CVE-2026-43284
published 2026-05-08CVE-2026-43284: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages…
PriorityP183high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
93.23%
99.8th percentile
In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP
marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(),
so later paths that may modify packet data can first make a private
copy. The IPv4/IPv6 datagram append paths did not set this flag when
splicing pages into UDP skbs.
That leaves an ESP-in-UDP packet made from shared pipe pages looking
like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW
fast path for uncloned skbs without a frag_list and decrypts in place
over data that is not owned privately by the skb.
Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching
TCP. Also make ESP input fall back to skb_cow_data() when the flag is
present, so ESP does not decrypt externally backed frags in place.
Private nonlinear skb frags still use the existing fast path.
This intentionally does not change ESP output. In esp_output_head(),
the path that appends the ESP trailer to existing skb tailroom without
calling skb_cow_data() is not reachable for nonlinear skbs:
skb_tailroom() returns zero when skb->data_len is nonzero, while ESP
tailen is positive. Thus ESP output will either use the separate
destination-frag path or fall back to skb_cow_data().
Affected
75 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux | — | — |
| linux | linux | >= cac2661c53f35cbe651bef9b07026a5a05ab8ce0 < a6cb440f274a22456ef3e86b457344f1678f38f9 | a6cb440f274a22456ef3e86b457344f1678f38f9 |
| linux | linux | >= cac2661c53f35cbe651bef9b07026a5a05ab8ce0 < ab8b995323e5237041472d07e5055f5f7dcdf15b | ab8b995323e5237041472d07e5055f5f7dcdf15b |
| linux | linux | >= cac2661c53f35cbe651bef9b07026a5a05ab8ce0 < fe785bb3a8096dffcc4048a85cd0c83337eeecad | fe785bb3a8096dffcc4048a85cd0c83337eeecad |
| linux | linux | >= cac2661c53f35cbe651bef9b07026a5a05ab8ce0 < 5d55c7336f8032d434adcc5fab987ccc93a44aec | 5d55c7336f8032d434adcc5fab987ccc93a44aec |
| linux | linux | >= cac2661c53f35cbe651bef9b07026a5a05ab8ce0 < 8253aab4659ca16116b522203c2a6b18dccacea7 | 8253aab4659ca16116b522203c2a6b18dccacea7 |
| linux | linux | >= cac2661c53f35cbe651bef9b07026a5a05ab8ce0 < 50ed1e7873100f77abad20fd31c51029bc49cd03 | 50ed1e7873100f77abad20fd31c51029bc49cd03 |
| linux | linux | >= cac2661c53f35cbe651bef9b07026a5a05ab8ce0 < b54edf1e9a3fd3491bdcb82a21f8d21315271e0d | b54edf1e9a3fd3491bdcb82a21f8d21315271e0d |
| linux | linux | >= cac2661c53f35cbe651bef9b07026a5a05ab8ce0 < 71a1d9d985d26716f74d21f18ee8cac821b06e97 | 71a1d9d985d26716f74d21f18ee8cac821b06e97 |
| linux | linux | >= cac2661c53f35cbe651bef9b07026a5a05ab8ce0 < 52646cbd00e765a6db9c3afe9535f26218276034 | 52646cbd00e765a6db9c3afe9535f26218276034 |
| linux | linux | >= cac2661c53f35cbe651bef9b07026a5a05ab8ce0 < f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4 | f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 4.11 < 5.10.255 | 5.10.255 |
| linux | linux_kernel | >= 5.12 < 5.15.205 | 5.15.205 |
| linux | linux_kernel | >= 5.16 < 6.1.171 | 6.1.171 |
| linux | linux_kernel | >= 6.13 < 6.18.28 | 6.18.28 |
| linux | linux_kernel | >= 6.2 < 6.6.138 | 6.6.138 |
| linux | linux_kernel | >= 6.7 < 6.12.87 | 6.12.87 |
| linux | linux_kernel | >= 7.0 < 7.0.5 | 7.0.5 |
| ubuntu | linux | — | — |
| ubuntu | linux-aws | — | — |
| ubuntu | linux-aws-5.15 | — | — |
| ubuntu | linux-aws-5.4 | — | — |
| ubuntu | linux-aws-6.17 | — | — |
| ubuntu | linux-aws-6.8 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for in-place decryption of ESP packets over skb frags backed by shared pipe pages (SKBFL_SHARED_FRAG flag absent on UDP skbs built via MSG_SPLICE_PAGES). Exploitation requires the esp4 or esp6 kernel module to be loaded and reachable. ↗
- →Detect use of splice() syscall by unprivileged users in combination with ESP/IPsec socket operations, which is the zero-copy send path used to plant a page-cache page reference into the sender-side skb frag slot. ↗
- →Alert on unexpected in-memory modification of sensitive read-only files such as /etc/passwd or /usr/bin/su without corresponding on-disk changes — a hallmark of page-cache corruption exploits in this vulnerability class. ↗
- →Detect abnormal privilege escalations and track execution of compilation tools and exploit-like behavior, as the exploit requires local access and may involve building exploit code on the target system. ↗
- →Monitor for creation or modification of /etc/modprobe.d/dirtyfrag.conf or /etc/modprobe.d/dirtyfrag-mitigation.conf as indicators of either attacker cleanup activity or defensive mitigation deployment. ↗
- →In containerized environments, monitor for attempts to override binaries in the base layer following a privilege escalation, as Dirty Frag can be used to escape to host by corrupting shared page-cache-backed files. ↗
- →The Metasploit module for CVE-2026-43284 is classified as a local exploit type; detect execution of the module path linux/local/cve_2026_43284_dirty_frag or associated process artifacts on monitored endpoints. ↗
- ·Denylisting esp4 and esp6 kernel modules will disable IPsec ESP functionality. Environments relying on IPsec VPN tunnels or IPsec-encrypted communication will experience disruption if this mitigation is applied. ↗
- ·Denylisting the rxrpc kernel module will break AFS distributed network file systems. Assess operational impact before applying this mitigation in AFS-dependent environments. ↗
- ·CVE-2026-43284 (xfrm-ESP) and CVE-2026-43500 (RxRPC) must be chained together for reliable full root escalation; neither sub-vulnerability alone provides a sufficiently reliable primitive. ↗
- ·The exploit requires CAP_NET_ADMIN capability in addition to local access; environments that restrict user namespaces (sysctl user.max_user_namespaces=0) may limit the attack surface. ↗
- ·The page-cache corruption is in-memory only; the on-disk file (e.g., /usr/bin/su) is unchanged, making file-integrity monitoring of on-disk files insufficient to detect active exploitation. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vulncheck8.8HIGH
vendor_ubuntu8.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2026-06-22·CVSS 8.8
CVE-2026-43284 [HIGH] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000)
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container.
Ubuntu
Linux kernel (Oracle) vulnerabilities
vendor_ubuntu·2026-06-22·CVSS 7.8
CVE-2026-43284 [HIGH] Linux kernel (Oracle) vulnerabilities
Title: Linux kernel (Oracle) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)
It was discovered that a logic f
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2026-06-16·CVSS 7.8
CVE-2026-43503 [HIGH] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)
It was discovered that a logic fl
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2026-06-16·CVSS 6.4
CVE-2026-23262 [MEDIUM] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo
Rizzo discovered that some AMD Zen processors did not properly verify the
signature of CPU microcode. This flaw is known as EntrySign. A privileged
attacker could possibly use this issue to cause load malicious CPU
microcode causing loss of integrity and confidentiality. (CVE-2024-36347)
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
It was discovered that the Linux kernel did not properly handle share
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2026-06-11·CVSS 7.8
CVE-2026-46333 [HIGH] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)
It was discovered that a logic fl
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2026-06-04·CVSS 7.8
CVE-2026-43033 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)
Several security issues were discovered i
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2026-06-04·CVSS 8.8
CVE-2026-43284 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- RDS protocol;
(CVE-2026-43494)
Instructions: After a standard system update you need to reboot your computer to ma
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities
vendor_ubuntu·2026-06-04·CVSS 7.8
CVE-2026-23069 [HIGH] Linux kernel (Azure FIPS) vulnerabilities
Title: Linux kernel (Azure FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-4600
Ubuntu
Linux kernel vulnerability
vendor_ubuntu·2026-06-04
CVE-2026-43284 Linux kernel vulnerability
Title: Linux kernel vulnerability
Summary: The system could be made to run programs as an administrator.
