HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical Linux Kernel Local Privilege Escalation (CVE‑2026‑43284/43500/46300) Affects Major Distributions

A chain of three kernel flaws (CVE‑2026‑43284, CVE‑2026‑43500, CVE‑2026‑46300) lets an unprivileged user gain root on vulnerable Linux systems, exposing cloud and managed‑service providers to severe compromise.

LiveThreat™ Intelligence · 📅 May 30, 2026· 📰 exploit-db.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
4 recommended
📰
Source
exploit-db.com

Critical Linux Kernel Local Privilege Escalation (CVE‑2026‑43284/43500/46300) Impacts Major Distributions

What Happened — A chain of three kernel flaws (CVE‑2026‑43284, CVE‑2026‑43500, CVE‑2026‑46300) enables an unprivileged user to write arbitrary data into the page‑cache, allowing modification of setuid binaries and system files. The publicly released “Kukurigu” exploit demonstrates near‑100 % success on tested Ubuntu, RHEL, openSUSE, CentOS Stream, AlmaLinux, and Fedora releases.

Why It Matters for TPRM

  • Persistent LPE can let a compromised third‑party service gain root on host systems, jeopardizing data confidentiality and integrity.
  • Many SaaS and managed‑service providers run workloads on vulnerable Linux kernels; a breach can cascade to your organization.
  • Patch cycles for kernel releases are often lengthy; exposure may persist across multiple product versions.

Who Is Affected — Cloud‑infrastructure providers, managed service providers, SaaS platforms, and any organization running affected Linux distributions (Ubuntu 24.04‑26.04, RHEL 10.1, openSUSE Tumbleweed, CentOS Stream 10, AlmaLinux 10, Fedora 44).

Recommended Actions

  • Verify kernel versions on all Linux assets and cross‑check against the vulnerable range (2017‑01‑17 to 2026‑05‑10).
  • Prioritize patching to the latest kernel releases that address CVE‑2026‑43284, CVE‑2026‑43500, and CVE‑2026‑46300.
  • Deploy kernel hardening controls (e.g., SELinux/AppArmor, mandatory access controls) and monitor for suspicious page‑cache activity.

Technical Notes — The exploit leverages a page‑cache write primitive via the ESP protocol (xfrm), an RxRPC decryption flaw, and a skb coalescing bug, allowing modification of setuid binaries without triggering kernel panics. No CVE‑specific mitigations were publicly available at time of disclosure. Source: Exploit‑DB 52591

📰 Original Source
https://www.exploit-db.com/exploits/52591

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →