ArticlesRocky Linux

Mitigating IPv6 Frag Escape (CVE-2026-53362) on Rocky Linux 10

cvecve-2026-53362securitykernelrocky linuxmitigationtroubleshootingcontainer escapeipv6

Arsalan Zaidi
Customer Support Engineer

Jul 08, 2026

Introduction

IPv6 Frag Escape, tracked as CVE-2026-53362, is a local privilege escalation and container escape vulnerability in the Linux kernel's IPv6 fragmentation path. A missing bounds check in __ip6_append_data() causes an out-of-bounds write into skb_shared_info, which enables a page use-after-free. An attacker chains this into a dirty-pagetable attack that provides arbitrary kernel read/write, overwrites process credentials to gain uid=0, patches avc_denied() to bypass SELinux, and escapes from a container to root on the host via core_pattern.

This vulnerability is separate from the Dirty Frag (CVE-2026-43284) and Fragnesia (CVE-2026-46300) vulnerabilities. While all three involve kernel memory corruption, IPv6 Frag Escape uses the IPv6 fragmentation code path, not the ESP/xfrm subsystem.

This article covers Rocky Linux 10 systems on x86_64, including RLC Pro and RLC Pro Hardened variants. Earlier Rocky Linux versions (8 and 9) are not affected because they run older kernel families (4.18.x and 5.14.x) that do not contain the vulnerable code. The vulnerability also does not affect aarch64 systems because it requires 5-level paging (LA57), which is an x86_64 feature.

Problem

IPv6 Frag Escape targets the kernel's IPv6 fragmentation reassembly path. When an attacker creates an IPv6 socket inside an unprivileged user namespace and sends crafted fragmented packets, the kernel's __ip6_append_data() function writes beyond the bounds of skb_shared_info. This corrupts adjacent memory and produces a page use-after-free condition. The attacker then uses a dirty-pagetable technique to convert the use-after-free into arbitrary kernel read/write access.

With arbitrary kernel access, the exploit overwrites the calling process's cred structure to set all UIDs and GIDs to 0 (root). It then patches the in-kernel avc_denied() function to neutralize SELinux enforcement. Finally, the exploit writes a malicious command to /proc/sys/kernel/core_pattern, which executes as root on the host when a process crashes, completing the escape from the container to the host.

The attack is local only. It cannot be exploited remotely. The attacker must have code execution inside a container or as a local unprivileged user on the host. The exploit requires access to unprivileged user namespaces, which are enabled by default on Rocky Linux 10.

Treat the following systems as affected unless they have the mitigation in place or are running a patched kernel:

  • RLC Pro variants based on Rocky Linux 10, including RLC Pro Hardened

The following systems are not affected:

  • Rocky Linux 8 and 9 (all variants, including LTS, FIPS, RLC Pro, and RLC Pro Hardened)
  • All aarch64 systems (the exploit requires x86_64 5-level paging)
  • CIQ Bridge / CentOS 7

Status

  • No patched kernels are available yet. This article will be updated as patched kernels become available.
  • Recommended action: apply the user namespace mitigation described in the Mitigation section below. This blocks the exploit's entry point while patched kernels are pending.
  • The mitigation has operational impact. Disabling unprivileged user namespaces breaks rootless Podman containers, application sandboxes (Chromium, Firefox, Flatpak), and anything that depends on unprivileged user namespace creation. Plan a maintenance window for systems running those workloads.
  • CIQ Bridge customers and CentOS 7.9 users are unaffected by this vulnerability.
  • Relationship to Dirty Frag and Fragnesia mitigations. If you already disabled unprivileged user namespaces (user.max_user_namespaces=0) as part of another advisory, that mitigation also covers IPv6 Frag Escape. The Dirty Frag module-blocking mitigation (esp4/esp6 in /etc/modprobe.d/dirtyfrag.conf) does not cover this vulnerability because IPv6 Frag Escape does not use the ESP code path.
  • Open a support case if you need help assessing exposure, validating workload impact, or tracking patched kernel availability for your specific CIQ variant.

Patched kernels

No patched kernels are available as of 2026-07-08. This article will be updated as builds become available.

Variant Patched Kernel Version Released
(No patched kernels available yet)

Confirm what is running on a given system with:

uname -r

ℹ️ NOTE CIQ updates this table as tested kernels become available for each variant.

Installing the Update

Patched kernels are pending. Once they become available, this section will be updated with variant-specific installation instructions.

In the interim, apply the mitigation described below to reduce exposure.

When a patched kernel is released, the standard update path for Rocky Linux 10.x will be:

sudo dnf update kernel*
sudo reboot

Mitigation

Apply the steps in this section to block the exploit while patched kernels are not yet available. Once you install a patched kernel and reboot, the mitigation can be removed. See Reverting the mitigation.

Disable unprivileged user namespaces

The IPv6 Frag Escape exploit requires unprivileged user namespace creation to reach the vulnerable IPv6 fragmentation code path from inside a container. Setting user.max_user_namespaces to 0 removes that entry point and blocks the exploit.

⚠️ WARNING Disabling unprivileged user namespace creation breaks rootless container runtimes including rootless Podman, rootless Docker, slirp4netns, and pasta. It also breaks sandboxed browsers such as Chromium and Firefox, and Flatpak applications. Validate the impact on your workload before applying fleet-wide. Systems using rootless containers should plan a maintenance window.

To apply:

echo 'user.max_user_namespaces=0' | sudo tee /etc/sysctl.d/cve-2026-53362.conf
sudo sysctl --system

Verify:

sysctl user.max_user_namespaces

Output should be user.max_user_namespaces = 0.

This mitigation is broader than the Dirty Frag and Fragnesia mitigations that block esp4/esp6 modules or disable unprivileged network namespaces. Disabling user namespaces entirely also prevents the Dirty Frag and Fragnesia attack vectors, since those exploits also require user namespace access for their initial entry. If you apply this mitigation, it supersedes the narrower mitigations for those CVEs.

Reverting the mitigation

Once you install a patched kernel for your variant, remove the sysctl override to restore unprivileged user namespace creation:

sudo rm /etc/sysctl.d/cve-2026-53362.conf
sudo sysctl --system

Verify that user namespaces are re-enabled:

sysctl user.max_user_namespaces

The value should be greater than 0.

Verification

Verifying the mitigation

Confirm that unprivileged user namespaces are disabled:

sysctl user.max_user_namespaces

Output should be user.max_user_namespaces = 0.

Confirm the sysctl drop-in file is present and has the correct content:

cat /etc/sysctl.d/cve-2026-53362.conf

You should see user.max_user_namespaces=0.

As a functional test, confirm that an unprivileged user cannot create a user namespace:

unshare --user --map-root-user echo "user namespaces are enabled"

This command should fail with a permissions error when the mitigation is active. If it succeeds and prints the message, the sysctl is not in effect. Re-run sudo sysctl --system and check for conflicting sysctl files that may override the setting.

Verifying the patched kernel (when available)

Once patched kernels are released, confirm the running kernel matches a patched version:

uname -r

Compare the output against the versions listed in the Patched kernels table above.

Resolution

Once a patched kernel is available and installed:

  1. Reboot into the patched kernel.
  2. Verify the running kernel version:
uname -r
  1. Remove the mitigation sysctl file:
sudo rm /etc/sysctl.d/cve-2026-53362.conf
sudo sysctl --system
  1. Confirm user namespaces are re-enabled:
sysctl user.max_user_namespaces

The value should be greater than 0.

Notes

  • Container escape, not just privilege escalation. Unlike Dirty Frag and Fragnesia, which escalate privileges on the host, IPv6 Frag Escape chains the kernel write primitive into a full container escape via core_pattern. Any RLC Pro or RLC Pro Hardened system running untrusted containers on Rocky Linux 10 x86_64 should be treated as actively exploitable until mitigated or patched.
  • x86_64 only. The exploit requires 5-level paging (LA57), which is specific to x86_64 processors that support it. aarch64 systems are not affected.
  • Rocky Linux 8 and 9 are not affected. The vulnerable code path exists only in kernel 6.12.x. Rocky Linux 8 (kernel 4.18.x) and Rocky Linux 9 (kernel 5.14.x) do not contain the __ip6_append_data() bounds check flaw.
  • Unprivileged user namespaces are the entry point. Rocky Linux 10 enables unprivileged user namespaces by default. Disabling them is the most effective mitigation but has a wide blast radius on workloads that depend on them.
  • Relationship to other mitigations. If you previously applied user.max_user_namespaces=0 for any reason, that setting already covers IPv6 Frag Escape. The esp4/esp6 module blocking from Dirty Frag does not cover this CVE because the attack uses the IPv6 fragmentation path, not ESP.
  • Public exploit availability. A working proof-of-concept exploit is publicly available. Treat affected systems with containers or local users as actively exploitable until you apply the mitigation or install a patched kernel.
  • SELinux bypass included. The exploit patches avc_denied() in kernel memory, so SELinux enforcement alone does not prevent the escape. The sysctl mitigation is required regardless of SELinux policy.

Related articles