{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Der Kernel stellt den Kern des Linux Betriebssystems dar.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Administratorrechte zu erlangen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1430 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1430.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1430 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1430" }, { "category" : "external", "summary" : "DirtyFrag GitHub vom 2026-05-07", "url" : "https://github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md" }, { "category" : "external", "summary" : "Microsoft Security Blog vom 2026-05-10", "url" : "https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-50257 vom 2026-05-10", "url" : "https://linux.oracle.com/errata/ELSA-2026-50257.html" }, { "category" : "external", "summary" : "Debian Security Advisory DSA-6253 vom 2026-05-08", "url" : "https://lists.debian.org/debian-security-announce/2026/msg00164.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2026:1778-1 vom 2026-05-08", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025946.html" }, { "category" : "external", "summary" : "Debian Security Advisory DSA-6258 vom 2026-05-09", "url" : "https://lists.debian.org/debian-security-announce/2026/msg00169.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-290 vom 2026-05-09", "url" : "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-290.html" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-50259 vom 2026-05-10", "url" : "https://linux.oracle.com/errata/ELSA-2026-50259.html" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-50258 vom 2026-05-10", "url" : "https://linux.oracle.com/errata/ELSA-2026-50258.html" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2026-87DC12705E vom 2026-05-08", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2026-87dc12705e" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-294 vom 2026-05-09", "url" : "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-294.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-293 vom 2026-05-09", "url" : "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-293.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-292 vom 2026-05-09", "url" : "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-292.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-291 vom 2026-05-09", "url" : "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-291.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-289 vom 2026-05-09", "url" : "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-289.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2026-121 vom 2026-05-09", "url" : "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2026-121.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2026-102 vom 2026-05-09", "url" : "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2026-102.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2026-118 vom 2026-05-09", "url" : "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2026-118.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS2-2026-3302 vom 2026-05-09", "url" : "https://alas.aws.amazon.com/AL2/ALAS2-2026-3302.html" }, { "category" : "external", "summary" : "Debian Security Advisory DLA-4574 vom 2026-05-09", "url" : "https://lists.debian.org/debian-lts-announce/2026/05/msg00018.html" }, { "category" : "external", "summary" : "Debian Security Advisory DLA-4572 vom 2026-05-08", "url" : "https://lists.debian.org/debian-lts-announce/2026/05/msg00016.html" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2026-ABC00FB4E8 vom 2026-05-08", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2026-abc00fb4e8" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2026-8CFFA03DAD vom 2026-05-08", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2026-8cffa03dad" }, { "category" : "external", "summary" : "QNAP Security Advisory QSA-26-17 vom 2026-05-11", "url" : "https://www.qnap.com/go/security-advisory/qsa-26-17" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16062 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16062" }, { "category" : "external", "summary" : "Microsoft Security Update Guide vom 2026-05-12", "url" : "https://msrc.microsoft.com/update-guide/" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16100 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16100" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16061 vom 2026-05-11", "url" : "https://access.redhat.com/errata/RHSA-2026:16061" }, { "category" : "external", "summary" : "Google Cloud Platform Security Bulletin GCP-2026-030 vom 2026-05-11", "url" : "https://docs.cloud.google.com/support/bulletins#gcp-2026-030" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16196 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16196" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16206 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16206" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16203 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16203" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-50260 vom 2026-05-12", "url" : "https://linux.oracle.com/errata/ELSA-2026-50260.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16195 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16195" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16201 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16201" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16202 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16202" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16204 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16204" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16312 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16312" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16314 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16314" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16328 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16328" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16254 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16254" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16155 vom 2026-05-13", "url" : "https://access.redhat.com/errata/RHSA-2026:16155" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-50262 vom 2026-05-12", "url" : "https://linux.oracle.com/errata/ELSA-2026-50262.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16161 vom 2026-05-13", "url" : "https://access.redhat.com/errata/RHSA-2026:16161" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16160 vom 2026-05-13", "url" : "https://access.redhat.com/errata/RHSA-2026:16160" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-50261 vom 2026-05-12", "url" : "https://linux.oracle.com/errata/ELSA-2026-50261.html" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-16062 vom 2026-05-13", "url" : "https://linux.oracle.com/errata/ELSA-2026-16062.html" } ], "source_lang" : "en-US", "title" : "Linux Kernel (Dirty Frag): Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten", "tracking" : { "current_release_date" : "2026-05-12T22:00:00.000+00:00", "generator" : { "date" : "2026-05-13T09:51:48.365+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2026-1430", "initial_release_date" : "2026-05-07T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-05-07T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-05-10T22:00:00.000+00:00", "number" : "2", "summary" : "Bericht zu aktiver Ausnutzung ergänzt (Microsoft Security Blog)" }, { "date" : "2026-05-11T22:00:00.000+00:00", "number" : "3", "summary" : "Neue Updates von Red Hat und Google aufgenommen" }, { "date" : "2026-05-12T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von Oracle Linux und Red Hat aufgenommen" } ], "status" : "final", "version" : "4" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Amazon Linux 2", "product" : { "name" : "Amazon Linux 2", "product_id" : "398363", "product_identification_helper" : { "cpe" : "cpe:/o:amazon:linux_2:-" } } } ], "category" : "vendor", "name" : "Amazon" }, { "branches" : [ { "category" : "product_name", "name" : "Debian Linux", "product" : { "name" : "Debian Linux", "product_id" : "2951", "product_identification_helper" : { "cpe" : "cpe:/o:debian:debian_linux:-" } } } ], "category" : "vendor", "name" : "Debian" }, { "branches" : [ { "category" : "product_name", "name" : "Fedora Linux", "product" : { "name" : "Fedora Linux", "product_id" : "74185", "product_identification_helper" : { "cpe" : "cpe:/o:fedoraproject:fedora:-" } } } ], "category" : "vendor", "name" : "Fedora" }, { "branches" : [ { "category" : "product_name", "name" : "Google Cloud Platform", "product" : { "name" : "Google Cloud Platform", "product_id" : "393401", "product_identification_helper" : { "cpe" : "cpe:/a:google:cloud_platform:-" } } } ], "category" : "vendor", "name" : "Google" }, { "branches" : [ { "branches" : [ { "category" : "product_version", "name" : "azl3", "product" : { "name" : "Microsoft Azure Linux azl3", "product_id" : "T049210", "product_identification_helper" : { "cpe" : "cpe:/o:microsoft:azure_linux:azl3" } } } ], "category" : "product_name", "name" : "Azure Linux" } ], "category" : "vendor", "name" : "Microsoft" }, { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<=7.0.4", "product" : { "name" : "Open Source Linux Kernel <=7.0.4", "product_id" : "T053686" } }, { "category" : "product_version_range", "name" : "<=7.0.4", "product" : { "name" : "Open Source Linux Kernel <=7.0.4", "product_id" : "T053686-fixed" } }, { "category" : "product_version_range", "name" : "<6.6.138", "product" : { "name" : "Open Source Linux Kernel <6.6.138", "product_id" : "T053694" } }, { "category" : "product_version", "name" : "6.6.138", "product" : { "name" : "Open Source Linux Kernel 6.6.138", "product_id" : "T053694-fixed", "product_identification_helper" : { "cpe" : "cpe:/o:linux:linux_kernel:6.6.138" } } }, { "category" : "product_version_range", "name" : "<6.12.87", "product" : { "name" : "Open Source Linux Kernel <6.12.87", "product_id" : "T053695" } }, { "category" : "product_version", "name" : "6.12.87", "product" : { "name" : "Open Source Linux Kernel 6.12.87", "product_id" : "T053695-fixed", "product_identification_helper" : { "cpe" : "cpe:/o:linux:linux_kernel:6.12.87" } } }, { "category" : "product_version_range", "name" : "<6.18.28", "product" : { "name" : "Open Source Linux Kernel <6.18.28", "product_id" : "T053696" } }, { "category" : "product_version", "name" : "6.18.28", "product" : { "name" : "Open Source Linux Kernel 6.18.28", "product_id" : "T053696-fixed", "product_identification_helper" : { "cpe" : "cpe:/o:linux:linux_kernel:6.18.28" } } }, { "category" : "product_version_range", "name" : "<7.0.5", "product" : { "name" : "Open Source Linux Kernel <7.0.5", "product_id" : "T053697" } }, { "category" : "product_version", "name" : "7.0.5", "product" : { "name" : "Open Source Linux Kernel 7.0.5", "product_id" : "T053697-fixed", "product_identification_helper" : { "cpe" : "cpe:/o:linux:linux_kernel:7.0.5" } } } ], "category" : "product_name", "name" : "Linux Kernel" } ], "category" : "vendor", "name" : "Open Source" }, { "branches" : [ { "category" : "product_name", "name" : "Oracle Linux", "product" : { "name" : "Oracle Linux", "product_id" : "T004914", "product_identification_helper" : { "cpe" : "cpe:/o:oracle:linux:-" } } } ], "category" : "vendor", "name" : "Oracle" }, { "branches" : [ { "category" : "product_name", "name" : "QNAP NAS", "product" : { "name" : "QNAP NAS", "product_id" : "T017100", "product_identification_helper" : { "cpe" : "cpe:/h:qnap:nas:-" } } } ], "category" : "vendor", "name" : "QNAP" }, { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux", "product" : { "name" : "Red Hat Enterprise Linux", "product_id" : "67646", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:-" } } } ], "category" : "vendor", "name" : "Red Hat" }, { "branches" : [ { "category" : "product_name", "name" : "SUSE Linux", "product" : { "name" : "SUSE Linux", "product_id" : "T002207", "product_identification_helper" : { "cpe" : "cpe:/o:suse:suse_linux:-" } } } ], "category" : "vendor", "name" : "SUSE" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-43284", "product_status" : { "known_affected" : [ "T053694", "67646", "393401", "T004914", "T053697", "74185", "T053695", "T017100", "T053696", "2951", "T002207", "398363", "T049210" ], "last_affected" : [ "T053686" ] }, "release_date" : "2026-05-07T22:00:00.000+00:00", "title" : "CVE-2026-43284" }, { "cve" : "CVE-2026-43500", "product_status" : { "known_affected" : [ "T053694", "67646", "393401", "T004914", "T053697", "74185", "T053695", "T017100", "T053696", "2951", "T002207", "398363", "T049210" ], "last_affected" : [ "T053686" ] }, "release_date" : "2026-05-07T22:00:00.000+00:00", "title" : "CVE-2026-43500" } ] }