Red Hat has disclosed a Linux kernel local privilege escalation vulnerability dubbed "Dirty Frag" (pending CVE, tracked as RHSB-2026-003) that affects Red Hat OpenShift Service on AWS (ROSA Classic) and ROSA with Hosted Control Plane, alongside other OpenShift variants. The flaw resides in kernel code paths reachable via the esp4, esp6, and rxrpc modules, enabling a local attacker to escalate privileges on cluster nodes. Patched kernels will be delivered via OpenShift z-stream updates through the OpenShift Update Service. As an interim mitigation, Red Hat recommends blacklisting the affected kernel modules, which does not require node reboots but will break workloads that depend on IPsec or related functionality. ROSA operators should apply the mitigation now and track z-stream availability for a permanent fix.
- How to mitigate the "Dirty Frag" vu(opens in a new tab)
- Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every(opens in a new tab)