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless y
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2026-06-04·CVSS 5.5
CVE-2026-31504 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)
Several security issues w
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2026-06-04·CVSS 8.8
CVE-2026-43284 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503,
CVE-2026-46300)
Qualys
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-43284
vendor_chrome·2026-06-03·CVSS 8.8
CVE-2026-43284 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-43284
Stable Channel Update for ChromeOS / ChromeOS Flex
CVE-2026-43284
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2026-06-02·CVSS 8.8
CVE-2026-47333 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000)
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-202
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2026-06-02·CVSS 8.8
CVE-2026-47333 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000)
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-202
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2026-06-02·CVSS 7.8
CVE-2025-71134 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000)
It was di
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2026-06-02·CVSS 8.8
CVE-2026-46300 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000)
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-202
Red Hat
kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel
vendor_redhat·2026-05-07·CVSS 7.8
CVE-2026-43284 [HIGH] CWE-123 kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel
kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel
The “Dirty Frag” vulnerability is a local privilege escalation (LPE) issue in the Linux kernel that combines flaws in the ESP/XFRM and RXRPC subsystems to allow an unprivileged local attacker to gain root access on major Linux distributions (using any of these two: ESP/XFRM or RXRPC flaws). The attack abuses kernel page-cache manipulation and network protocol handling to overwrite privileged binaries and execute arbitrary code with elevated privileges. Exploitation differs by distribution: the ESP issue affects systems permitting unprivileged user namespaces, while the RXRPC issue impacts distributions with RXRPC enabled, such as Ubuntu. Together, the vulnerabilities provide broad cr
Fortinet
Linux Kernel vulnerability Dirty Frag
vendor_fortinet·CVSS 8.8
CVE-2026-43284 [HIGH] Linux Kernel vulnerability Dirty Frag
FG-IR-26-144: Linux Kernel vulnerability Dirty Frag
CVSSv3 Score:
7.9
Linux kernel is impacted by CVE-2026-43284 and CVE-2026-43500 which chained together create the Dirty Frag vulnerability.CVE-2026-43284In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for unclo
VulDB
Linux Kernel up to 6.6.137/6.12.86/6.18.27/7.0.4 xfrm skb_splice_from_iter privilege escalation (EUVD-2026-28535 / Nessus ID 313239)
vuldb·2026-05-09·CVSS 7.8
CVE-2026-43284 [HIGH] Linux Kernel up to 6.6.137/6.12.86/6.18.27/7.0.4 xfrm skb_splice_from_iter privilege escalation (EUVD-2026-28535 / Nessus ID 313239)
A vulnerability was found in Linux Kernel up to 6.6.137/6.12.86/6.18.27/7.0.4 and classified as critical. Affected by this issue is the function skb_splice_from_iter of the component xfrm. Executing a manipulation can lead to privilege escalation.
The identification of this vulnerability is CVE-2026-43284. The attack needs to be done within the local network. There is no exploit available.
It is suggested to upgrade the affected component.
GHSA
GHSA-mmw8-mxmc-8w2r: In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
MSG_SPLICE_PAGES can attac
ghsa_unreviewed·2026-05-08
CVE-2026-43284 [HIGH] CWE-123 GHSA-mmw8-mxmc-8w2r: In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
MSG_SPLICE_PAGES can attac
In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP
marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(),
so later paths that may modify packet data can first make a private
copy. The IPv4/IPv6 datagram append paths did not set this flag when
splicing pages into UDP skbs.
That leaves an ESP-in-UDP packet made from shared pipe pages looking
like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW
fast path for uncloned skbs without a frag_list and decrypts in place
over data that is not owned privately by the skb.
Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching
TCP. Also make ESP input fall back t
VulnCheck
Linux Kernel Write-what-where Condition
vulncheck·2026·CVSS 8.8
CVE-2026-43284 [HIGH] Linux Kernel Write-what-where Condition
Linux Kernel Write-what-where Condition
In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP
marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(),
so later paths that may modify packet data can first make a private
copy. The IPv4/IPv6 datagram append paths did not set this flag when
splicing pages into UDP skbs.
That leaves an ESP-in-UDP packet made from shared pipe pages looking
like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW
fast path for uncloned skbs without a frag_list and decrypts in place
over data that is not owned privately by the skb.
Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matc
No detection rules found.
