Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorySuSEimportantSUSE Linux Kernel Important Patch 2026-1778-1 CVE-2026-43284 CVE-2026-43500
An update that solves two vulnerabilities can now be installed.. # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1778-1 Release Date: 2026-05-08T15:20:23Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Real Time Module 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix the following issue: This fixes the DirtyFrag issues: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). * CVE-2026-43500: rxrpc and afs modules are disabled (bsc#1264450) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1778=1 * SUSE Real Time Module 15-SP7 zypper in -t patch SUSE-SLE-Module-RT-15-SP7-2026-1778=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_13-debugsource-1-150700.1.3.1 * kernel-livepatch-6_4_0-150700_7_44-rt-1-150700.1.3.1 * kernel-livepatch-6_4_0-150700_7_44-rt-debuginfo-1-150700.1.3.1 * SUSE Real Time Module 15-SP7 (x86_64) *kernel-rt-debuginfo-6.4.0-150700.7.44.1 * ocfs2-kmp-rt-debuginfo-6.4.0-150700.7.44.1 * kernel-rt-devel-6.4.0-150700.7.44.1 * cluster-md-kmp-rt-6.4.0-150700.7.44.1 * ocfs2-kmp-rt-6.4.0-150700.7.44.1 * dlm-kmp-rt-debuginfo-6.4.0-150700.7.44.1 * gfs2-kmp-rt-debuginfo-6.4.0-150700.7.44.1 * cluster-md-kmp-rt-debuginfo-6.4.0-150700.7.44.1 * kernel-rt-debugsource-6.4.0-150700.7.44.1 * kernel-rt-devel-debuginfo-6.4.0-150700.7.44.1 * gfs2-kmp-rt-6.4.0-150700.7.44.1 * dlm-kmp-rt-6.4.0-150700.7.44.1 * kernel-syms-rt-6.4.0-150700.7.44.1 * SUSE Real Time Module 15-SP7 (noarch) * kernel-source-rt-6.4.0-150700.7.44.1 * kernel-devel-rt-6.4.0-150700.7.44.1 * SUSE Real Time Module 15-SP7 (nosrc x86_64) * kernel-rt-6.4.0-150700.7.44.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 . Resolve important kernel vulnerabilities for SUSE Linux Enterprise with this update. Reboot recommended post installation for effect.. SUSE, kernel update, security patches, Linux vulnerabilities, real time module. . Severity: Important. LinuxSecurity.com Team
May 08, 2026
•Important
SuSE
89
security advisoryfedoralocal privilege escalationFedora 43 Kernel Update 2026-abc00fb4e8 Fixes Dirtyfrag Important Exploit
The 7.0.4 stable kernel rebase contains additional hardware support, new features, and a number of important fixes across the tree. It also contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500. For users who experience a problem with the 7.0.4 rebase, a build of 6.19.14 with just the dirtyfrag fixes should be available in koji. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-abc00fb4e8 2026-05-08 19:57:57.884186+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 43 Version : 7.0.4 Release : 100.fc43 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.0.4 stable kernel rebase contains additional hardware support, new features, and a number of important fixes across the tree. It also contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500. For users who experience a problem with the 7.0.4 rebase, a build of 6.19.14 with just the dirtyfrag fixes should be available in koji shortly. -------------------------------------------------------------------------------- ChangeLog: * Thu May 7 2026 Justin M. Forbes [7.0.4-100] - xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (Hyunwoo Kim) * Thu May 7 2026 Justin M. Forbes [7.0.4-0] - wifi: mt76: mt7925: fix incorrect TLV length in CLC command (Quan Zhou) - ASoC: SOF: Don't allow pointer operations on unconfigured streams (Mark Brown) - Turn on DVB_PT3 for Fedora at user request (Justin M. Forbes) - Enable MEDIA_TUNER_MXL301RF for Fedora (Justin M. Forbes) - mfd: bcm2835-pm: Add BCM2712 PM device support (Phil Elwell) - mfd: bcm2835-pm: Introduce SoC-specific type identifier(Phil Elwell) - Linux v7.0.4 * Thu Apr 30 2026 Justin M. Forbes [7.0.3-0] - Linux v7.0.3 * Mon Apr 27 2026 Justin M. Forbes [7.0.2-0] - drm/v3d: Reject empty multisync extension to prevent infinite loop (Ashutosh Desai) - net: macb: Use napi_schedule_irqoff() in IRQ handler (Kevin Hao) - net: macb: Use netif_napi_add_tx() instead of netif_napi_add() for TX NAPI (Kevin Hao) - net: macb: Remove dedicated IRQ handler for WoL (Kevin Hao) - net: macb: