security: cover Dirty Frag RxRPC RXGK paths

[Jess Sullivan (Jesssullivan)]

Summary

• add a CVE-2026-43500 RXGK DATA/RESPONSE linearize/COW backport for RXGK-capable kernels
• require the RXGK backport in build/cadence gates for 6.18.x, 6.19.x, and 7.0.x vulnerable bases
• update README/security/source-sync/release notes so the RxRPC posture distinguishes RXKAD-only and RXGK-capable bases
• extend flake patch-series hygiene to require all repo-managed security backports

Validation

• bash -n xr/scripts/build-rpm.sh xr/scripts/generate-cadence-report.sh xr/scripts/check-kernel-carry.sh
• git diff --check
• bash xr/scripts/build-rpm.sh --kernel-version 6.12.87 --xr-release 1 --security-preflight-only
• bash xr/scripts/build-rpm.sh --kernel-version 6.18.28 --xr-release 1 --security-preflight-only
• bash xr/scripts/build-rpm.sh --kernel-version 6.19.5 --xr-release 11 --security-preflight-only
• bash xr/scripts/build-rpm.sh --kernel-version 7.0.5 --xr-release 1 --security-preflight-only
• zero-fuzz security patch application against stable/linux-6.12.y, stable/linux-6.18.y, extracted 6.19.5, stable/linux-7.0.y, and linus/master
• bash xr/scripts/generate-cadence-report.sh --skip-patch-triage --output -
• nix flake check --system x86_64-linux

Notes

Debian now tracks CVE-2026-43500 and carries an RxRPC skb->data_len fix, but this checkout still does not show an NVD/CVE.org public record or kernel.org upstream fixed floor. Keep the linux-xr RxRPC backport route active until that floor is proven.