Find notable cyber news and cases, enriched with sources, timelines, and signals.

Linux kernel Dirty Frag blocklist mitigation

Advisory/Mitigation
First reported
Last updated
Happening score
H score 41
2 unique sources, 2 articles

Summary

Hide ▲

CloudLinx and Linux distribution advisories now recommend blocklisting esp4, esp6, and rxrpc to reduce exposure to the Dirty Frag Linux kernel LPE while patches are pending.

Related Happenings

Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)

Vulnerability
H score23 First: 03.07.2026 22:40 Last: 03.07.2026 22:40 Sources 1

About this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...

Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)

Vulnerability
H score30 First: 26.06.2026 16:00 Last: 26.06.2026 16:00 Sources 1

About this happening: A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...

Linux kernel DirtyClone privilege escalation (CVE-2026-43503)

Vulnerability
H score29 First: 26.06.2026 14:51 Last: 26.06.2026 14:51 Sources 1

About this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...

Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw

Vulnerability
H score31 First: 30.05.2026 17:16 Last: 30.05.2026 17:16 Sources 1

About this happening: The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...

Latest development: 01.06.2026 14:19

Major Linux distributions rolled out fixes for the CIFSwitch Linux kernel CIFS privilege-escalation flaw, and Manizada published PoC code to help defenders validate patches, mitigations, detections, and exposure. Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP systems that ship cifs-utils by default are vulnerable, and some distros are vulnerable only if cifs-utils was manually installed.

Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)

Vulnerability
H score41 First: 18.05.2026 10:18 Last: 18.05.2026 10:18 Sources 1

About this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...

Timeline

  1. 08.05.2026 08:12 1 articles · 2mo ago

    Dirty Frag disclosure to Linux kernel maintainers

    Initial Disclosure

    Linux kernel maintainers received disclosure of the Dirty Frag local privilege escalation on April 30, 2026, establishing an unpatched flaw that chains xfrm-ESP Page-Cache Write and RxRPC Page-Cache Write to reach root on many Linux distributions.

    Show sources
  2. 08.05.2026 08:12 2 articles · 2mo ago

    Dirty Frag module blocklist mitigation advisory

    Mitigation Patch Update

    CloudLinx advised Linux administrators to blocklist esp4, esp6, and rxrpc and unload any loaded instances until patches are available, because Dirty Frag reaches the ESP-in-UDP MSG_SPLICE_PAGES no-COW fast path and can still be triggered even when algif_aead is blacklisted.

    Show sources