// Alert

AWS threat report

// AWSHIGH

Red Hat has disclosed a Linux kernel local privilege escalation vulnerability dubbed "Dirty Frag" (pending CVE, tracked as RHSB-2026-003) that affects Red Hat OpenShift Service on AWS (ROSA Classic) and ROSA with Hosted Control Plane, alongside other OpenShift variants. The flaw resides in kernel code paths reachable via the esp4, esp6, and rxrpc modules, enabling a local attacker to escalate privileges on cluster nodes. Patched kernels will be delivered via OpenShift z-stream updates through the OpenShift Update Service. As an interim mitigation, Red Hat recommends blacklisting the affected kernel modules, which does not require node reboots but will break workloads that depend on IPsec or related functionality. ROSA operators should apply the mitigation now and track z-stream availability for a permanent fix.

// Get alerts for AWS