Linux kernel Dirty Frag local root escalation privilege-escalation flaw
Vulnerability
Summary
Hide ▲
Show ▼
Dirty Frag is a newly disclosed Linux kernel zero-day that can give local attackers root privileges on most major Linux distributions. The flaw is anchored in the kernel's algif_aead cryptographic algorithm interface and is described as a deterministic logic bug that does not require a race condition. A proof-of-concept was published while no patch or CVE exists yet, leaving widely used distros exposed until mitigations or fixes arrive.
Related Happenings
Linux kernel improper privilege management flaw (CVE-2026-46333)
Vulnerability
First: 21.05.2026 10:35
Last: 21.05.2026 10:35
Sources 1
About this happening:
A **Linux kernel** privilege-management flaw, **CVE-2026-46333**, can let **unprivileged local users** on **Debian, Fedora, and Ubuntu** disclose **/etc/shadow** and **SSH host ke...
Linux kernel improper privilege management flaw (CVE-2026-46333)
VulnerabilityAbout this happening: A **Linux kernel** privilege-management flaw, **CVE-2026-46333**, can let **unprivileged local users** on **Debian, Fedora, and Ubuntu** disclose **/etc/shadow** and **SSH host ke...
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
Vulnerability
First: 18.05.2026 10:18
Last: 18.05.2026 10:18
Sources 1
About this happening:
A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
VulnerabilityAbout this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
Vulnerability
First: 14.05.2026 10:06
Last: 14.05.2026 10:06
Sources 1
About this happening:
**Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
VulnerabilityAbout this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Latest development: 14.05.2026 16:00
Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.
Berz0k advertises zero-day Linux LPE exploit for sale
Threat Actor Meta
First: 14.05.2026 10:06
Last: 14.05.2026 10:06
Sources 1
About this happening:
**berz0k** is advertising a **zero-day Linux LPE exploit** for **$170,000** on **cybercrime forums**, signaling active monetization of root-level access in the exploit market. The...
Berz0k advertises zero-day Linux LPE exploit for sale
Threat Actor MetaAbout this happening: **berz0k** is advertising a **zero-day Linux LPE exploit** for **$170,000** on **cybercrime forums**, signaling active monetization of root-level access in the exploit market. The...
Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)
Vulnerability
First: 11.05.2026 11:15
Last: 11.05.2026 11:15
Sources 1
About this happening:
A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...
Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)
VulnerabilityAbout this happening: A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...
Timeline
-
08.05.2026 10:45 2 articles · 19d ago
Dirty Frag public disclosure after embargo break
Initial DisclosureDirty Frag was publicly disclosed on May 7, 2026, after the embargo on full public disclosure was broken and a proof-of-concept exploit became available for the Linux kernel local-privilege-escalation flaw that lets local attackers gain root privileges on major distributions.
Show sources
- New Linux 'Dirty Frag' zero-day gives root on all major distros — www.bleepingcomputer.com — 08.05.2026 10:45
- New Linux 'Dirty Frag' zero-day gives root on all major distros — www.bleepingcomputer.com — 08.05.2026 10:45
-
08.05.2026 10:45 1 articles · 19d ago
Dirty Frag technical details and temporary mitigation
Technical Analysis UpdateDirty Frag is a Linux kernel local-privilege-escalation flaw that chains the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability, modifies protected system files in memory without authorization, behaves as a deterministic logic bug that does not require a race condition, and affects Ubuntu, Red Hat Enterprise Linux, CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora. No patch or CVE exists yet, and a temporary mitigation is to remove the esp4, esp6, and rxrpc kernel modules, although that can break IPsec VPNs and AFS distributed network file systems.
Show sources
- New Linux 'Dirty Frag' zero-day gives root on all major distros — www.bleepingcomputer.com — 08.05.2026 10:45