Critical Linux Kernel Flaws Enable Local Privilege Escalation and Container Escape
Ubuntu has released multiple security patches addressing severe vulnerabilities in the Linux kernel, including the "Copy Fail," "Dirty Frag," and "Fragnesia" flaws that allow local attackers to escalate privileges or escape containers. The vulnerabilities affect cryptographic operations, socket buffer handling, and networking subsystems across multiple kernel versions.
TL;DR
- Three named vulnerability families (Copy Fail, Dirty Frag, Fragnesia) enable local privilege escalation and container escape via kernel flaws
- Copy Fail (CVE-2026-31431) affects the algif_aead cryptographic module's in-place operation handling
- Dirty Frag (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000) exploits shared page fragment logic flaws in XFRM ESP-in-TCP and RxRPC subsystems
- Fragnesia (CVE-2026-43503, CVE-2026-46300) targets XFRM ESP-in-TCP socket buffer fragment handling
- Additional vulnerabilities in packet sockets, RDS protocol, TLS, and ptrace subsystem require immediate patching across Ubuntu variants
Ubuntu has released a coordinated set of security advisories addressing multiple critical vulnerabilities in the Linux kernel that could allow local attackers to escalate privileges or escape containerized environments. The vulnerabilities span cryptographic operations, network packet handling, and core kernel subsystems, affecting standard Ubuntu installations as well as specialized variants including Azure FIPS, Raspberry Pi, and other kernel flavors.
The vulnerabilities have been assigned distinct names reflecting their attack vectors: "Copy Fail" targets in-place cryptographic operations, "Dirty Frag" exploits shared page fragment handling in network protocols, and "Fragnesia" affects socket buffer fragment processing in the XFRM subsystem. A race condition in the ptrace subsystem also poses information disclosure risks. These flaws require immediate kernel updates to mitigate local attack scenarios.
Copy Fail: Cryptographic Module Vulnerability
- CVE-2026-31431 affects the algif_aead module's handling of in-place cryptographic operations
- Local attackers can exploit improper operation handling to escalate privileges or escape containers
- Impacts all affected Ubuntu kernel variants including standard, Azure FIPS, and Raspberry Pi builds
Dirty Frag: Shared Page Fragment Logic Flaws
- CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000 represent related flaws in socket buffer fragment processing
- Logic errors in XFRM ESP-in-TCP subsystem and RxRPC networking subsystem when handling paged fragments
- Local attackers can trigger privilege escalation or container escape through crafted socket operations
Fragnesia: XFRM ESP-in-TCP Fragment Handling
- CVE-2026-43503 and CVE-2026-46300 target logic flaws in XFRM ESP-in-TCP socket buffer fragment handling
- Distinct from Dirty Frag but related to similar attack surface in network protocol processing
- Enables local privilege escalation and container escape scenarios
Additional Kernel Subsystem Vulnerabilities
- Packet socket vulnerabilities (CVE-2026-31504) affect network packet processing
- RDS protocol flaws (CVE-2026-43494) impact reliable datagram socket operations
- TLS protocol and cryptographic API issues (CVE-2026-31533, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078) affect secure communications
- ptrace race condition (CVE-2026-46333) allows unprivileged users to expose sensitive information during privileged process exit
- Network driver and IPv4 networking flaws also addressed in comprehensive patch set
Affected Systems and Patch Availability
- Vulnerabilities affect multiple Ubuntu kernel variants: standard, Azure FIPS, Raspberry Pi, and others
- Security updates released through USN advisories USN-8388-1 through USN-8393-1
- Organizations should prioritize kernel updates for systems with local user access or container workloads
- Container environments face elevated risk due to escape potential; immediate patching recommended
Sources
- USN-8393-1: Linux kernel (Azure FIPS) vulnerabilities
- USN-8392-1: Linux kernel vulnerabilities
- USN-8391-1: Linux kernel (Raspberry Pi) vulnerabilities
- USN-8390-1: Linux kernel vulnerability
- USN-8389-1: Linux kernel vulnerabilities
- USN-8388-1: Linux kernel vulnerabilities
- USN-8361-2: Linux kernel (FIPS) vulnerability
Sources
- USN-8393-1: Linux kernel (Azure FIPS) vulnerabilities
- USN-8392-1: Linux kernel vulnerabilities
- USN-8391-1: Linux kernel (Raspberry Pi) vulnerabilities
- USN-8390-1: Linux kernel vulnerability
- USN-8389-1: Linux kernel vulnerabilities
- USN-8388-1: Linux kernel vulnerabilities
- USN-8361-2: Linux kernel (FIPS) vulnerability
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.