Proxmox Virtual Environment - Security Advisories

Status
Not open for further replies.

Subject: PSA-2026-00018-1: "copy.fail" local privilege escalation via AF_ALG socket​


Advisory date: 2026-04-30

Packages: proxmox-kernel-6.8, proxmox-kernel-6.14, proxmox-kernel-6.17

Details:

An issue published under the name "copy.fail" was found in the Linux kernel's handling of AF_ALG socket messages. An unprivileged local user could abuse this issue to write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root and potentially escape sandboxing mechanisms such as containers.

Mitigations:

Fixed kernel packages are available for the affected kernel series, see below for details.


To prevent exploitation of the issue prior to rebooting into a fixed kernel, disallowing loading of the affected module is recommended.

Check if the module is loaded:

# lsmod | grep algif_aead

If this command displays output and you are not aware of benign usage of AF_ALG sockets for AEAD, it is possible that an attacker already tried to exploit the issue on this system. The journal might contain information about when the af_alg module was loaded: "kernel: NET: Registered PF_ALG protocol family".

Disable loading of the module:

Code: 
# echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
# update-initramfs -u -k all

Remove any already loaded instance of the module:

# rmmod algif_aead


An updated pve-container package that uses seccomp filtering to prevent exploits from within containers is available. Containers started after the fixed pve-container version has been installed cannot access AF_ALG sockets anymore.

If you need AF_ALG support in a specific container, override the seccomp filter after rebooting into a fixed kernel by creating a custom seccomp filter file based on /var/lib/lxc/$vmid/rules.seccomp and configure it via the lxc.seccomp.profile option. The container needs to be started once to generate the rules.seccomp file.


Not affected:
- proxmox-kernel-7.0.0-*-pve (PVE 9.x, PBS 4.x, PDM 1.x, PMG 9.x)

Fixed:
- proxmox-kernel-6.17.13-6-pve or later (PVE 9.x, PBS 4.x, PDM 1.x, PMG 9.x)
- proxmox-kernel-6.14.11-7-pve or later (PVE 9.x, PBS 4.x, PDM 1.x, PMG 9.x)
- proxmox-kernel-6.14.11-7-bpo12-pve or later (PVE 8.x, PBS 3.x, PMG 8.x)
- proxmox-kernel-6.8.12-22-pve or later (PVE 8.x, PBS 3.x, PMG 8.x)
- pve-container >= 6.1.5 (PVE 9.x)
- pve-container >= 5.3.5 (PVE 8.x)

References:
- CVE-2026-31431
- https://copy.fail
- https://xint.io/blog/copy-fail-linux-distributions
 

Subject: PSA-2026-00019-1: "DirtyFrag" Local Privilege Escalation​


Advisory date: 2026-05-08

Packages: proxmox-kernel-*

Details:

Two vulnerabilities in the Linux kernel were discovered, which when combined, allow an unprivileged local user to obtain root privileges.

Mitigation:

Until fixed kernel packages are available, disabling loading of the affected kernel modules mitigates the vulnerability.

Check if the modules are loaded:

# lsmod | grep -e esp4 -e esp6 -e rxrpc

If this command displays output and you are not aware of benign usage of AFS or IPSEC with kernel-side transforms, it is possible that an attacker already tried to exploit the issue on this system.

Disable loading of the modules:

# sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf"

Remove any already loaded instance of the module:

# rmmod esp4 esp6 rxrpc

Note: Deploying this mitigation might break IPSEC if kernel-side transforms are used, or AFS client usage.

Fixed:

A second advisory will be published with the fixed kernel versions once they are available.

References:

- https://github.com/V4bel/dirtyfrag
- CVE-2026-43284
 
Last edited:

Subject: PSA-2026-00019-2: "DirtyFrag" Local Privilege Escalation​


Advisory date: 2026-05-08

Packages: proxmox-kernel-*

Details:

Two vulnerabilities in the Linux kernel were discovered, which when combined, allow an unprivileged local user to obtain root privileges.

Mitigation:

See PSA-2026-00019-1

Fixed in:

- proxmox-kernel-7.0.2-2-pve or later (Trixie-based PBS 4.x)[1]
- proxmox-kernel-6.17.13-7-pve or later (Trixie-based products, PVE 9.x, PBS 4.x, PMG 9.x, PDM 1.x)
- proxmox-kernel-6.14.11-8-pve or later (Trixie-based products, PVE 9.x, PBS 4.x, PMG 9.x, PDM 1.x)
- proxmox-kernel-6.8.12-23-pve or later (Bookworm-based products, PVE 8.x, PBS 3.x, PMG 8.x)
- proxmox-kernel-6.14.11-8-pve-bpo12 or later (Bookworm-based products, PVE 8.x, PBS 3.x, PMG 8.x)

1: the fixed 7.0 kernel is available on *-no-subscription for PVE, PMG and PDM at the time of the publication of this advisory

References:

- https://github.com/V4bel/dirtyfrag
- CVE-2026-43284
- CVE-2026-43500
 

Subject: PSA-2026-00020-1: "Fragnesia" local privilege escalation​


Advisory date: 2026-05-18

Packages: proxmox-kernel-*

Details:

Incomplete tracking of whether a network packet (fragment) is externally backed (for example by user-/attacker-provided pages from the page cache) could be exploited to escalate to root privileges by a local, unprivileged user.

This issue is similar to the Copy.Fail and DirtyFrag issues described in PSA-2026-00018-1 and PSA-2026-00019-1/-2, the mitigations described there still apply.

Fixed in:
- proxmox-kernel-7.0.2-3-pve or later (Trixie-based products)
- proxmox-kernel-6.17.13-8-pve or later (Trixie-based products)
- proxmox-kernel-6.14.11-9-pve or later (Trixie-based products)
- proxmox-kernel-6.8.12-24-pve or later (Bookworm-based products)
- proxmox-kernel-6.14.11-9-bpo12-pve or later (Bookworm-based products)

References:
- CVE-2026-46300
- https://github.com/v12-security/pocs/tree/main/fragnesia
 

Subject: PSA-2026-00021-1: "ssh-keysign-pwn" file disclosure via setuid binaries​


Advisory date: 2026-05-18

Packages: proxmox-kernel-*

Details:

A flaw in the Linux kernel was discovered that allowed a local, unprivileged user to exploit a race during the process exit of a setuid binary execution to leak file contents accessible to the setuid binary.

The proof-of-concept exploits currently publicly available can be mitigated by restricting ptrace access to root or disabling it entirely, by setting /proc/sys/kernel/yama/ptrace_scope to 2 or 3. This likely does not block the attack vector entirely, but prevents those particular PoCs from working.

Fixed in:
- proxmox-kernel-7.0.2-4-pve or later (Trixie-based products)
- proxmox-kernel-6.17.13-9-pve or later (Trixie-based products)
- proxmox-kernel-6.14.11-9-pve or later (Trixie-based products)
- proxmox-kernel-6.8.12-24-pve or later (Bookworm-based products)
- proxmox-kernel-6.14.11-9-bpo12-pve or later (Bookworm-based products)

References:
- CVE-2026-46333
- https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
 

Subject: PSA-2026-00022-1: "pintheft" local privilege escalation​


Advisory date: 2026-05-19

Packages: proxmox-kernel-*

Details:

A double-free bug in the RDS network handling code of the Linux kernel was discovered, which could be combined with an IO_URING page cache overwrite to achieve local privilege escalation.

Mitigation:

Until fixed kernel packages are available, disabling loading of the affected kernel modules mitigates the vulnerability:

Check if the modules are loaded:

# lsmod | grep -e rds -e rds_tcp

If this command displays output and you are not aware of benign usage of RDS, it is possible that an attacker already tried to exploit the issue on this system.

Disable loading of the modules:

# sh -c "printf 'install rds /bin/false\ninstall rds_tcp /bin/false' > /etc/modprobe.d/pintheft.conf"

Remove any already loaded instance of the module:

# rmmod rds_tcp rds

Fixed in:

A second advisory will be published with the fixed kernel versions once they are available.

References:

- https://github.com/v12-security/pocs/tree/main/pintheft
 
Last edited:
Status
Not open for further replies.
Top Bottom
Back