As oss-security - Dirty Frag: Universal Linux LPE reports and GitHub - V4bel/dirtyfrag · GitHub details there is a “local privilege escalation” vulnerability in a whole range of Linux Kernels. We are actively investigating the situation and available updates but have no doubt that UCS is also vulnerable. One of the vulnerabilities is referred to by CVE-2026-43284.
As workaround for compute nodes that run UCS recommend employing the workaround disabling the affected kernel modules in some way. Under UCS one option is to do the following:
ucr set kernel/blacklist="$(ucr get kernel/blacklist);esp4;esp6;rxrpc"
rmmod esp4 esp6 rxrpc 2> /dev/null
echo 3 > /proc/sys/vm/drop_caches
We’ll update this article as we make progress shipping updates.