Dirty Frag and other issues in Amazon Linux kernels

Friday, May 8, 2026 at 02:58 AM UTC·Source: AWS Security Bulletins

Updated: Friday, May 8, 2026 at 04:00 AM UTC

Executive Summary

Analysis

Bulletin ID: 2026-027-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/05/07 19:45 PM PDT Description: Amazon is aware of a class of issues in the Linux kernel related to the original issue (CVE-2026-31431). The issues commonly referred to as "DirtyFrag" are present in a number of loadable modules, including xfrm_user/esp4/esp6 and ipcomp4/ipcomp6. On systems that allow unprivileged users to create sockets directly or through CAP_NET_ADMIN, or allow the creation of unprivileged user namespaces (user+net), an actor may gain access to kernel memory and thus escalate their privileges. Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

Indicators of Compromise (1)

CVE (1)

CVE-2026-31431

NVD MITRE CVE

Source Attribution

Originally published by AWS Security Bulletins on May 8, 2026.

Related Threats

MEDIUMVulnerability

Commerzbank to axe 3000 jobs as it fends off UniCredit takeover

Germany's Commerzbank says it will cut 3000 jobs as it steps up investment in AI and fends off a takeover effort from Italy's UniCredit.

1h agoFinextra

MEDIUMVulnerability

Weekly Update 503

Well, it's the day before the Instructure "pay or leak" deadline (at least by my Aussie watch), and the company remains removed from the ShinyHunters website. In its place sits a press statement that amounts to "we're not making any statements". So

1h agoTroy Hunt

MEDIUMVulnerability

YARA-X 1.16.0 Release, (Sun, May 10th)

YARA-X&&#x23;x26;&#x23;39;s 1.16.0 release brings 4 improvements and 4 bugfixes.

2h agoSANS ISC