diff --git a/README.md b/README.md index f49a9cb..d50de4b 100644 --- a/README.md +++ b/README.md @@ -18,8 +18,8 @@ Because the embargo has currently been broken, no patch or CVE exists. After con > [!NOTE] > **2026-05-08 Update:** -> - The `xfrm-ESP Page-Cache Write` vulnerability has been assigned `CVE-2026-43284` and patched in mainline at [f4c50a4034e6](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4). -> - The `RxRPC Page-Cache Write` vulnerability has been reserved as `CVE-2026-43500` for tracking; no patch exists in any tree yet. +> - The `xfrm-ESP Page-Cache Write` vulnerability has been assigned **CVE-2026-43284** and patched in mainline at [f4c50a4034e6](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4). +> - The `RxRPC Page-Cache Write` vulnerability has been reserved as **CVE-2026-43500** for tracking; no patch exists in any tree yet. # Exploiting @@ -43,8 +43,8 @@ or reboot the system. # Affected Versions -- `CVE-2026-43284`: xfrm-ESP Page-Cache Write vulnerability is in scope from [cac2661c53f3 (2017-01-17)](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cac2661c53f3) up to [f4c50a4034e6 (2026-05-05)](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4). -- `CVE-2026-43500`: RxRPC Page-Cache Write vulnerability is in scope from [2dc334f1a63a (2023-06-08)](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2dc334f1a63a) up to upstream. +- **CVE-2026-43284**: xfrm-ESP Page-Cache Write vulnerability is in scope from [cac2661c53f3 (2017-01-17)](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cac2661c53f3) up to [f4c50a4034e6 (2026-05-05)](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4). +- **CVE-2026-43500**: RxRPC Page-Cache Write vulnerability is in scope from [2dc334f1a63a (2023-06-08)](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2dc334f1a63a) up to upstream. In other words, the effective lifetime of the vulnerabilities is about 9 years.