New Linux 'Dirty Frag' Zero-Day Gives Root On All Major Distros

Published: 2 days ago (May 8, 2026 at 05:00 PM EDT)

1 min read

Source: Slashdot

Overview

Dirty Frag is a newly disclosed vulnerability class, first discovered and reported by Hyunwoo Kim (@v4bel). It enables root‑level privilege escalation on major Linux distributions by chaining two separate page‑cache write bugs:

xfrm‑ESP Page‑Cache Write vulnerability
RxRPC Page‑Cache Write vulnerability

Dirty Frag extends the bug family that includes Dirty Pipe and Copy Fail. Unlike many exploits that rely on timing windows, Dirty Frag is a deterministic logic bug—no race condition is required, the kernel does not panic on failure, and the success rate is very high.

Technical Details

The exploit combines the two page‑cache write vulnerabilities to achieve root access.
Because the bug is deterministic, it works reliably across all major Linux distributions.
At the time of disclosure, no patches or CVE identifiers had been issued.

CVE Tracking

BleepingComputer reports that the individual vulnerabilities are now tracked under the following CVE IDs:

Vulnerability	CVE ID
xfrm‑ESP Page‑Cache Write	CVE‑2026‑43284
RxRPC Page‑Cache Write	CVE‑2026‑43500

References

Detailed technical information can be found [here].
Original report shared by mrspoonsi.
BleepingComputer coverage of the CVE assignments.

New Linux 'Dirty Frag' Zero-Day Gives Root On All Major Distros

Overview

Technical Details

CVE Tracking

References

Related posts

New Linux 'Dirty Frag' zero-day gives root on all major distros

Dirty Frag: Universal Linux LPE

Devastating 'Dirty Frag' exploit leaks out, gives immediate root access on most Linux machines since 2017, no patches available, no warning given — Copy Fail-like vulnerability had its embargo broken

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions