Debian Linux Kernel Multiple Vulnerabilities
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in Debian Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and sensitive information disclosure on the targeted system.
Note:
CVE-2026-31431 is being exploited in the wild. Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel's authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system. A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017.
CVE-2026-43284 and CVE-2026-43500 (commonly known as "Dirty Frag") are being scattered exploited. If exploited, these vulnerability could allow a local user with low privileges to gain elevated system (root) permissions.
Proof of Concept exploit code is publicly available for CVE-2026-46333. This vulnerability is a Linux kernel race condition during process exit that allows a local unprivileged user to read root-only sensitive files. If exploited, it may disclose data such as SSH host private keys or /etc/shadow contents.
[Updated on 2026-05-11]
Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.
[Updated on 2026-05-12]
Updated Description.
[Updated on 2026-05-18]
Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.
[Updated on 2026-05-22]
Updated Description.
[Updated on 2026-05-26]
Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.
[Updated on 2026-05-29]
Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.
Impact
- Denial of Service
- Information Disclosure
- Elevation of Privilege
System / Technologies affected
- Debian bookworm versions prior to 6.1.174-1
- Debian 11 bullseye versions prior to 5.10.251-5
- Debian stable distribution (trixie) versions prior to 6.12.90-2
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://lists.debian.org/debian-lts-announce/2026/05/msg00016.html
- https://lists.debian.org/debian-lts-announce/2026/05/msg00018.html
- https://lists.debian.org/debian-lts-announce/2026/05/msg00032.html
- https://lists.debian.org/debian-security-announce/2026/msg00154.html
- https://lists.debian.org/debian-security-announce/2026/msg00164.html
- https://lists.debian.org/debian-security-announce/2026/msg00169.html
- https://lists.debian.org/debian-security-announce/2026/msg00185.html
- https://lists.debian.org/debian-security-announce/2026/msg00186.html
- https://lists.debian.org/debian-security-announce/2026/msg00206.html
- https://lists.debian.org/debian-security-announce/2026/msg00216.html
- https://lists.debian.org/debian-security-announce/2026/msg00217.html
Vulnerability Identifier
- CVE-2023-53228
- CVE-2023-53510
- CVE-2023-53545
- CVE-2024-47736
- CVE-2024-47809
- CVE-2024-49998
- CVE-2024-50298
- CVE-2024-56719
- CVE-2025-21676
- CVE-2025-21682
- CVE-2025-37945
- CVE-2025-37980
- CVE-2025-38105
- CVE-2025-38162
- CVE-2025-38192
- CVE-2025-38250
- CVE-2025-38303
- CVE-2025-38436
- CVE-2025-38584
- CVE-2025-38626
- CVE-2025-38659
- CVE-2025-38704
- CVE-2025-39748
- CVE-2025-39764
- CVE-2025-39863
- CVE-2025-40005
