Linux kernel Dirty Frag blocklist mitigation
Advisory/Mitigation
Summary
Hide ▲
Show ▼
CloudLinx and Linux distribution advisories now recommend blocklisting esp4, esp6, and rxrpc to reduce exposure to the Dirty Frag Linux kernel LPE while patches are pending.
Related Happenings
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
Vulnerability
First: 18.05.2026 10:18
Last: 18.05.2026 10:18
Sources 1
About this happening:
A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
VulnerabilityAbout this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
Vulnerability
First: 14.05.2026 10:06
Last: 14.05.2026 10:06
Sources 1
About this happening:
**Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
VulnerabilityAbout this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Latest development: 14.05.2026 16:00
Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.
F5 security patch release for CVE-2026-42945
Security Patch Release
First: 14.05.2026 09:00
Last: 14.05.2026 09:00
Sources 1
About this happening:
F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...
F5 security patch release for CVE-2026-42945
Security Patch ReleaseAbout this happening: F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...
Latest development: 17.05.2026 14:57
VulnCheck reported active exploitation of CVE-2026-42945 against NGINX Plus and NGINX Open, saying honeypot networks saw weaponized crafted HTTP requests that can crash worker processes and, when ASLR is disabled, enable remote code execution.
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch Release
First: 11.05.2026 17:30
Last: 11.05.2026 17:30
Sources 1
How related:
Meanwhile, maintainers of Linux distributions are progressively releasing patches for CVE-2026-43284 and CVE-2026-43500.
About this happening:
**Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch ReleaseHow related: Meanwhile, maintainers of Linux distributions are progressively releasing patches for CVE-2026-43284 and CVE-2026-43500.
About this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)
Vulnerability
First: 11.05.2026 11:15
Last: 11.05.2026 11:15
Sources 1
How related:
Meanwhile, the Linux kernel security team disclosed two separate high-severity page-cache vulnerabilities on May 8 which, chained together, make Dirty Frag.
About this happening:
A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...
Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)
VulnerabilityHow related: Meanwhile, the Linux kernel security team disclosed two separate high-severity page-cache vulnerabilities on May 8 which, chained together, make Dirty Frag.
About this happening: A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...
Timeline
-
08.05.2026 08:12 1 articles · 19d ago
Dirty Frag disclosure to Linux kernel maintainers
Initial DisclosureLinux kernel maintainers received disclosure of the Dirty Frag local privilege escalation on April 30, 2026, establishing an unpatched flaw that chains xfrm-ESP Page-Cache Write and RxRPC Page-Cache Write to reach root on many Linux distributions.
Show sources
- Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions — thehackernews.com — 08.05.2026 08:12
-
08.05.2026 08:12 2 articles · 19d ago
Dirty Frag module blocklist mitigation advisory
Mitigation Patch UpdateCloudLinx advised Linux administrators to blocklist esp4, esp6, and rxrpc and unload any loaded instances until patches are available, because Dirty Frag reaches the ESP-in-UDP MSG_SPLICE_PAGES no-COW fast path and can still be triggered even when algif_aead is blacklisted.
Show sources
- Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions — thehackernews.com — 08.05.2026 08:12
- Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities — www.infosecurity-magazine.com — 11.05.2026 17:30