Security

// CVE analyses · Linux kernel vulnerabilities · mitigations

DirtyFrag — Universal Linux LPE
Critical · No Patch
Two chained kernel bugs (xfrm-ESP since 2017, RxRPC since 2023) enable deterministic root access on all major Linux distributions. No CVE, no official patch.
May 8, 2026 · esp4 · esp6 · rxrpc · xfrm · LPE
CVE-2026-31431 — CopyFail
Patched
Local privilege escalation in the Linux kernel via AF_ALG socket + splice(): controlled 4-byte write into the page cache. Present since 2017, disclosed April 29, 2026.
April 30, 2026 · CVE-2026-31431 · AF_ALG · algif_aead · LPE

martin-ehrentraut.de