Find notable cyber news and cases, enriched with sources, timelines, and signals.

Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 31
2 unique sources, 2 articles

Summary

Hide ▲

A newly disclosed Linux kernel local privilege-escalation flaw, Dirty Frag and Copy Fail 2, can let an unprivileged user reach root on affected systems. The bug chains CVE-2026-43284 and CVE-2026-43500 in the xfrm-ESP (IPsec) and RxRPC components. Microsoft says there is limited in-the-wild activity that may indicate exploitation, while the exploit's technical details and PoC code were made public before patches landed. Red Hat, Amazon Linux, Ubuntu, Fedora, and Alma Linux have begun releasing patches and mitigations.

Related Happenings

Linux kernel GhostLock root privilege escalation (CVE-2026-43499)

Vulnerability
H score28 First: 08.07.2026 09:16 Last: 08.07.2026 09:16 Sources 1

About this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...

Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)

Vulnerability
H score23 First: 03.07.2026 22:40 Last: 03.07.2026 22:40 Sources 1

About this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...

Linux kernel DirtyClone privilege escalation (CVE-2026-43503)

Vulnerability
H score29 First: 26.06.2026 14:51 Last: 26.06.2026 14:51 Sources 1

About this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...

ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance

Technical Analysis
H score34 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **ESET** identified previously undocumented **Windows variants** of **SprySOCKS**, a backdoor attributed to **FishMonger** and linked to **I-Soon**. The **WIN_DRV** and **WIN_PLUS...

Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw

Vulnerability
H score31 First: 30.05.2026 17:16 Last: 30.05.2026 17:16 Sources 1

About this happening: The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...

Latest development: 01.06.2026 14:19

Major Linux distributions rolled out fixes for the CIFSwitch Linux kernel CIFS privilege-escalation flaw, and Manizada published PoC code to help defenders validate patches, mitigations, detections, and exposure. Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP systems that ship cifs-utils by default are vulnerable, and some distros are vulnerable only if cifs-utils was manually installed.

Timeline

  1. 11.05.2026 11:15 2 articles · 1mo ago

    Linux kernel Dirty Frag and Copy Fail 2 disclosure and response

    Initial Disclosure

    Researcher Hyunwoo Kim disclosed the Linux kernel local privilege-escalation flaw Dirty Frag and Copy Fail 2, which chains CVE-2026-43284 and CVE-2026-43500 to let an unprivileged user obtain root on affected systems. Microsoft said its Defender product saw limited in-the-wild activity that could indicate exploitation of Dirty Frag or Copy Fail, and Red Hat, Amazon Linux, Ubuntu, Fedora, and Alma Linux began releasing patches and mitigations for the affected xfrm-ESP (IPsec) and RxRPC components.

    Show sources