USN-8390-1

Details

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container.

Affected Packages

linux-azure

Ubuntu Pro 14.04 LTS

Fixed in:

4.15.0-1202.217~14.04.1

linux

Ubuntu Pro 18.04 LTS

Fixed in:

4.15.0-251.263

linux-azure-4.15

Ubuntu Pro 18.04 LTS

Fixed in:

4.15.0-1202.217

linux-gcp-4.15

Ubuntu Pro 18.04 LTS

Fixed in:

4.15.0-1186.203

linux-kvm

Ubuntu Pro 18.04 LTS

Fixed in:

4.15.0-1175.180

linux-oracle

Ubuntu Pro 18.04 LTS

Fixed in:

4.15.0-1155.166

linux-azure-fips

Ubuntu Pro FIPS-updates 18.04 LTS

Fixed in:

4.15.0-2111.117

linux-fips

Ubuntu Pro FIPS-updates 18.04 LTS

Fixed in:

4.15.0-1148.160

linux-gcp-fips

Ubuntu Pro FIPS-updates 18.04 LTS

Fixed in:

4.15.0-2094.100

References

REPORT

https://ubuntu.com/security/CVE-2026-43284

ADVISORY

https://ubuntu.com/security/notices/USN-8390-1