- CVE-2025-40016
- CVE-2025-40135
- CVE-2025-40219
- CVE-2025-40242
- CVE-2025-40261
- CVE-2025-40358
- CVE-2025-68206
- CVE-2025-68239
- CVE-2025-68265
- CVE-2025-71067
- CVE-2025-71161
- CVE-2025-71221
- CVE-2025-71265
- CVE-2025-71266
- CVE-2025-71267
- CVE-2025-71269
- CVE-2026-23100
- CVE-2026-23113
- CVE-2026-23141
- CVE-2026-23154
- CVE-2026-23157
- CVE-2026-23171
- CVE-2026-23204
- CVE-2026-23227
- CVE-2026-23231
- CVE-2026-23242
- CVE-2026-23243
- CVE-2026-23245
- CVE-2026-23253
- CVE-2026-23270
- CVE-2026-23271
- CVE-2026-23273
- CVE-2026-23274
- CVE-2026-23277
- CVE-2026-23279
- CVE-2026-23281
- CVE-2026-23284
- CVE-2026-23286
- CVE-2026-23287
- CVE-2026-23289
- CVE-2026-23290
- CVE-2026-23291
- CVE-2026-23292
- CVE-2026-23293
- CVE-2026-23296
- CVE-2026-23298
- CVE-2026-23300
- CVE-2026-23303
- CVE-2026-23304
- CVE-2026-23306
- CVE-2026-23307
- CVE-2026-23312
- CVE-2026-23315
- CVE-2026-23317
- CVE-2026-23318
- CVE-2026-23319
- CVE-2026-23321
- CVE-2026-23324
- CVE-2026-23335
- CVE-2026-23336
- CVE-2026-23339
- CVE-2026-23340
- CVE-2026-23343
- CVE-2026-23351
- CVE-2026-23352
- CVE-2026-23356
- CVE-2026-23357
- CVE-2026-23359
- CVE-2026-23362
- CVE-2026-23364
- CVE-2026-23365
- CVE-2026-23367
- CVE-2026-23368
- CVE-2026-23370
- CVE-2026-23372
- CVE-2026-23378
- CVE-2026-23379
- CVE-2026-23381
- CVE-2026-23382
- CVE-2026-23388
- CVE-2026-23391
- CVE-2026-23392
- CVE-2026-23395
- CVE-2026-23396
- CVE-2026-23397
- CVE-2026-23398
- CVE-2026-23401
- CVE-2026-23414
- CVE-2026-23420
- CVE-2026-23422
- CVE-2026-23426
- CVE-2026-23428
- CVE-2026-23434
- CVE-2026-23438
- CVE-2026-23439
- CVE-2026-23446
- CVE-2026-23449
- CVE-2026-23450
- CVE-2026-23452
- CVE-2026-23454
- CVE-2026-23455
- CVE-2026-23456
- CVE-2026-23457
- CVE-2026-23458
- CVE-2026-23460
- CVE-2026-23462
- CVE-2026-23463
- CVE-2026-23468
- CVE-2026-23474
- CVE-2026-23475
- CVE-2026-31389
- CVE-2026-31391
- CVE-2026-31392
- CVE-2026-31393
- CVE-2026-31396
- CVE-2026-31399
- CVE-2026-31400
- CVE-2026-31402
- CVE-2026-31403
- CVE-2026-31405
- CVE-2026-31408
- CVE-2026-31409
- CVE-2026-31411
- CVE-2026-31412
- CVE-2026-31414
- CVE-2026-31415
- CVE-2026-31416
- CVE-2026-31417
- CVE-2026-31418
- CVE-2026-31419
- CVE-2026-31421
- CVE-2026-31422
- CVE-2026-31423
- CVE-2026-31424
- CVE-2026-31425
- CVE-2026-31426
- CVE-2026-31427
- CVE-2026-31428
- CVE-2026-31431
- CVE-2026-31433
- CVE-2026-31434
- CVE-2026-31441
- CVE-2026-31446
- CVE-2026-31447
- CVE-2026-31448
- CVE-2026-31450
- CVE-2026-31452
- CVE-2026-31453
- CVE-2026-31454
- CVE-2026-31455
- CVE-2026-31464
- CVE-2026-31466
- CVE-2026-31467
- CVE-2026-31469
- CVE-2026-31473
- CVE-2026-31476
- CVE-2026-31477
- CVE-2026-31478
- CVE-2026-31480
- CVE-2026-31483
- CVE-2026-31485
- CVE-2026-31492
- CVE-2026-31494
- CVE-2026-31495
- CVE-2026-31496
- CVE-2026-31497
- CVE-2026-31498
- CVE-2026-31499
- CVE-2026-31503
- CVE-2026-31504
- CVE-2026-31507
- CVE-2026-31508
- CVE-2026-31509
