Critical Linux Kernel Flaws Enable Privilege Escalation and Container Escape
Ubuntu has released multiple security patches addressing severe Linux kernel vulnerabilities collectively known as Dirty Frag and Fragnesia, which allow local attackers to escalate privileges or escape containers. The flaws affect socket buffer operations and cryptographic subsystems across multiple kernel versions.
TL;DR
- Dirty Frag and Fragnesia logic flaws in XFRM ESP-in-TCP and RxRPC subsystems enable privilege escalation and container escape via shared page fragment mishandling
- Copy Fail vulnerability in algif_aead module improperly handles in-place cryptographic operations, allowing local privilege escalation
- ptrace race condition discovered by Qualys permits unprivileged attackers to expose sensitive information during privileged process exit
- AppArmor notification memory leak in kernels 6.8, 6.17, and 7.0 can be exploited for resource exhaustion attacks
- All vulnerabilities require local access but pose significant risk in multi-tenant and containerized environments
Ubuntu has released urgent security updates addressing multiple critical vulnerabilities in the Linux kernel that could allow local attackers to escalate privileges or escape container isolation. The flaws span cryptographic operations, network subsystems, and process management, affecting kernel versions 6.8, 6.17, and 7.0.
These vulnerabilities are particularly concerning for cloud and containerized deployments where multiple tenants or workloads share kernel resources. Attackers with local access can exploit logic flaws in socket buffer handling and race conditions to gain elevated privileges or break out of container boundaries.
Ubuntu has released patches across multiple kernel versions (USN-8370-1, USN-8371-1, USN-8373-1, and USN-8374-1) to address these issues. System administrators should prioritize applying these updates to affected systems.
Dirty Frag and Fragnesia: Socket Buffer Logic Flaws
- Dirty Frag (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000) involves improper handling of shared page fragments during socket buffer operations
- Affects both XFRM ESP-in-TCP and RxRPC networking subsystems when processing paged fragments
- Fragnesia (CVE-2026-43503, CVE-2026-46300) is a related logic flaw in XFRM ESP-in-TCP subsystem handling of socket buffer fragments
- Local attackers can exploit these flaws to escalate privileges or escape container isolation
Cryptographic and Process Management Vulnerabilities
- Copy Fail (CVE-2026-31431) in algif_aead module fails to properly handle in-place cryptographic operations, enabling privilege escalation
- ptrace race condition (CVE-2026-46333) discovered by Qualys allows unprivileged attackers to expose sensitive information when privileged processes exit
- AppArmor notification memory leak (CVE-2026-47326) in kernels 6.8, 6.17, and 7.0 can be weaponized for resource exhaustion attacks
Impact and Mitigation
- All vulnerabilities require local system access but pose severe risk in multi-tenant cloud environments and containerized deployments
- Container escape capability makes these flaws critical for organizations running untrusted workloads
- Ubuntu has released coordinated patches across multiple kernel versions; immediate patching is recommended
- Organizations should prioritize updates for systems hosting containers or supporting multi-tenant workloads
Sources
Sources
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.