← Back to blog

Critical Linux Kernel Vulnerabilities Span Networking, Crypto, and Container Escape

Ubuntu has released multiple security advisories addressing dozens of Linux kernel vulnerabilities affecting networking, cryptography, and core subsystems. Several flaws enable local privilege escalation and container escape, requiring immediate patching across affected systems.

TL;DR

  • Fragnesia (CVE-2026-43503) and Dirty Frag (CVE-2026-43284, CVE-2026-43500) logic flaws in XFRM ESP-in-TCP and RxRPC subsystems allow local privilege escalation and container escape
  • Copy Fail (CVE-2026-31431) in algif_aead module improperly handles in-place cryptographic operations, enabling privilege escalation
  • Ptrace race condition (CVE-2026-46333) and AppArmor notification memory leak (CVE-2026-47326) expose sensitive data and enable resource exhaustion
  • Patches address 50+ CVEs across USB, NFS, SMB, Netfilter, IPv4/IPv6, InfiniBand, NVME, SCSI, and other critical kernel subsystems
  • All Ubuntu kernel variants affected; immediate updates recommended for production systems

Ubuntu has released a coordinated set of security advisories addressing a substantial number of Linux kernel vulnerabilities spanning multiple kernel variants and architectures. The advisories collectively address over 50 distinct CVEs affecting core networking, cryptographic, and device driver subsystems.

Among the most critical findings are three named vulnerability classes: Fragnesia, Dirty Frag, and Copy Fail. These flaws introduce logic errors and race conditions in socket buffer handling and cryptographic operations that can be exploited by local attackers to escalate privileges or escape container isolation. Additional issues include information disclosure via ptrace race conditions and resource exhaustion through memory leaks in AppArmor notification handling.

The vulnerabilities affect standard Ubuntu kernels, Oracle-optimized kernels, Xilinx kernels, NVIDIA Tegra kernels, low-latency kernels, and Raspberry Pi kernels, indicating widespread exposure across diverse deployment scenarios.

Named Vulnerability Classes: Fragnesia, Dirty Frag, and Copy Fail

  • Fragnesia (CVE-2026-43503, CVE-2026-46300): Logic flaw in XFRM ESP-in-TCP subsystem when handling socket buffer fragments; enables local privilege escalation and container escape
  • Dirty Frag (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000): Improper handling of shared page fragments during socket buffer operations in XFRM ESP-in-TCP and RxRPC networking subsystems; enables privilege escalation and container escape
  • Copy Fail (CVE-2026-31431): Algif_aead module fails to properly handle in-place cryptographic operations; enables local privilege escalation and container escape

Information Disclosure and Resource Exhaustion

  • Ptrace race condition (CVE-2026-46333): Race condition in ptrace subsystem when privileged processes exit; allows unprivileged local attackers to expose sensitive information
  • AppArmor memory leak (CVE-2026-47326): Memory leak in AppArmor notification handling in Ubuntu kernels 6.8, 6.17, and 7.0; enables local resource exhaustion attacks
  • AMD floating-point divider data leak (CVE-2025-54505): AMD processors fail to clear data in floating-point divider unit during speculative execution; enables sensitive information exposure

Affected Subsystems and Components

  • Networking: IPv4, IPv6, Netfilter, RxRPC, SMB, NFS, X.25, Ethernet bridge, MAC80211, Multipath TCP, SMC sockets, Sun RPC
  • Storage and Device Drivers: USB over IP, NVME, SCSI, NTB, MTD, Rados block device, compressed RAM block device
  • Cryptography and Security: Cryptographic API, InfiniBand, IOMMU, TPM, hardware crypto device drivers
  • Architecture-specific: ARM64, MIPS, PowerPC, x86, RISC-V; platform drivers including ACPI, GPU, HID, media, and sensor subsystems

Affected Ubuntu Kernel Variants

  • Standard Ubuntu kernels (USN-8501-1, USN-8492-2)
  • Oracle-optimized kernels (USN-8493-2)
  • Xilinx kernels (USN-8499-1)
  • NVIDIA Tegra kernels (USN-8498-1)
  • Low-latency kernels (USN-8497-1)
  • Raspberry Pi kernels (USN-8488-2)

Sources

Sources

Security email updates

One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.

Critical Linux Kernel Vulnerabilities Span Networking, Crypto, and Container Escape — Agent Breach Blog | Agent Breach