CVE-2026-46243
Actively exploited. CVE-2026-46243 is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild, and US federal agencies are required to remediate it under BOD 22-01. Treat patching as urgent.
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - SCSI subsystem; - Thermal drivers; - USB over IP driver; - Network file system (NFS) server daemon; - SMB network file system; - Tracing infrastructure; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Ceph Core library; - DCCP (Datagram Congestion Control Protocol); - IPv4 networking; - IPv6 networking; - Netfilter; - RxRPC session sockets; - X.25 network layer; (CVE-2021-47202, CVE-2024-56643, CVE-2026-23272, CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637, CVE-2026-31659, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414, CVE-2026-45988, CVE-2026-46043, CVE-2026-46119, CVE-2026-46243)
CSIRTS triage
- What
- Multiple vulnerabilities in the Linux kernel could allow local attackers to escalate privileges or escape containers.
- Who is affected
- Local attackers on systems running the affected Linux kernel.
- Urgency
- Remediation is urgent due to the potential for privilege escalation and confirmed exploitation status.
- Action
- Apply the latest security updates for the Linux kernel.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-46243
Get an email if CVE-2026-46243 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Exploitation confirmedAlready exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 27% of all EPSS-scored CVEs.
Advisory coverage (12)
- medium[UPDATE] [medium] Linux Kernel: Vulnerability allows privilege escalationcert-bund · 2026-07-10
- unknownUSN-8530-1: Linux kernel (AWS) vulnerabilitiesubuntu · 2026-07-10
- unknownUSN-8529-1: Linux kernel vulnerabilitiesubuntu · 2026-07-10
- unknownexploitedUSN-8528-1: Linux kernel (Xilinx ZynqMP) vulnerabilitiesubuntu · 2026-07-10
- unknownUSN-8527-1: Linux kernel (Raspberry Pi) vulnerabilitiesubuntu · 2026-07-10
- unknownUSN-8492-5: Linux kernel (FIPS) vulnerabilitiesubuntu · 2026-07-10
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)cert-fr-avis · 2026-07-10
- unknownUSN-8492-4: Linux kernel (Raspberry Pi) vulnerabilitiesubuntu · 2026-07-09
- unknownUSN-8490-2: Linux kernel (Raspberry Pi) vulnerabilitiesubuntu · 2026-07-09
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 3, 2026)cert-fr-avis · 2026-07-03
- unknownRedHat Linux Kernel Multiple Vulnerabilitieshkcert · 2026-07-02
- highCVE-2026-46243: smb: client: reject userspace cifs.spnego descriptionsmsrc · 2026-06-09
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-46243)