Summary
Everpure is aware of the publicly disclosed Linux kernel vulnerability referred to as “DirtyFrag.” (CVE-2026-43284 and CVE-2026-43500) This issue is currently described as a local privilege escalation technique requiring the ability to execute arbitrary code on the affected Linux system. Everpure FlashArray and FlashBlade appliances are purpose-built storage platforms administered through supported Purity management interfaces and do not provide customers with general-purpose shell access or the ability to execute arbitrary commands on the underlying operating environment.
Based on our current assessment, Everpure has not identified a supported customer accessible path to exploit this issue on FlashArray or FlashBlade. As a result, we do not believe this issue is exploitable through normal product interfaces. Pure will continue to monitor upstream vendor guidance and will incorporate any applicable fixes into future Purity releases as part of our secure development and maintenance lifecycle.
Corrective Action
No corrective action is required.
General Network Security Best Practices
Everrpure recommends following network security best practices that minimize the risk of compromise due to vulnerabilities:
-
Restrict array access to only trusted users. Everpure strongly encourages the widely-endorsed best practice of highly restricting -if not blocking altogether- internet access to management interfaces.
-
Closely monitor arrays for abnormal or unexpected workload/ IO spikes or utilization as a leading indicator.
-
Enable edge detection/protection mechanisms in the firewall / IDS / IPS systems to detect anomalous access or traffic patterns.
-
In FlashBlade //Purity version 4.4.0 onward, network policies can be configured to ensure only users from trusted IPs can access the array.
-
We recommend leveraging strong authentication mechanisms such as Single-Sign-On (SSO) with multi-factor authentication (MFA) to secure access to the management interface.
Contacting Support
If you need assistance with this issue please call Technical Services at +1 866-244-7121. If calling from outside the US, please select from the list of phone numbers here: Contact Us.