If Dirty Frag has been patched why do I get nothing when I search:
main(/temp): sudo dnf updateinfo info --cve CVE-2026-43284
Last metadata expiration check: 0:30:20 ago on Sat 09 May 2026 08:36:20 AM EDT.
main(/temp):
Yet do for CopyFail?
main(/temp): sudo dnf updateinfo info --cve CVE-2026-31431
Last metadata expiration check: 0:32:04 ago on Sat 09 May 2026 08:36:20 AM EDT.
Update ID: ALSA-2026:13577
Type: security
…
I found it. but now I don’t see CVE-2026-43500 as being addressed.
main(/temp): sudo dnf updateinfo list security all | grep kernel | grep 2026 | grep 553.12
ALSA-2026:9131 Important/Sec. kernel-4.18.0-553.120.1.el8_10.x86_64
ALSA-2026:A001 Important/Sec. kernel-4.18.0-553.121.1.el8_10.x86_64
ALSA-2026:13577 Important/Sec. kernel-4.18.0-553.123.1.el8_10.x86_64
ALSA-2026:A004 Important/Sec. kernel-4.18.0-553.123.2.el8_10.x86_64
None of those list CVE-2026-43500 as being fixed, yet it is?
Hello,
Yes, AlmaLinux says this is fixed in the patched kernel.
For AlmaLinux 8, please see:
According to the AlmaLinux Dirty Frag article, AlmaLinux 8 is patched in:
kernel-4.18.0-553.123.2.el8_10 and above
Also, CVE-2026-43500 does not affect AlmaLinux 8 because AlmaLinux 8 does not build the rxrpc module.
Thanks