Exploit-DB
Linux Kernel - Local Privilege Escalation
exploitdb·2026-05-29·CVSS 8.8
CVE-2026-46300 [HIGH] Linux Kernel - Local Privilege Escalation
Linux Kernel - Local Privilege Escalation
---
# Titles:** Linux Kernel Local Privilege Escalation (CVE-2026-43284 /
CVE-2026-43500 / CVE-2026-46300)
# Author:** nu11secur1ty
# Date:** 2026-05-11
# Vendor:** Linux Kernel
# Software:** Linux Kernel (All major distributions)
# Vulnerability Type:** Page-Cache Write / Memory Corruption
# Status:** HIGH / CRITICAL
---
## Description
The **"Kukurigu"** exploit represents a sophisticated local privilege
escalation (LPE) vector targeting the Linux kernel's page-cache management.
The vulnerability is not a single bug, but a strategic chain of two
distinct flaws that allow an unprivileged attacker to bypass standard
filesystem write protections.
### Vulnerability Chain:
1. **CVE-2026-43284 (xfrm-ESP):** A logic error in the ESP protocol
implem
Exploit-DB
Linux Kernel - Local Privilege Escalation
exploitdb·2026-05-27·CVSS 8.8
CVE-2026-43500 [HIGH] Linux Kernel - Local Privilege Escalation
Linux Kernel - Local Privilege Escalation
---
# Titles:** Linux Kernel Local Privilege Escalation (CVE-2026-43284 /
CVE-2026-43500)
# Author:** nu11secur1ty
# Date:** 2026-05-11
# Vendor:** Linux Kernel
# Software:** Linux Kernel (All major distributions)
# Vulnerability Type:** Page-Cache Write / Memory Corruption
# Status:** HIGH / CRITICAL
---
## Description
The **"Kukurigu"** exploit represents a sophisticated local privilege
escalation (LPE) vector targeting the Linux kernel's page-cache management.
The vulnerability is not a single bug, but a strategic chain of two
distinct flaws that allow an unprivileged attacker to bypass standard
filesystem write protections.
### Vulnerability Chain:
1. **CVE-2026-43284 (xfrm-ESP):** A logic error in the ESP protocol
implementation when Ext
Metasploit
xfrm-ESP Page-Cache Write via CVE-2026-43284
metasploit·CVSS 8.8
CVE-2026-43284 [HIGH] xfrm-ESP Page-Cache Write via CVE-2026-43284
xfrm-ESP Page-Cache Write via CVE-2026-43284
CVE-2026-43284 is a Linux kernel page-cache write vulnerability in the IPsec/xfrm subsystem affecting ESP (Encapsulating Security Payload) fragmentation. Dubbed "DirtyFrag", the bug allows a local unprivileged user to gain write access to read-only page-cache pages by triggering a race condition in how the kernel handles shared fragments when processing ESP-encapsulated UDP packets. The exploit overwrites a SUID binary on disk to execute an arbitrary payload as root.
Hackernews
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
blogs_hackernews·2026-06-26·CVSS 8.8
CVE-2026-43503 [HIGH] New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant.
Tracked as CVE-2026-43503 (CVSS 8.8), it lets a local user corrupt file-backed memory through a cloned network packet and gain root. The patch landed in mainline on May 21; if your kernel does not have it, update now.
When the kernel copies a network packet internally, two helper functions drop a safety flag that marks the packet's m
Hackernews
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
blogs_hackernews·2026-06-09
CVE-2026-39987 Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service.
The preprint, posted to arXiv on June 2 and currently under peer review, shows why single-CVE patching breaks down when malware can inspect exposed services, read fresh adviso
Rapid7
Metasploit Wrap Up 05/29/2026
blogs_rapid7·2026-05-29·CVSS 9.8
CVE-2026-43284 [CRITICAL] Metasploit Wrap Up 05/29/2026
## More Linux LPEs
Hark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kicked off a trend of similar bugs and hot on its heels is Dirty Frag. Dirty Frag is actually two vulnerabilities in a trenchcoat, individually identified as CVE-2026-43284 and CVE-2026-43500. Each is exploitable individually and comes with a new Metasploit module.
## New module content (5)
## Citrix ADC (NetScaler) CVE-2026-3055 Scanner
Authors: sfewer-r7 and watchTowr
Type: Auxiliary
Pull request: #21204 contributed by sfewer-r7
Path: scanner/http/citrix_netscaler_cve_2026_3055
AttackerKB reference: CVE-2026-3055
Description: Adds auxiliary module targeting CVE-2026-3055, an info leak in Citrix NetScaler
Hackernews
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
blogs_hackernews·2026-05-19·CVSS 7.5
CVE-2026-31635 [HIGH] DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE).
Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that it was a duplicate of a vulnerability that had already been patched in the mainline.
"It's a rxgk pagecache write due to missing COW [copy-on-write] guard in rxgk_decrypt_skb," Zellic co-founder Luna Tong (a
Huntress
Panic at the Distro
blogs_huntress·2026-05-14·CVSS 7.8
CVE-2026-31431 [HIGH] Panic at the Distro
Acknowledgments: Special thanks to Jamie Levy, Tom Lawrence, Jim Deville, Tyler Bohlmann, and Shivangi Pandey for their contributions to this write-up.
## TL;DR
It’s never a good day for administrators when a branded vulnerability drops, especially when multiple of them land in rapid fire. Over the last two weeks, security researchers independently discovered multiple vulnerabilities in the Linux kernel that allow an unprivileged user to easily gain root access (local privilege escalation). All of these named vulnerabilities pertain to the Linux kernel’s zero-copy functionality, and are named CopyFail (CVE-2026-31431), Dirty Frag (CVE-2026-43284 and CVE-2026-43500), and Fragnesia (CVE-2026-46300).
While these vulnerabilities require an attacker to have established access on a victim mac
Bleepingcomputer
New Fragnesia Linux flaw lets attackers gain root privileges
blogs_bleepingcomputer·2026-05-14·CVSS 8.8
CVE-2026-46300 [HIGH] New Fragnesia Linux flaw lets attackers gain root privileges
## New Fragnesia Linux flaw lets attackers gain root privileges
## Sergiu Gatlan
Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability that allows attackers to run malicious code as root.
Known as Fragnasia and tracked as CVE-2026-46300 , this security flaw stems from a logic bug in the Linux XFRM ESP-in-TCP subsystem that can enable unprivileged local attackers to gain root privileges by writing arbitrary bytes to the kernel page cache of read-only files.
Zellic's head of assurance, William Bowling , who discovered this new universal local privilege escalation flaw, also shared a proof-of-concept (PoC) exploit that achieves a memory-write primitive in the kernel that is used to corrupt the page cache memory of the /usr/bin/su binary to
Tenable
Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation
blogs_tenable·2026-05-14
CVE-2026-46300 Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation
## Exposure Management
## Explore By Use Case
## Explore By Industry
## Tenable is the one clear leader in Exposure Management
## Exposure management
resource center
## Accelerate your exposure management strategy with practical resources and tools.
## Explore By Use Case
## Explore By Industry
## Tenable is the one clear leader in Exposure Management
## Exposure management
resource center
## Accelerate your exposure management strategy with practical resources and tools.
## Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation
A new Linux kernel local privilege escalation exploit with a public proof-of-concept targets the same subsystem as Dirty Frag but requires a separate patch.
## Key Takeaways
CVE
Rapid7
Patch Tuesday - May 2026
blogs_rapid7·2026-05-13·CVSS 10.0
CVE-2026-41089 [CRITICAL] Patch Tuesday - May 2026
Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above.
## Windows Netlogon: critical RCE
Anyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089 , which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges
Tenable
Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)
blogs_tenable·2026-05-12·CVSS 9.1
CVE-2026-41103 [CRITICAL] Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)
## Exposure Management
## Explore By Use Case
## Explore By Industry
## Tenable is the one clear leader in Exposure Management
## Exposure management
resource center
## Accelerate your exposure management strategy with practical resources and tools.
## Explore By Use Case
## Explore By Industry
## Tenable is the one clear leader in Exposure Management
## Exposure management
resource center
## Accelerate your exposure management strategy with practical resources and tools.
## Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)
16 Critical
102 Important
0 Moderate
0 Low
Microsoft addresses 118 CVEs in its May 2026 Patch Tuesday release, with no zero-days exploited in the wild or publicly disclosed for the first time since June 2024.
Microsoft p
Hackernews
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
blogs_hackernews·2026-05-11·CVSS 9.3
CVE-2026-6973 [CRITICAL] ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday.
Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like a guy tripped over root access by accident and decided to stay there.
