Dirty Frag: Linux zero-day chains kernel flaws to grant root on major distros

May 9, 2026 at 09:29 PM

•

1 min read

Dirty Frag: Linux zero-day chains kernel flaws to grant root on major distros — Photo: BleepingComputer

TL;DR Summary

A new Linux local privilege escalation called Dirty Frag chains two kernel page-cache write flaws (xfrm-ESP and RxRPC) to gain root on most major distributions; a PoC and full documentation were released after an embargo was breached. Patches are not yet available; mitigations involve disabling esp4, esp6, and rxrpc modules (which breaks IPsec VPNs). CVEs are CVE-2026-43284 and CVE-2026-43500; CISA warns about similar risks and urges patching and mitigation where possible.

Topics:business #kernel #linux #root-access #technology #vulnerability #zero-day

Share this article

New Linux 'Dirty Frag' zero-day gives root on all major distros BleepingComputer
Active attack: Dirty Frag Linux vulnerability expands post-compromise risk Microsoft
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions The Hacker News
Dirty Frag (CVE-2026-43284) Linux Privilege Escalation wiz.io
'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit The Register

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

91%

804 → 71 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights