Dirty Frag LPE Chains Two Kernel Flaws to Root Across Major Linux Distros
Security researchers have disclosed Dirty Frag, a new unpatched Linux kernel local privilege escalation that chains two bugs—xfrm-ESP Page-Cache Write and RxRPC Page-Cache Write—to grant root on most distributions (e.g., Ubuntu 24.04.4, RHEL 10.1, Fedora 44). There is no CVE yet, and a working PoC exists; exploits are being weaponized in the wild. Patches are not yet available, so admins are advised to block esp4, esp6, and rxrpc modules until fixes arrive. The flaw sits in in-place decryption paths for paged fragments in esp4/esp6/rxrpc, allowing plaintext access and privilege escalation even if other mitigations like algif_aead are in use.