CVE-2026-43284

Public on 2026-05-08
Modified on 2026-05-08
Description
In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags

"Dirty Frag" and other issues in Amazon Linux kernels:
https://aws.amazon.com/security/security-bulletins/2026-027-aws/
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core kernel 2026-05-09 ALAS2-2026-3302 Fixed
Amazon Linux 2 - Kernel-5.10 Extra kernel 2026-05-09 ALAS2KERNEL-5.10-2026-118 Fixed
Amazon Linux 2 - Kernel-5.15 Extra kernel 2026-05-09 ALAS2KERNEL-5.15-2026-102 Fixed
Amazon Linux 2 - Kernel-5.4 Extra kernel 2026-05-09 ALAS2KERNEL-5.4-2026-121 Fixed
Amazon Linux 2023 kernel 2026-05-09 ALAS2023-2026-1694 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.248-247.988 2026-05-08 ALAS2LIVEPATCH-2026-294 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.251-248.983 2026-05-08 ALAS2LIVEPATCH-2026-293 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.252-250.1005 2026-05-08 ALAS2LIVEPATCH-2026-290 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.252-250.1016 2026-05-08 ALAS2LIVEPATCH-2026-291 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.252-250.992 2026-05-08 ALAS2LIVEPATCH-2026-289 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.253-251.1014 2026-05-08 ALAS2LIVEPATCH-2026-292 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.163-186.299 2026-05-08 ALAS2023LIVEPATCH-2026-148 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.164-196.303 2026-05-08 ALAS2023LIVEPATCH-2026-146 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.166-197.305 2026-05-08 ALAS2023LIVEPATCH-2026-147 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.168-202.320 2026-05-08 ALAS2023LIVEPATCH-2026-144 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.168-203.330 2026-05-08 ALAS2023LIVEPATCH-2026-145 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.170-208.319 2026-05-08 ALAS2023LIVEPATCH-2026-149 Fixed
Amazon Linux 2023 kernel-livepatch-6.12.68-92.122 2026-05-08 ALAS2023LIVEPATCH-2026-143 Fixed
Amazon Linux 2023 kernel-livepatch-6.12.73-95.123 2026-05-08 ALAS2023LIVEPATCH-2026-142 Fixed
Amazon Linux 2023 kernel-livepatch-6.12.74-98.124 2026-05-08 ALAS2023LIVEPATCH-2026-139 Fixed
Amazon Linux 2023 kernel-livepatch-6.12.77-99.140 2026-05-08 ALAS2023LIVEPATCH-2026-136 Fixed
Amazon Linux 2023 kernel-livepatch-6.12.79-101.147 2026-05-08 ALAS2023LIVEPATCH-2026-138 Fixed
Amazon Linux 2023 kernel-livepatch-6.12.80-105.147 2026-05-08 ALAS2023LIVEPATCH-2026-137 Fixed
Amazon Linux 2023 kernel-livepatch-6.12.80-106.156 2026-05-08 ALAS2023LIVEPATCH-2026-141 Fixed
Amazon Linux 2023 kernel-livepatch-6.12.83-111.159 2026-05-08 ALAS2023LIVEPATCH-2026-140 Fixed
Amazon Linux 2023 kernel-livepatch-6.18.15-14.217 2026-05-08 ALAS2023LIVEPATCH-2026-134 Fixed
Amazon Linux 2023 kernel-livepatch-6.18.16-18.222 2026-05-08 ALAS2023LIVEPATCH-2026-133 Fixed
Amazon Linux 2023 kernel-livepatch-6.18.20-20.229 2026-05-08 ALAS2023LIVEPATCH-2026-132 Fixed
Amazon Linux 2023 kernel-livepatch-6.18.20-41.237 2026-05-08 ALAS2023LIVEPATCH-2026-131 Fixed
Amazon Linux 2023 kernel-livepatch-6.18.25-52.107 2026-05-08 ALAS2023LIVEPATCH-2026-135 Fixed
Amazon Linux 2023 kernel-livepatch-6.18.8-9.213 2026-05-08 ALAS2023LIVEPATCH-2026-130 Fixed
Amazon Linux 2023 kernel6.12 2026-05-09 ALAS2023-2026-1695 Fixed
Amazon Linux 2023 kernel6.18 2026-05-09 ALAS2023-2026-1693 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2026-43284 Mitre: CVE-2026-43284