Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch Release
Summary
Hide ▲
Show ▼
Major Linux distributions are rolling out fixes for Dirty Frag, the Linux kernel patch release that covers CVE-2026-43284 and CVE-2026-43500. The update matters because the chained flaws can enable local privilege escalation and lead to root privileges on vulnerable systems.
Related Happenings
Progress LoadMaster CVE-2026-8037 patch release
Security Patch Release
H score52
First: 30.06.2026 10:38
Last: 30.06.2026 10:38
Sources 1
About this happening:
**Progress** published fixed **LoadMaster** versions for **CVE-2026-8037**, closing a **pre-auth root command execution** path on appliances with the API enabled. Administrators r...
Progress LoadMaster CVE-2026-8037 patch release
Security Patch ReleaseAbout this happening: **Progress** published fixed **LoadMaster** versions for **CVE-2026-8037**, closing a **pre-auth root command execution** path on appliances with the API enabled. Administrators r...
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch Release
H score34
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch ReleaseAbout this happening: **Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Ubiquiti UniFi OS security patch release for CVE-2026-34908/34909/34910
Security Patch Release
H score53
First: 24.06.2026 20:19
Last: 24.06.2026 20:19
Sources 1
About this happening:
Ubiquiti released **UniFi OS** patches for **CVE-2026-34908**, **CVE-2026-34909**, and **CVE-2026-34910**, closing three maximum-severity defects tied to **in-the-wild exploitatio...
Ubiquiti UniFi OS security patch release for CVE-2026-34908/34909/34910
Security Patch ReleaseAbout this happening: Ubiquiti released **UniFi OS** patches for **CVE-2026-34908**, **CVE-2026-34909**, and **CVE-2026-34910**, closing three maximum-severity defects tied to **in-the-wild exploitatio...
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch Release
H score46
First: 17.06.2026 13:09
Last: 17.06.2026 13:09
Sources 1
About this happening:
**JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch ReleaseAbout this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
Fortinet security patch release for CVE-2026-39813
Security Patch Release
H score41
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet security patch release for CVE-2026-39813
Security Patch ReleaseAbout this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Timeline
-
11.05.2026 17:30 1 articles · 1mo ago
Hyunwoo Kim notifies Linux kernel security team about Dirty Frag
Initial DisclosureHyunwoo Kim contacted the Linux kernel security team on April 30, 2026 about Dirty Frag, a Linux kernel local privilege escalation flaw that could let a local attacker gain root privileges on vulnerable Linux distributions.
Show sources
- Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities — www.infosecurity-magazine.com — 11.05.2026 17:30
-
11.05.2026 17:30 2 articles · 1mo ago
Dirty Frag is publicly released and Linux distributions start patching
Mitigation Patch UpdateOn May 8, 2026, the disclosure embargo for Dirty Frag broke, prompting Kim to publicly release the Dirty Frag document and a proof-of-concept exploit. The Linux kernel security team disclosed CVE-2026-43284 in xfrm-ESP (IPsec) and CVE-2026-43500 in RxRPC, Linux distribution maintainers began progressively releasing patches, Microsoft Defender Security Research Team reported limited in-the-wild activity involving 'su', and Wiz shared mitigation steps.
Show sources
- Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities — www.infosecurity-magazine.com — 11.05.2026 17:30
- Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities — www.infosecurity-magazine.com — 11.05.2026 17:30