Skip to content
topics.

Dirty Frag, new Linux zero‑day, gives local attackers root on major distros

techMay 8, 202618291

Security researcher Hyunwoo Kim disclosed 'Dirty Frag' (CVE-2026-43284 and CVE-2026-43500), two Linux kernel elevation-of-privilege flaws in the IPsec ESP and rxrpc code that a proof-of-concept exploit can use to obtain local root on Ubuntu, Red Hat Enterprise Linux and Fedora. A public PoC repository reproduces the exploit and distribution maintainers have prepared kernel patches and distro-specific fixes that are currently undergoing testing. The flaws follow the Copy Fail class of bugs and specifically target networking and VPN stacks, so compromised VPN endpoints or untrusted local users can escalate to immediate root. System administrators should prioritize testing and deploying the available kernel updates and harden access to local and VPN-exposed hosts until fixes are widely rolled out.

GrapheneOS
@grapheneos.org

GrapheneOS isn't vulnerable to the 3 recently disclosed Linux kernel vulnerabilities named Copy Fail, Copy Fail 2 and Dirty Frag. Current Android Open Source Project SELinux policies block exploiting all 3 bugs. Standard AOSP GKI kernel configuration also has 2/3 of the vulnerable features disabled.

12046d ago
GrapheneOS29

Attack surface reduction via fine-grained SELinux policy rules and stripping out unused kernel features via kernel configuration goes a long way to protecting against vulnerabilities. There's also seccomp-bpf for various standard sandboxes but most of the attack surface reduction is via SELinux.

magnesit4

It's crazy how much Android differs from the "default" Linux desktop distribution many have in mind when talking about Linux. So many exploits are just outright not applicable because extensive hardening has been done by the AOSP team alone. Very reassuring.

.Aeto ⌬2

I can't believe this is how I learn about Copy Fail 2 How annoying. Gotta take my servers off the internet for a while after all.

Liam @ GamingOnLinux
@gamingonlinux.com

Linux security flaws Dirty Frag and Copy Fail are a good reminder to stay up to date #Linux #OpenSource #Security

5945d ago
Brodie Robertson
@brodierobertson.xyz

Copy Fail 2 by the name of Dirty Frag just dropped a few hours back and since a 3rd party found the exploit the reporter had to break embargo so basically no distros are patched phoronix.com/news/Dirty-F... I know both Nix and KDE Linux are both shipping the temporary fix.

1946d ago
Thomas Fuchs
@thomasfuchs.at

Heads-up if you run Linux servers, another very bad security vulnerability dropped, here‘s Ubuntu’s post on ”Dirty Frag”. Patch asap. ubuntu.com/blog/dirty-f...

1245d ago
The Register
@theregister.com

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

845d ago
Phoronix
@phoronix-poster.bsky.social

Dirty Frag Vulnerability Made Public Early: Root Privilege On All Distributions - https://www.phoronix.com/news/Dirty-Frag-Linux

1146d ago
Sisyphus, but for reducing tail latency
@bluespacecanary.bsky.social

You can tell we've made genuine progress on security because local privilege escalations get hyped like this now lol. No RCE, no remote key disclosure, no hypervisor escape, literally just local user -> root

Devastating 'Dirty Frag' exploit leaks out, gives immediate root access on most Linux machines since 2017, no patches available, no warning given — Copy Fail-like vulnerability had its embargo broken
1045d ago
New In Linux
@newinlinux.bsky.social

A vulnerability allowing normal users to gain root privileges was publicly disclosed Thursday. Following on the heels of Copy Fail, this one is called "Dirty Frag," and it affects all #Linux distributions. www.newinlinux.com/dirty-frag-v...

346d ago
InfoSec
@infosec.skyfleet.blue

New Linux 'Dirty Frag' zero-day gives root on all major distros

645d ago
winter
@winter.bsky.social

(these (copyfail2 and dirty frag) are the same vulns, fwiw)

846d ago
Best of r/cybersecurity
@cybersecurity.page

Researchers have disclosed "Dirty Frag," a Linux kernel vulnerability involving page-cache corruption in the decryption fast path that could allow local privilege escalation to root. It's similar to past flaws like Dirty Pipe, affecting multi-user and containerized environments.

545d ago
9to5Linux.com
@9to5linux.com

Dirty Frag #Linux Kernel Flaw Allows Local Privilege Escalation, Patch Now 9to5linux.com/dirty-frag-l...

645d ago
Microsoft Threat Intelligence
@threatintel.microsoft.com

Similar to the previously disclosed Copy Fail vulnerability (CVE-2026-31431), the exploit attempts to manipulate Linux page cache behavior to achieve privilege escalation. However, Dirty Frag introduces additional attack paths that expand exploitation opportunities and improve reliability.

545d ago
Linuxiac
@linuxiac.bsky.social

Dirty Frag follows Copy Fail with a new Linux kernel local privilege escalation risk affecting major distributions and server environments. linuxiac.com/after-copy-f... #Linux #Kernel #OpenSource #Security

345d ago
Zak
@zacksryl.bsky.social

Rough week for Linux security exploits, it seems. Two major ones in the span of just one, tough stuff. Thankfully, there is a manual fix for DIrty Frag until distros get around to patching it & Copy Fail should be patched by all distros soon(ish) enough.

445d ago
3 sources
bleepingcomputer.comNew Linux 'Dirty Frag' zero-day gives root on all major distrosshare.transistor.fmLinux Dirty Frag and the Canvas Breach Escalation [Prime Cyber Insights]almalinux.orgDirty Frag (CVE-2026-43284, CVE-2026-43500) vulnerability fix is ready for testing

Related

Truth Social parent reports $405M quarterly losstechDiscord reports 'Increased API Errors' outagetechCanvas hack strands students during finals, universities postpone examstechParis prosecutors open criminal probe into Elon Musk over X contenttech