Find notable cyber news and cases, enriched with sources, timelines, and signals.

Linux kernel Dirty Frag local root escalation privilege-escalation flaw

Vulnerability
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

Dirty Frag is a newly disclosed Linux kernel zero-day that can give local attackers root privileges on most major Linux distributions. The flaw is anchored in the kernel's algif_aead cryptographic algorithm interface and is described as a deterministic logic bug that does not require a race condition. A proof-of-concept was published while no patch or CVE exists yet, leaving widely used distros exposed until mitigations or fixes arrive.

Related Happenings

Linux kernel GhostLock root privilege escalation (CVE-2026-43499)

Vulnerability
H score28 First: 08.07.2026 09:16 Last: 08.07.2026 09:16 Sources 1

About this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...

Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)

Vulnerability
H score23 First: 03.07.2026 22:40 Last: 03.07.2026 22:40 Sources 1

About this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...

Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)

Vulnerability
H score30 First: 26.06.2026 16:00 Last: 26.06.2026 16:00 Sources 1

About this happening: A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...

Linux kernel DirtyClone privilege escalation (CVE-2026-43503)

Vulnerability
H score29 First: 26.06.2026 14:51 Last: 26.06.2026 14:51 Sources 1

About this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...

Linux kernel nf_tables use-after-free security flaw (CVE-2026-23111)

Vulnerability
H score24 First: 08.06.2026 23:17 Last: 08.06.2026 23:17 Sources 1

About this happening: A **Linux kernel nf_tables** **use-after-free** in **CVE-2026-23111** is now publicly exploitable, putting systems at **local root** and **container-breakout** risk. **Upstream pa...

Timeline

  1. 08.05.2026 10:45 2 articles · 2mo ago

    Dirty Frag public disclosure after embargo break

    Initial Disclosure

    Dirty Frag was publicly disclosed on May 7, 2026, after the embargo on full public disclosure was broken and a proof-of-concept exploit became available for the Linux kernel local-privilege-escalation flaw that lets local attackers gain root privileges on major distributions.

    Show sources
  2. 08.05.2026 10:45 1 articles · 2mo ago

    Dirty Frag technical details and temporary mitigation

    Technical Analysis Update

    Dirty Frag is a Linux kernel local-privilege-escalation flaw that chains the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability, modifies protected system files in memory without authorization, behaves as a deterministic logic bug that does not require a race condition, and affects Ubuntu, Red Hat Enterprise Linux, CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora. No patch or CVE exists yet, and a temporary mitigation is to remove the esp4, esp6, and rxrpc kernel modules, although that can break IPsec VPNs and AFS distributed network file systems.

    Show sources