The weird part is how normal this all sounds now. Fake updates. Quiet backdoors. Remote tools are used like skeleton keys. Forum rats swapping st
Qualys
Dirty Frag: Using the Page Caches as an Attack Surface
blogs_qualys·2026-05-09·CVSS 7.8
CVE-2026-43284 [HIGH] Dirty Frag: Using the Page Caches as an Attack Surface
## Table of Contents
Qualys QID Coverage
Remediate at Scale With TruRiskEliminate
Dirty Frag is a Linux local privilege escalation (LPE) chain published on May 7, 2026. It combines two previously unknown kernel vulnerabilities can allow an unprivileged local user to escalate to root on many major Linux distributions.
xfrm-ESP Page-Cache Write (CVE-2026-43284)
RxRPC Page-Cache Write (CVE-2026-43500)
As of May 8, 2026, CVE-2026-43284 had been patched in mainline Linux, while public reporting indicated that CVE-2026-43500 did not yet have patches available.
The Dirty Pipe Connection:
Dirty Frag is the third discovery of a bug class that all share similar logic. A zero-copy send path plants an attacker-controlled or attacker-readable page into a kernel data structure as a raw reference
Wiz
Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC
blogs_wiz·2026-05-08·CVSS 7.8
CVE-2026-43284 [HIGH] Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC
A newly disclosed Linux kernel local privilege escalation vulnerability chain, dubbed “Dirty Frag” and assigned CVE-2026-43284 and CVE-2026-43500 , enables attackers with local access to obtain root privileges by exploiting flaws in the ESP (IPsec) and RxRPC subsystems. While no official patches are currently available, a public proof-of-concept exists. Organizations should assume the vulnerability is valid and exploitable under certain conditions. This vulnerability is a successor to Copy Fail (CVE-2026-31431) , and was discovered by Hyunwoo Kim (@v4bel). "CopyFail2" is another name for the same vulnerability, and is based on an exploit reversed from the fix commit .
## What is Dirty Frag?
Dirty Frag is a vulnerability chain combining two page-cache write primitives in the Linux kernel:
Tenable
Why the approaching flood of vulnerabilities changes everything — and what to do about it
blogs_tenable·2026-05-08
CVE-2026-43284 Why the approaching flood of vulnerabilities changes everything — and what to do about it
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Sans Isc
Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
blogs_sans_isc·2026-05-08·CVSS 7.8
CVE-2026-31431 [HIGH] Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag
Published: 2026-05-08. Last Updated: 2026-05-08 14:57:03 UTC
by Yee Ching Tok (Version: 1)
0 comment(s)
Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred to as "Dirty Frag," this vulnerability was discovered and reported by Hyunwoo Kim (@v4bel) [1]. In this diary, I will provide a brief background on Dirty Frag, and discuss its relationship to Copy Fail. I will then discuss how to mitigate Dirty Frag and outline recommended next steps for system owners.
The existence of Dirty Frag was revealed after the coordinated disclosure embargo was broken by an unrela
Hackernews
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
blogs_hackernews·2026-05-08·CVSS 7.8
CVE-2026-31431 [HIGH] Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.
Dubbed Dirty Frag , it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers on April 30, 2026.
"Dirty Frag is a vulnerability (class) that achieves root privileges on most Linux distributions by chaining the xfrm-ESP Page-Cac
Bleepingcomputer
New Linux 'Dirty Frag' zero-day gives root on all major distros
blogs_bleepingcomputer·2026-05-08
CVE-2026-43284 New Linux 'Dirty Frag' zero-day gives root on all major distros
## New Linux 'Dirty Frag' zero-day gives root on all major distros
## Sergiu Gatlan
Kim released complete Dirty Frag documentation and a PoC exploit with distribution maintainers' agreement after an embargo on full public disclosure was broken on May 7, 2026, when an unrelated third party independently published the exploit.
"Because the embargo has currently been broken, no patch or CVE exists. After consultation with the maintainers on [email protected] and at their request, this Dirty Frag document is being published," Kim said.
