CVE-2026-46300 — 'Fragnesia': critical privilege escalation in ESP-in-TCP
A new Linux kernel vulnerability in the XFRM ESP-in-TCP subsystem bypasses the Dirty Frag patch and allows privilege escalation to root. CVSS 7.8. Patches available.
Read more →CVE-2026-43284 & CVE-2026-43500 — 'Dirty Frag': dual privilege escalation in the Linux kernel
Two chained vulnerabilities in the ESP/IPsec and RxRPC subsystems of the Linux kernel allow an unprivileged local user to obtain root. CVSS 7.8, active exploitation confirmed. Patches being deployed.
Read more →CVE-2026-31431 — Critical privilege escalation in the Linux kernel
A vulnerability in the Linux kernel's algif_aead module allows an unprivileged user to obtain root. CVSS 7.8, active exploitation confirmed. Patch available.
Read more →