180 for OCP 4.12–4.21) and the NVIDIA driver on RHEL 10 (RHSA-2026:17795) cover the same kernel issue in container runtimes; not tracked separately.
• AlmaLinux: Production fixes shipped 2026-05-08 for all supported releases; AL10 (kernel-6.12.0-124.55.2.el10_1) ships both fixes, implying an EL-side cherry-pick of 24481a7f5733 ahead of upstream 6.12.y stable.
• Amazon Linux: AL2023 (ALAS2023-2026-1693/1694/1695) and AL2 (ALAS2-2026-3302 plus ALAS2KERNEL extras) fixed 2026-05-09 — xfrm-ESP only; AL2 5.10/5.15 streams predate RxRPC. CVE-2026-46300 (Fragnesia): All AL2023 and AL2 streams fixed 2026-05-15 — AL2023: ALAS2023-2026-1710/1708/1709; AL2: ALAS2-2026-3307 plus ALAS2KERNEL-5.4-2026-122/ALAS2KERNEL-5.10-2026-119/ALAS2KERNEL-5.15-2026-103.

Threat intelligence

• CISA KEV: not listed (catalog v2026.06.03, 1611 entries).
• CISA ADP SSVC (2026-05-08, xfrm-ESP): Exploitation=poc, Automatable=no, Technical Impact=total.
• EPSS: 0.3845 (percentile 97.32; first scored 2026-05-31).

Dirty Frag variants

Both upstream variant fix commits are now in all current stable point releases, verified against the local stable clone:

• CVE-2026-46300 (Fragnesia): fix f84eca581739 — first in stable as v7.0.10, v6.18.33, v6.12.91, v6.6.141, v6.1.174, v5.15.208, v5.10.257.
• Four further variants: fix 48f6a5356a33 — same releases as above.

Debian sid (7.0.9-1), forky (7.0.9-1), trixie (6.12.90-1), bookworm (DSA-6306-1, linux 6.1.174-1, 2026-05-28), and bullseye (DLA-4606-1 linux 5.10.257-1; DLA-4607-1 linux-6.1 6.1.174-1~deb11u1) have shipped packages with the variant fixes. Proxmox fixed in PSA-2026-00020-1 (2026-05-18; proxmox-kernel-6.17.13-8-pve / 6.8.12-24-pve). Red Hat / Rocky Linux 8 fixed in RHSA/RLSA-2026:19666 (2026-05-20/23). Rocky Linux 9 fixed in RLSA-2026:19568 (2026-05-28; kernel-5.14.0-687.10.1.el9_8.0.1). Rocky Linux 10 fixed in RLSA-2026:19569 (2026-05-29; kernel-6.12.0-211.16.1.el10_2.0.1). NixOS nixos-unstable-small, nixos-25.11-small, and nixos-25.11 have shipped the variant fixes (7.0.10 / 6.18.33 / 6.12.91) since 2026-05-23; nixos-unstable followed on 2026-05-26. All four tracked NixOS channels are now fixed. Amazon Linux published CVE-2026-46300 fixes on 2026-05-15: AL2023 via ALAS2023-2026-1710/1708/1709, AL2 via ALAS2-2026-3307 plus ALAS2KERNEL extras (5.4/5.10/5.15).

References