Description: CVE-2026-31431 is a Linux kernel vulnerability that may allow local privilege escalation, including in containerized environments such as Kubernetes. In the affected Kubernetes environment, no shared worker nodes are used, which reduces the risk of cross-workload impact. In addition, the vulnerability has been mitigated on the underlying OpenStack infrastructure.
Available software updates: Pending vendor release
Scheduled rollout date: Expected 9 June 2026
Responsibility for implementation: teuto.net
CVE-2026-43284, CVE-2026-43500 (Dirty Frag)
CVSS Score: 8.8 (HIGH), N/A
Description: CVE-2026-43284 and CVE-2026-43500, collectively referred to as “Dirty Frag”, affect Linux kernel networking-related components, including IPsec ESP (esp4/esp6) and rxrpc. Under certain conditions, they may be chained to enable local privilege escalation. In the affected Kubernetes environment, no shared worker nodes are used, which limits the potential impact across workloads. The vulnerability has been mitigated on the underlying OpenStack infrastructure.
Available software updates: Pending vendor release