← Back to blog

Linux Kernel Patch Wave Addresses Cryptography, Networking, and Privilege Escalation Flaws

Ubuntu has released multiple kernel security updates addressing critical vulnerabilities including Copy Fail (algif_aead), Dirty Frag (socket buffer handling), and Fragnesia (XFRM ESP-in-TCP). These flaws allow local attackers to escalate privileges or escape containers.

TL;DR

  • Copy Fail (CVE-2026-31431): algif_aead module fails to properly handle in-place cryptographic operations, enabling privilege escalation and container escape
  • Dirty Frag: Logic flaws in XFRM ESP-in-TCP and RxRPC subsystems when processing paged socket buffer fragments allow local privilege escalation
  • Fragnesia (CVE-2026-43503, CVE-2026-46300): XFRM ESP-in-TCP socket buffer fragment handling flaw enables privilege escalation and container escape
  • EntrySign (CVE-2024-36347): AMD Zen processors do not properly verify CPU microcode signatures, risking malicious microcode injection
  • Multiple kernel subsystems patched across cryptographic API, packet sockets, network drivers, and OverlayFS with varying severity levels

Ubuntu has issued a coordinated series of kernel security updates addressing multiple high-impact vulnerabilities discovered across cryptographic, networking, and CPU microcode verification subsystems. The patches consolidate fixes for at least three distinct vulnerability families—Copy Fail, Dirty Frag, and Fragnesia—each capable of enabling local privilege escalation or container escape on affected systems.

These vulnerabilities span kernel modules responsible for cryptographic operations, socket buffer management, and network protocol handling. System administrators should prioritize applying these updates to prevent unauthorized privilege escalation and lateral movement within containerized environments.

The updates also address EntrySign, a CPU microcode verification flaw affecting AMD Zen processors, alongside additional flaws in OverlayFS, network drivers, and other kernel subsystems.

Copy Fail: Cryptographic Operation Flaw

  • CVE-2026-31431 affects the algif_aead module's handling of in-place cryptographic operations
  • Local attackers can exploit improper operation handling to escalate privileges or escape containers
  • Impacts systems relying on kernel-level cryptographic acceleration

Dirty Frag and Fragnesia: Socket Buffer Fragment Handling

  • Dirty Frag: Logic flaws in XFRM ESP-in-TCP and RxRPC subsystems when processing paged socket buffer fragments (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000)
  • Fragnesia: Separate logic flaw in XFRM ESP-in-TCP socket buffer fragment handling (CVE-2026-43503, CVE-2026-46300)
  • Both enable local privilege escalation and container escape via improper fragment processing
  • Affects encrypted tunnel protocols and network packet handling

EntrySign: CPU Microcode Verification Bypass

  • CVE-2024-36347 affects AMD Zen processors' failure to properly verify CPU microcode signatures
  • Privileged attackers could load malicious microcode, compromising system integrity and confidentiality
  • Discovered by researchers including Tavis Ormandy and Matteo Rizzo

Additional Kernel Subsystem Fixes

  • OverlayFS permission check flaws (CVE-2023-2640, CVE-2023-32629) allowing privilege escalation
  • Packet socket vulnerabilities (CVE-2026-31504, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078, CVE-2026-46028)
  • ptrace race condition (CVE-2026-46333) enabling information disclosure
  • Flaws in network drivers, NVME drivers, SMB file system, Netfilter, and io_uring subsystem

Sources

Sources

Security email updates

One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.

Linux Kernel Patch Wave Addresses Cryptography, Networking, and Privilege Escalation Flaws — Agent Breach Blog | Agent Breach