• CVE-2026-43284 and CVE-2026-43500, also known as Dirty Frag, are Linux kernel local privilege escalation vulnerabilities.
• The vulnerabilities involve specific Linux kernel code paths where page-cache-backed memory may be modified through in-place cryptographic operations after data is inserted into socket buffers using zero-copy mechanisms.
• These CVEs require local access to a running system. They are not remotely exploitable over the network.
• For Tanzu Platform / TAS environments, it is important to distinguish between:
  1. The Jammy stemcell VM, where the affected kernel modules are be present.
  2. The Tanzu Platform application container runtime, where the known exploit path does not function.

• TKG: 2.5.4
• TKG environment using Jammy stemcells, including:
  • VMware Tanzu Application Service
  • VMware Tanzu Platform for Cloud Foundry
  • VMware Tanzu Kubernetes Grid Integrated Edition
  • VMware Tanzu Kubernetes Grid multi-cloud
• Other BOSH-managed deployments based on Jammy stemcells
• Garden containers on Tanzu Platform are not susceptible to the Dirty Frag exploit (see Additional Information section).

• The issue is caused by Linux kernel vulnerabilities involving shared socket buffer fragments and in-place cryptographic operations.
• At a high level:
  • CVE-2026-43284 is associated with the Linux xfrm / ESP code path.
  • CVE-2026-43500 is associated with the Linux RxRPC code path.
• The affected kernel functionality is available on Jammy stemcell-based VMs until an updated Jammy stemcell includes the relevant upstream kernel fixes.

VMware is aware of CVE-2026-43284 and CVE-2026-43500. An updated Jammy stemcell containing fixes for both vulnerabilities is currently targeted for the June patch release (June 16). Subscribe to this KB to be notified when the resolution is officially released.

Workaround

For BOSH-managed VMs that are not using Tanzu IPSec, the affected kernel modules can be unloaded and blacklisted as a temporary mitigation.

1. SSH to the affected VM:

   bosh -d <deployment-name> ssh <instance-group>/<instance-id>

2. Disable and unload the esp4, esp6, and rxrpc kernel modules:

   sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"

3. Reset the page cache:

   echo 3 | sudo tee /proc/sys/vm/drop_caches

• Tanzu Security Advisory CVE-2026-43284 / CVE-2026-43500

Garden, the container runtime used by Tanzu Elastic Application Runtime, applies a strict seccomp filter to all unprivileged containers by default. Seccomp (Secure Computing Mode) is a Linux kernel feature that restricts which system calls a process is permitted to make — any call not on the allowlist is rejected before it reaches the kernel. The Dirty Frag vulnerability chain requires two system calls that are absent from Garden's allowlist: unshare, used to create an isolated network namespace in order to register IPsec security associations, and add_key, used to install a cryptographic session key into the kernel's key management subsystem. Because neither call is permitted, both exploit paths are blocked before any vulnerable kernel code is reached. Customers running workloads in standard unprivileged Garden containers are not vulnerable to Dirty Frag.