EGI SVG Advisories

Advisory-EGI-SVG-2026-15

CRITICAL risk Linux kernel vulnerability

Date: 2026-05-13

Updated: 2026-05-29 - handled via EGI-SVG-2026-17

Updated: 2026-05-21

NOTE:

All running resources MUST be either patched or have mitigation in place or affected services disabled by 2026-05-21, 00:00 UTC.

Sites failing to act or respond to requests from the EGI CSIRT team risk site suspension.

DESCRIPTION

CRITICAL risk vulnerability concerning the Linux kernel with yet another very easy public exploit leading to local privilege escalation to root. It is extensively described at [R 1] [R 2] [R 3] [R 9].

IDs AND CVSS SCORE

EGI SVG ID : EGI-SVG-2026-15

CVE ID : CVE-2026-46300

CVSSv3 Score:

ACTIONS REQUIRED/RECOMMENDED

Urgent action is required on hosts giving access to unprivileged users, e.g. grid worker nodes, but also container hosts, notebook servers and CI runners.

At the time of writing, fixed kernels are only available for some of the relevant distributions. Please check the references listed at the bottom of this advisory for your distribution(s), update and reboot affected systems as soon as feasible.

Please apply these mitigation commands on affected hosts in the meantime:

modprobe -r esp4 esp6 rxrpc
cat >/etc/modprobe.d/mitigation-dirtyfrag.conf <<'EOF'
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
blacklist esp4
blacklist esp6
blacklist rxrpc
EOF
echo 3 > /proc/sys/vm/drop_caches

They are sufficient to prevent the published exploits and are not expected to affect vital functionality. A reboot is not needed just to apply those mitigations.

MORE INFORMATION

Compared to the CVSS risk assessment detailed in [R 4], in some of our deployment scenarios, the “Scope” parameter needs to have “Changed” as value, which causes the EGI SVG score to have a significantly higher, more appropriate value.

STATUS OF THIS ADVISORY

TLP:CLEAR information - Unlimited distribution

https://advisories.egi.eu/Advisory-EGI-SVG-2026-15

https://advisories.egi.eu/Advisory-SVG-CVE-2026-46300

Minor updates may be made without re-distribution to the sites.

CONTACT AND OTHER INFORMATION ON SVG


This advisory is subject to the Creative Commons licence 
https://creativecommons.org/licenses/by/4.0/ and
the EGI (https://www.egi.eu/) Software Vulnerability Group 
must be credited. -----------------------------

See [R 99] for further details, and other information on SVG.

REFERENCES

CREDITS

SVG was alerted to this vulnerability by the EGI CSIRT