Linux kernel Dirty Frag blocklist mitigation
Advisory/Mitigation
Summary
Hide ▲
Show ▼
CloudLinx and Linux distribution advisories now recommend blocklisting esp4, esp6, and rxrpc to reduce exposure to the Dirty Frag Linux kernel LPE while patches are pending.
Related Happenings
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
Vulnerability
H score23
First: 03.07.2026 22:40
Last: 03.07.2026 22:40
Sources 1
About this happening:
**Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
VulnerabilityAbout this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)
Vulnerability
H score30
First: 26.06.2026 16:00
Last: 26.06.2026 16:00
Sources 1
About this happening:
A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...
Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)
VulnerabilityAbout this happening: A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
Vulnerability
H score29
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
VulnerabilityAbout this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw
Vulnerability
H score31
First: 30.05.2026 17:16
Last: 30.05.2026 17:16
Sources 1
About this happening:
The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...
Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw
VulnerabilityAbout this happening: The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...
Latest development: 01.06.2026 14:19
Major Linux distributions rolled out fixes for the CIFSwitch Linux kernel CIFS privilege-escalation flaw, and Manizada published PoC code to help defenders validate patches, mitigations, detections, and exposure. Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP systems that ship cifs-utils by default are vulnerable, and some distros are vulnerable only if cifs-utils was manually installed.
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
Vulnerability
H score41
First: 18.05.2026 10:18
Last: 18.05.2026 10:18
Sources 1
About this happening:
A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
VulnerabilityAbout this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Timeline
-
08.05.2026 08:12 1 articles · 2mo ago
Dirty Frag disclosure to Linux kernel maintainers
Initial DisclosureLinux kernel maintainers received disclosure of the Dirty Frag local privilege escalation on April 30, 2026, establishing an unpatched flaw that chains xfrm-ESP Page-Cache Write and RxRPC Page-Cache Write to reach root on many Linux distributions.
Show sources
- Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions — thehackernews.com — 08.05.2026 08:12
-
08.05.2026 08:12 2 articles · 2mo ago
Dirty Frag module blocklist mitigation advisory
Mitigation Patch UpdateCloudLinx advised Linux administrators to blocklist esp4, esp6, and rxrpc and unload any loaded instances until patches are available, because Dirty Frag reaches the ESP-in-UDP MSG_SPLICE_PAGES no-COW fast path and can still be triggered even when algif_aead is blacklisted.
Show sources
- Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions — thehackernews.com — 08.05.2026 08:12
- Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities — www.infosecurity-magazine.com — 11.05.2026 17:30