Our team has reviewed the PoC and confirmed it does not work against systems that have applied a patched kernel from any of the three streams below. Customers who are already patched require no additional action.
Posted May 19, 2026 - 20:44 UTC
Update
Patched kernels are available in the AlmaLinux stable repository. Target versions: CL9 / AlmaLinux 9: kernel-5.14.0-611.54.3.el9_7 or newer CL10 / AlmaLinux 10: kernel-6.12.0-124.55.2.el10_1 or newer
Patched kernels for CL7h and CL8 are now available in the beta channel. Target versions: CL7h: kernel-4.18.0-553.123.2.lve.el7h or newer CL8: kernel-4.18.0-553.123.2.lve.el8 or newer
Posted May 08, 2026 - 18:22 UTC
Update
KernelCare patches are actively deploying. Rollout is in progress for the following distros (signed versions included):
Dirty Frag [CVE Pending] is a Linux kernel local privilege escalation in the xfrm subsystem. The flaw lives in the ESP-in-UDP MSG_SPLICE_PAGES no-COW fast path and is reachable via the XFRM user netlink interface, which auto-loads the relevant modules. A working public proof-of-concept exists; any unprivileged local user can use it to gain root in a single command.