To secure systems against attacks, Linux users can use the following command to remove the vulnerable esp4, esp6, and rxrpc kernel modules (however, it's important to note that this will break IPsec VPNs and AFS distributed network file systems)
Tenable
Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain
blogs_tenable·2026-05-08·CVSS 7.8
CVE-2026-43284 [HIGH] Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2026-43500 kernel: "Dirty Frag" RxRPC variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel
bugzilla·2026-05-08·CVSS 8.8
CVE-2026-43500 [HIGH] CVE-2026-43500 kernel: "Dirty Frag" RxRPC variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel
CVE-2026-43500 kernel: "Dirty Frag" RxRPC variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel
The “Dirty Frag” vulnerability is a local privilege escalation (LPE) issue in the Linux kernel that combines flaws in the ESP/XFRM and RXRPC subsystems (each one separately could be used) to allow an unprivileged local attacker to gain root access on major Linux distributions. The CVE-2026-43500 is about RxRpc variant of vulnerability and the other similar CVE-2026-43284 is about ESP/XFRM variant. The attack abuses kernel page-cache manipulation and network protocol handling to overwrite privileged binaries and execute arbitrary code with elevated privileges. Exploitation differs by distribution: the ESP issue affects systems permitting unprivileged user
https://git.kernel.org/stable/c/50ed1e7873100f77abad20fd31c51029bc49cd03https://git.kernel.org/stable/c/52646cbd00e765a6db9c3afe9535f26218276034https://git.kernel.org/stable/c/5d55c7336f8032d434adcc5fab987ccc93a44aechttps://git.kernel.org/stable/c/71a1d9d985d26716f74d21f18ee8cac821b06e97https://git.kernel.org/stable/c/8253aab4659ca16116b522203c2a6b18dccacea7https://git.kernel.org/stable/c/a6cb440f274a22456ef3e86b457344f1678f38f9https://git.kernel.org/stable/c/ab8b995323e5237041472d07e5055f5f7dcdf15bhttps://git.kernel.org/stable/c/b54edf1e9a3fd3491bdcb82a21f8d21315271e0dhttps://git.kernel.org/stable/c/f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4https://git.kernel.org/stable/c/fe785bb3a8096dffcc4048a85cd0c83337eeecadhttp://www.openwall.com/lists/oss-security/2026/05/08/7http://www.openwall.com/lists/oss-security/2026/05/13/6http://www.openwall.com/lists/oss-security/2026/05/14/2http://www.openwall.com/lists/oss-security/2026/05/14/4https://www.vicarius.io/vsociety/posts/cve-2026-43284-detection-script-dirty-frag-linux-kernel-local-privilege-escalationhttps://www.vicarius.io/vsociety/posts/cve-2026-43284-mitigation-script-dirty-frag-linux-kernel-local-privilege-escalationhttps://access.redhat.com/errata/RHSA-2026:16061https://access.redhat.com/errata/RHSA-2026:16062https://access.redhat.com/errata/RHSA-2026:16100https://access.redhat.com/errata/RHSA-2026:16155https://access.redhat.com/errata/RHSA-2026:16157https://access.redhat.com/errata/RHSA-2026:16160https://access.redhat.com/errata/RHSA-2026:16161https://access.redhat.com/errata/RHSA-2026:16171https://access.redhat.com/errata/RHSA-2026:16176https://access.redhat.com/errata/RHSA-2026:16180https://access.redhat.com/errata/RHSA-2026:16195https://access.redhat.com/errata/RHSA-2026:16196https://access.redhat.com/errata/RHSA-2026:16201https://access.redhat.com/errata/RHSA-2026:16202https://access.redhat.com/errata/RHSA-2026:16203https://access.redhat.com/errata/RHSA-2026:16204https://access.redhat.com/errata/RHSA-2026:16206https://access.redhat.com/errata/RHSA-2026:16254https://access.redhat.com/errata/RHSA-2026:16312https://access.redhat.com/errata/RHSA-2026:16314https://access.redhat.com/errata/RHSA-2026:16328https://access.redhat.com/errata/RHSA-2026:17795https://access.redhat.com/errata/RHSA-2026:18025https://access.redhat.com/errata/RHSA-2026:19074https://access.redhat.com/errata/RHSA-2026:19225https://access.redhat.com/errata/RHSA-2026:19564https://access.redhat.com/errata/RHSA-2026:19568https://access.redhat.com/errata/RHSA-2026:19569https://access.redhat.com/errata/RHSA-2026:19572https://access.redhat.com/errata/RHSA-2026:19573https://access.redhat.com/errata/RHSA-2026:19574https://access.redhat.com/errata/RHSA-2026:19575https://access.redhat.com/errata/RHSA-2026:19577https://access.redhat.com/errata/RHSA-2026:21695https://access.redhat.com/errata/RHSA-2026:23233https://access.redhat.com/errata/RHSA-2026:26542https://access.redhat.com/security/cve/CVE-2026-43284https://bugzilla.redhat.com/show_bug.cgi?id=2467771https://github.com/V4bel/dirtyfraghttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43284.json
2026-05-08
Published
Exploited in the wild