Fragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel
摘要
This is an ongoing issue. Information is subject to change. Please refer to our Security Bulletin (ID: 2026-030-AWS) for the most updated patching information.
正文
Bulletin ID: 2026-029-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/13/2026 18:45 PM PDT This is an ongoing issue. Information is subject to change. Please refer to our Security Bulletin (ID: 2026-030-AWS) for the most updated patching information. Description: Amazon is aware of CVE-2026-46300, a report of an additional privilege escalation issue in the Linux kernel related to the DirtyFrag, copy.fail class of issues (CVE-2026-43284). The proof of concept uses a vector via the loadable module espintcp. Amazon Linux does not provide this module, and is not affected. As defense in depth we will include a correctness patch to the core networking code to harden against possible similar issues in network protocol implementations that rely on this behavior.
标签
- bulletin:2026-029-aws
- severity:important-requires-attention
- vendor:aws
扩展字段
{
"author": "[email protected]",
"bulletin_id": "2026-029-AWS",
"content_type": "Important (requires attention)",
"details": {
"Bulletin ID": "2026-029-AWS",
"Content Type": "Important (requires attention)",
"Publication Date": "05/13/2026 18:45 PM PDT",
"Scope": "AWS"
},
"publication_detail": "05/13/2026 18:45 PM PDT",
"scope": "AWS"
}