- CVE-2026-31510
- CVE-2026-31512
- CVE-2026-31515
- CVE-2026-31518
- CVE-2026-31519
- CVE-2026-31520
- CVE-2026-31521
- CVE-2026-31522
- CVE-2026-31523
- CVE-2026-31524
- CVE-2026-31533
- CVE-2026-31540
- CVE-2026-31545
- CVE-2026-31546
- CVE-2026-31548
- CVE-2026-31549
- CVE-2026-31550
- CVE-2026-31551
- CVE-2026-31552
- CVE-2026-31555
- CVE-2026-31563
- CVE-2026-31565
- CVE-2026-31566
- CVE-2026-31570
- CVE-2026-31628
- CVE-2026-31634
- CVE-2026-31649
- CVE-2026-31651
- CVE-2026-31656
- CVE-2026-31657
- CVE-2026-31658
- CVE-2026-31659
- CVE-2026-31660
- CVE-2026-31661
- CVE-2026-31662
- CVE-2026-31664
- CVE-2026-31665
- CVE-2026-31667
- CVE-2026-31668
- CVE-2026-31669
- CVE-2026-31670
- CVE-2026-31671
- CVE-2026-31672
- CVE-2026-31674
- CVE-2026-31678
- CVE-2026-31679
- CVE-2026-31680
- CVE-2026-31682
- CVE-2026-31683
- CVE-2026-31689
- CVE-2026-31695
- CVE-2026-31709
- CVE-2026-31715
- CVE-2026-31720
- CVE-2026-31721
- CVE-2026-31726
- CVE-2026-31728
- CVE-2026-31737
- CVE-2026-31738
- CVE-2026-31747
- CVE-2026-31748
- CVE-2026-31749
- CVE-2026-31751
- CVE-2026-31752
- CVE-2026-31754
- CVE-2026-31755
- CVE-2026-31756
- CVE-2026-31758
- CVE-2026-31759
- CVE-2026-31761
- CVE-2026-31762
- CVE-2026-31763
- CVE-2026-31768
- CVE-2026-31770
- CVE-2026-31773
- CVE-2026-31776
- CVE-2026-31778
- CVE-2026-31779
- CVE-2026-31780
- CVE-2026-31781
- CVE-2026-31786
- CVE-2026-31787
- CVE-2026-31788
- CVE-2026-43011
- CVE-2026-43013
- CVE-2026-43014
- CVE-2026-43015
- CVE-2026-43017
- CVE-2026-43018
- CVE-2026-43020
- CVE-2026-43023
- CVE-2026-43024
- CVE-2026-43025
- CVE-2026-43026
- CVE-2026-43027
- CVE-2026-43028
- CVE-2026-43030
- CVE-2026-43032
- CVE-2026-43033
- CVE-2026-43035
- CVE-2026-43037
- CVE-2026-43038
- CVE-2026-43040
- CVE-2026-43041
- CVE-2026-43043
- CVE-2026-43046
- CVE-2026-43047
- CVE-2026-43050
- CVE-2026-43051
- CVE-2026-43054
- CVE-2026-43057
- CVE-2026-43088
- CVE-2026-43109
- CVE-2026-43220
- CVE-2026-43284
- CVE-2026-43490
- CVE-2026-43494
- CVE-2026-43500
- CVE-2026-43503
- CVE-2026-46174
- CVE-2026-46300
- CVE-2026-46333
Source
Related Link
- https://lists.debian.org/debian-lts-announce/2026/05/msg00016.html
- https://lists.debian.org/debian-lts-announce/2026/05/msg00018.html
- https://lists.debian.org/debian-lts-announce/2026/05/msg00032.html
- https://lists.debian.org/debian-security-announce/2026/msg00154.html
- https://lists.debian.org/debian-security-announce/2026/msg00164.html
- https://lists.debian.org/debian-security-announce/2026/msg00169.html
- https://lists.debian.org/debian-security-announce/2026/msg00185.html
- https://lists.debian.org/debian-security-announce/2026/msg00186.html
- https://lists.debian.org/debian-security-announce/2026/msg00206.html
- https://lists.debian.org/debian-security-announce/2026/msg00216.html
- https://lists.debian.org/debian-security-announce/2026/msg00217.html
- https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/
Related Tags
Share with