Factor out the handling of non-hot IRQ events into a separate function (Kevin Hao) - net: macb: Introduce macb_queue_isr_clear() helper function (Kevin Hao) - net: macb: Replace open-coded implementation with napi_schedule() (Kevin Hao) - net: macb: fix use of at91_default_usrio without CONFIG_OF (Conor Dooley) - net: macb: drop usrio pointer on EyeQ5 config (Tho Lebrun) - net: macb: set MACB_CAPS_USRIO_DISABLED if no usrio config is provided (Tho Lebrun) - net: macb: runtime detect MACB_CAPS_USRIO_DISABLED (Tho Lebrun) - net: macb: timer adjust mode is not supported (Conor Dooley) - net: macb: clean up tsu clk rate acquisition (Conor Dooley) - net: macb: warn on pclk use as a tsu_clk fallback (Conor Dooley) - net: macb: add mpfs specific usrio configuration (Conor Dooley) - net: macb: np4 doesn't need a usrio pointer (Conor Dooley) - net: macb: rework usrio refclk selection code (Conor Dooley) - net: macb: split USRIO_HAS_CLKEN capability in two (Conor Dooley) - net: macb: rename macb_default_usrio to at91_default_usrio as not all platforms have mii mode control in usrio (Conor Dooley) - Revert "net: macb: Clean up the .usrio settings in macb_config instances" (Conor Dooley) - net: macb: add support for Microchip pic64hpsc ethernet endpoint (Charles Perry) - net: macb: add safeguards for jumbo frame larger than 10240 (Charles Perry) - net: macb: set default_an_inband to true for SGMII (Charles Perry) - net: macb: Clean up the .usrio settings in macb_config instances (Kevin Hao) - net: macb: Clean up the .init settings in macb_config instances (Kevin Hao) - net:macb: Clean up the .clk_init setting in the macb_config instances (Kevin Hao) - net: cadence: macb: enable EEE for Mobileye EyeQ5 (Nicolai Buchwitz) - net: cadence: macb: enable EEE for Raspberry Pi RP1 (Nicolai Buchwitz) - net: cadence: macb: add ethtool EEE support (Nicolai Buchwitz) - net: cadence: macb: implement EEE TX LPI support (Nicolai Buchwitz) - net: cadence: macb: add EEE LPI statistics counters (Nicolai Buchwitz) - net: macb: use ethtool_sprintf to fill ethtool stats strings (Sean Chang) - net: macb: add the .pcs_inband_caps() callback for SGMII (Charles Perry) - net: macb: add support for reporting SGMII inband link status (Charles Perry) - net: macb: fix SGMII with inband aneg disabled (Charles Perry) - net: cadence: macb: add ethtool nway_reset support (Nicolai Buchwitz) - ARM: dts: broadcom: bcm2835-rpi: Move non simple-bus nodes to root level (Rob Herring (Arm)) - arm64: dts: broadcom: bcm2712: Move non simple-bus nodes to root level (Rob Herring (Arm)) - arm64: dts: broadcom: bcm2712-d-rpi-5-b: update uart10 interrupt (Gregor Herburger) - arm64: dts: broadcom: bcm2712-d-rpi-5-b: add fixes for pinctrl/pinctrl_aon (Gregor Herburger) - arm64: dts: broadcom: bcm2712-rpi-5-b: add pinctrl properties for csi i2cs (Gregor Herburger) - arm64: dts: broadcom: bcm2712: add camera backend node pispbe (Gregor Herburger) - arm64: dts: broadcom: rp1: add csi nodes (Gregor Herburger) - arm64: dts: broadcom: rp1: add i2c controller (Gregor Herburger) - arm64: dts: broadcom: bcm2712: Add V3D device node (Mara Canal) - arm64: dts: freescale: imx93: Add Ethos-U65 NPU and SRAM nodes (Rob Herring (Arm)) - redhat: configs: fedora: Enable AMD ISP4 MIPI camera solution (Kate Hsuan) - Documentation: add documentation of AMD isp 4 driver (Bin Du) - media: platform: amd: isp4 debug fs logging and more descriptive errors (Bin Du) - media: platform: amd: isp4 video node and buffers handling added (Bin Du) - media: platform: amd: isp4 subdev and firmware loading handling added (Bin Du) - media: platform: amd: Add isp4 fw andhw interface (Bin Du) - media: platform: amd: low level support for isp4 firmware (Bin Du) - media: platform: amd: Introduce amd isp4 capture driver (Bin Du) - Linux v7.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467807 - [Major Incident] kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2467807 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-abc00fb4e8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 43 kernel update addresses the dirtyfrag issue with important fixes enhancing system security.. Fedora 43 kernel update, dirtyfrag exploit, local privilege escalation fixes. . Severity: Important. LinuxSecurity.com Team
May 08, 2026
•Important
Fedora
89
security advisoryfedoraimportantFedora 42 Kernel Important Dirtyfrag Fix CVE-2026-43284
The 6.19.14-101 stable update contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-87dc12705e 2026-05-08 19:40:45.156117+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 42 Version : 6.19.14 Release : 101.fc42 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 6.19.14-101 stable update contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500 -------------------------------------------------------------------------------- ChangeLog: * Thu May 7 2026 Justin M. Forbes [6.19.14-101] - Revert "redhat/kernel.spec.template: Fix indentation of uki-virt generation code" (Justin M. Forbes) - Revert "redhat/kernel.spec.template: Simplify uki-virt signing" (Justin M. Forbes) - Revert "redhat/kernel.spec.template: Add kernel-uki-dtbloader sub-package" (Justin M. Forbes) - Revert "redhat/kernel.spec.template: Make -uki-dtbloader provide kernel-core-uname-r" (Justin M. Forbes) - Turn off F43 and F44 release targets (Justin M. Forbes) - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (Hyunwoo Kim) - rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets (David Howells) - rxrpc: Fix re-decryption of RESPONSE packets (David Howells) - rxrpc: Fix error handling in rxgk_extract_token() (David Howells) - rxrpc: Fix rxkad crypto unalignment handling (David Howells) - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets (David Howells) - rxrpc: Fix memory leaks in rxkad_verify_response() (David Howells) - rxrpc: Fix potential UAF after skb_unshare() failure (David Howells) - xfrm: esp: avoid in-placedecrypt on shared skb frags (Kuan-Ting Chen) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-87dc12705e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 08, 2026
•Important
Fedora
89
security advisoryfedoralocal privilege escalationFedora 44 Kernel 7.0.4 Significant Dirtyfrag Local Privilege Escalation Fix
The 7.0.4 stable kernel rebase contains additional hardware support, new features, and a number of important fixes across the tree. It also contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500. For users who experience a problem with the 7.0.4 rebase, a build of 6.19.14 with just the dirtyfrag fixes should be available in koji. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8cffa03dad 2026-05-08 19:27:40.960947+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 44 Version : 7.0.4 Release : 200.fc44 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.0.4 stable kernel rebase contains additional hardware support, new features, and a number of important fixes across the tree. It also contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500. For users who experience a problem with the 7.0.4 rebase, a build of 6.19.14 with just the dirtyfrag fixes should be available in koji shortly. -------------------------------------------------------------------------------- ChangeLog: * Thu May 7 2026 Justin M. Forbes [7.0.4-200] - xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (Hyunwoo Kim) * Thu May 7 2026 Justin M. Forbes [7.0.4-0] - wifi: mt76: mt7925: fix incorrect TLV length in CLC command (Quan Zhou) - ASoC: SOF: Don't allow pointer operations on unconfigured streams (Mark Brown) - Turn on DVB_PT3 for Fedora at user request (Justin M. Forbes) - Enable MEDIA_TUNER_MXL301RF for Fedora (Justin M. Forbes) - mfd: bcm2835-pm: Add BCM2712 PM device support (Phil Elwell) - mfd: bcm2835-pm: Introduce SoC-specific type identifier(Phil Elwell) - Linux v7.0.4 * Thu Apr 30 2026 Justin M. Forbes [7.0.3-0] - Linux v7.0.3 * Mon Apr 27 2026 Justin M. Forbes [7.0.2-0] - drm/v3d: Reject empty multisync extension to prevent infinite loop (Ashutosh Desai) - net: macb: Use napi_schedule_irqoff() in IRQ handler (Kevin Hao) - net: macb: Use netif_napi_add_tx() instead of netif_napi_add() for TX NAPI (Kevin Hao) - net: macb: Remove dedicated IRQ handler for WoL (Kevin Hao) - net: macb: Factor out the handling of non-hot IRQ events into a separate function (Kevin Hao) - net: macb: Introduce macb_queue_isr_clear() helper function (Kevin Hao) - net: macb: Replace open-coded implementation with napi_schedule() (Kevin Hao) - net: macb: fix use of at91_default_usrio without CONFIG_OF (Conor Dooley) - net: macb: drop usrio pointer on EyeQ5 config (Tho Lebrun) - net: macb: set MACB_CAPS_USRIO_DISABLED if no usrio config is provided (Tho Lebrun) - net: macb: runtime detect MACB_CAPS_USRIO_DISABLED (Tho Lebrun) - net: macb: timer adjust mode is not supported (Conor Dooley) - net: macb: clean up tsu clk rate acquisition (Conor Dooley) - net: macb: warn on pclk use as a tsu_clk fallback (Conor Dooley) - net: macb: add mpfs specific usrio configuration (Conor Dooley) - net: macb: np4 doesn't need a usrio pointer (Conor Dooley) - net: macb: rework usrio refclk selection code (Conor Dooley) - net: macb: split USRIO_HAS_CLKEN capability in two (Conor Dooley) - net: macb: rename macb_default_usrio to at91_default_usrio as not all platforms have mii mode control in usrio (Conor Dooley) - Revert "net: macb: Clean up the .usrio settings in macb_config instances" (Conor Dooley) - net: macb: add support for Microchip pic64hpsc ethernet endpoint (Charles Perry) - net: macb: add safeguards for jumbo frame larger than 10240 (Charles Perry) - net: macb: set default_an_inband to true for SGMII (Charles Perry) - net: macb: Clean up the .usrio settings in macb_config instances (Kevin Hao) - net: macb: Clean up the .init settings in macb_config instances (Kevin Hao) - net:macb: Clean up the .clk_init setting in the macb_config instances (Kevin Hao) - net: cadence: macb: enable EEE for Mobileye EyeQ5 (Nicolai Buchwitz) - net: cadence: macb: enable EEE for Raspberry Pi RP1 (Nicolai Buchwitz) - net: cadence: macb: add ethtool EEE support (Nicolai Buchwitz) - net: cadence: macb: implement EEE TX LPI support (Nicolai Buchwitz) - net: cadence: macb: add EEE LPI statistics counters (Nicolai Buchwitz) - net: macb: use ethtool_sprintf to fill ethtool stats strings (Sean Chang) - net: macb: add the .pcs_inband_caps() callback for SGMII (Charles Perry) - net: macb: add support for reporting SGMII inband link status (Charles Perry) - net: macb: fix SGMII with inband aneg disabled (Charles Perry) - net: cadence: macb: add ethtool nway_reset support (Nicolai Buchwitz) - ARM: dts: broadcom: bcm2835-rpi: Move non simple-bus nodes to root level (Rob Herring (Arm)) - arm64: dts: broadcom: bcm2712: Move non simple-bus nodes to root level (Rob Herring (Arm)) - arm64: dts: broadcom: bcm2712-d-rpi-5-b: update uart10 interrupt (Gregor Herburger) - arm64: dts: broadcom: bcm2712-d-rpi-5-b: add fixes for pinctrl/pinctrl_aon (Gregor Herburger) - arm64: dts: broadcom: bcm2712-rpi-5-b: add pinctrl properties for csi i2cs (Gregor Herburger) - arm64: dts: broadcom: bcm2712: add camera backend node pispbe (Gregor Herburger) - arm64: dts: broadcom: rp1: add csi nodes (Gregor Herburger) - arm64: dts: broadcom: rp1: add i2c controller (Gregor Herburger) - arm64: dts: broadcom: bcm2712: Add V3D device node (Mara Canal) - arm64: dts: freescale: imx93: Add Ethos-U65 NPU and SRAM nodes (Rob Herring (Arm)) - redhat: configs: fedora: Enable AMD ISP4 MIPI camera solution (Kate Hsuan) - Documentation: add documentation of AMD isp 4 driver (Bin Du) - media: platform: amd: isp4 debug fs logging and more descriptive errors (Bin Du) - media: platform: amd: isp4 video node and buffers handling added (Bin Du) - media: platform: amd: isp4 subdev and firmware loading handling added (Bin Du) - media: platform: amd: Add isp4 fw andhw interface (Bin Du) - media: platform: amd: low level support for isp4 firmware (Bin Du) - media: platform: amd: Introduce amd isp4 capture driver (Bin Du) - Linux v7.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467807 - [Major Incident] kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2467807 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8cffa03dad' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . -------------------------------------------------------------------------------- Fedora Update Notif. stable, kernel, rebase, additional, hardware, support, features, number. . Severity: Important. LinuxSecurity.com Team
May 08, 2026
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!