USN-8388-1

Advisory lineage Upstream: 12 Downstream: 0
Published: 04 Jun 2026, 21:03
Last modified:05 Jun 2026, 03:18

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

04 Jun 2026, 21:03
Published
Vulnerability first disclosed
05 Jun 2026, 03:18
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-fips, linux-gcp, linux-gcp-5.15, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-kvm, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux-realtime vulnerabilities It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RDS protocol; (CVE-2026-43494)

Affected Systems

  • ubuntulinux

    < 5.15.0-181.191

  • ubuntulinux-aws

    < 5.15.0-1109.116

  • ubuntulinux-aws-5.15

    < 5.15.0-1109.116~20.04.1

  • ubuntulinux-aws-fips

    < 5.15.0-1109.116+fips1

  • ubuntulinux-fips

    < 5.15.0-181.191+fips1

  • ubuntulinux-gcp

    < 5.15.0-1109.118

  • ubuntulinux-gcp-5.15

    < 5.15.0-1109.118~20.04.1

  • ubuntulinux-gcp-fips

    < 5.15.0-1109.118+fips1

  • ubuntulinux-gke

    < 5.15.0-1105.111

  • ubuntulinux-gkeop

    < 5.15.0-1092.100

  • ubuntulinux-hwe-5.15

    < 5.15.0-181.191~20.04.1

  • ubuntulinux-ibm

    < 5.15.0-1103.106

  • ubuntulinux-ibm-5.15

    < 5.15.0-1103.106~20.04.1

  • ubuntulinux-intel-iot-realtime

    < 5.15.0-1101.103

  • ubuntulinux-intel-iotg

    < 5.15.0-1104.110

  • ubuntulinux-kvm

    < 5.15.0-1101.106

  • ubuntulinux-nvidia

    < 5.15.0-1104.105

  • ubuntulinux-nvidia-tegra

    < 5.15.0-1061.61

  • ubuntulinux-nvidia-tegra-5.15

    < 5.15.0-1061.61~20.04.1

  • ubuntulinux-nvidia-tegra-igx

    < 5.15.0-1050.50

  • ubuntulinux-oracle

    < 5.15.0-1106.112

  • ubuntulinux-raspi

    < 5.15.0-1103.106

  • ubuntulinux-realtime

    < 5.15.0-1108.117

References (7)