There is a new local privilege escalation called Dirty Frag (CVE-2026-43284):
Updated kernel packages should be coming soon to resolve this issue. If you can't wait until updated kernels are released and need to apply a temporary mitigation, please see the Mitigation section of the article above and also:
https://github.com/V4bel/dirtyfrag#mitigation
A flaw was found in the Linux kernel that allows for local privilege escalation:
https://access.redhat.com/security/cve/cve-2026-31431
Updated kernel packages should be coming soon to resolve this issue.
UPDATE 2026/05/04 Oracle has released an updated UEK kernel (5.15.0-319.201.4.4) to address this vulnerability (https://linux.oracle.com/errata/ELSA-2026-50253.html). Assuming you're running Security Onion on Oracle 9 with the Oracle UEK kernel, you can update to this new kernel with a standard soup (https://docs.securityonion.net/en/3/main/soup/) followed by a reboot.
If you can't wait until updated kernels are released and need to apply a temporary mitigation, you can run the following command and then reboot:
sudo grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"
After updated kernels are released, that temporary mitigation can be reverted by running the following command and then rebooting:
sudo grubby --update-kernel=ALL --remove-args="initcall_blacklist=algif_aead_init"
SaltStack released an update today:
https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/
Security Onion currently uses SaltStack 3004.1. However, we don't use PAM authentication from within Salt so this security issue should not affect our installations.
We do have plans to update to Salt 3004.2 in the upcoming 2.3.140 release:
https://github.com/Security-Onion-Solutions/securityonion/issues/8166
