Write-what-where Condition Affecting torvalds/linux package, versions [4.11-rc1,7.1-rc3)
Threat Intelligence
Snyk has reported that there have been attempts or successful attacks targeting this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-UNMANAGED-TORVALDSLINUX-16535152
- published8 May 2026
- disclosed6 May 2026
- creditV4bel
Introduced: 6 May 2026
NewCVE-2026-43284 (opens in a new tab)How to fix?
Upgrade torvalds/linux to version 7.1-rc3 or higher.
Overview
Affected versions of this package are vulnerable to Write-what-where Condition collectively knows as the "xfrm-ESP Page-Cache Write" vulnerability, part of the "Dirty Frag" chain and it is caused due to a deterministic logic bug that provides a powerful 4-byte arbitrary memory overwrite. Chained together with the "RxRPC Page-Cache Write" vulnerability, it corrupts the Linux Page Cache by "dirtying" the frag member of the struct sk_buff. Because it does not rely on race conditions or tight timing windows, the exploit has a very high success rate and does not cause kernel panics if it fails. A local attacker with low privileges can escalate their system privileges to root by exploiting this vulnerability.