SUSE local privilege escalation “Dirty Frag” CVE-2026-43284

SUSE has released a security update for the Linux kernel addressing the previously disclosed “Dirty Frag” vulnerabilities.

The issue allows a local, non-privileged operating system user to potentially gain elevated privileges on affected systems under specific conditions.  Only local operating system users are affected, no PRISMAproduction users.  On a default installed PRISMAproduction Server the related kernel modules esp4|esp6|rxrpc are not loaded, resulting in this system not being affected.

To ensure the security of PRISMAproduction, an operating system update is necessary.  The following vulnerability is fixed by a security update for SLES 15 SP7 (PRISMAproduction V6.5):

• https://www.cve.org/CVERecord?id=CVE-2026-43284

The system update is available through normal channels.  Please contact your Service Engineer for further details.