As reported via oss-security - Dirty Frag: Universal Linux LPE and GitHub - V4bel/dirtyfrag · GitHub there is a “local privilege escalation” vulnerability in a whole range of Linux Kernels. UCS was also vulnerable. One of the vulnerabilities is referred to by CVE-2026-43284. The following Errata updates fixed the issue for all UCS releases that are under active maintenance:
- The Errata for Bug #59279 shipped a Kernel update for UCS 5.2-5
- The Errata for Bug #59273 shipped a Kernel update for UCS 5.0-10 (Extended Maintenace Support)
- The Errata for Bug #59267 shipped a Kernel update for UCS 4.4-9 (Extended Maintenace Support)
As workaround for compute nodes that run UCS recommend employing the workaround disabling the affected kernel modules in some way. Under UCS one option is to do the following:
ucr set kernel/blacklist="$(ucr get kernel/blacklist);esp4;esp6;rxrpc"
echo "install esp4 /bin/false" | sudo tee /etc/modprobe.d/dirty-frag.conf
echo "install esp6 /bin/false" | sudo tee -a /etc/modprobe.d/dirty-frag.conf
echo "install rxrpc /bin/false" | sudo tee -a /etc/modprobe.d/dirty-frag.conf
rmmod esp4 esp6 rxrpc 2> /dev/null
echo 3 > /proc/sys/vm/drop_caches
update-initramfs -u -k all