Ipsec

vulnerability 2026-05-09
Dirty Frag: Chained Linux Kernel Bugs Hand Out Root, One Half Still Unpatched
Dirty Frag chains an xfrm-ESP page-cache write (CVE-2026-43284) with an unpatched RxRPC page-cache write (CVE-2026-43500) for reliable root on most Linux distros. Embargo blew up early — public PoC is out, RxRPC fix is not.
linux-kernel lpe cve-2026-43284 cve-2026-43500 rxrpc xfrm ipsec afs dirty-frag copy-fail
vulnerabilities 2026-04-02 High
15-Year-Old strongSwan Integer Underflow Lets Unauthenticated Attackers Crash VPN Gateways
CVE-2026-25075 is an integer underflow in strongSwan's EAP-TTLS AVP parser that lets remote, unauthenticated attackers crash the charon IKE daemon — affecting every version since 4.5.0.
strongswan vpn ipsec cve-2026-25075 denial-of-service

Dirty Frag: Chained Linux Kernel Bugs Hand Out Root, One Half Still Unpatched