Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
A newly disclosed Linux kernel local privilege-escalation flaw, Dirty Frag and Copy Fail 2, can let an unprivileged user reach root on affected systems. The bug chains CVE-2026-43284 and CVE-2026-43500 in the xfrm-ESP (IPsec) and RxRPC components. Microsoft says there is limited in-the-wild activity that may indicate exploitation, while the exploit's technical details and PoC code were made public before patches landed. Red Hat, Amazon Linux, Ubuntu, Fedora, and Alma Linux have begun releasing patches and mitigations.
Related Happenings
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
Vulnerability
H score28
First: 08.07.2026 09:16
Last: 08.07.2026 09:16
Sources 1
About this happening:
Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
VulnerabilityAbout this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
Vulnerability
H score23
First: 03.07.2026 22:40
Last: 03.07.2026 22:40
Sources 1
About this happening:
**Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
VulnerabilityAbout this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
Vulnerability
H score29
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
VulnerabilityAbout this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance
Technical Analysis
H score34
First: 16.06.2026 12:00
Last: 16.06.2026 12:00
Sources 1
About this happening:
**ESET** identified previously undocumented **Windows variants** of **SprySOCKS**, a backdoor attributed to **FishMonger** and linked to **I-Soon**. The **WIN_DRV** and **WIN_PLUS...
ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance
Technical AnalysisAbout this happening: **ESET** identified previously undocumented **Windows variants** of **SprySOCKS**, a backdoor attributed to **FishMonger** and linked to **I-Soon**. The **WIN_DRV** and **WIN_PLUS...
Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw
Vulnerability
H score31
First: 30.05.2026 17:16
Last: 30.05.2026 17:16
Sources 1
About this happening:
The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...
Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw
VulnerabilityAbout this happening: The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...
Latest development: 01.06.2026 14:19
Major Linux distributions rolled out fixes for the CIFSwitch Linux kernel CIFS privilege-escalation flaw, and Manizada published PoC code to help defenders validate patches, mitigations, detections, and exposure. Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP systems that ship cifs-utils by default are vulnerable, and some distros are vulnerable only if cifs-utils was manually installed.
Timeline
-
11.05.2026 11:15 2 articles · 1mo ago
Linux kernel Dirty Frag and Copy Fail 2 disclosure and response
Initial DisclosureResearcher Hyunwoo Kim disclosed the Linux kernel local privilege-escalation flaw Dirty Frag and Copy Fail 2, which chains CVE-2026-43284 and CVE-2026-43500 to let an unprivileged user obtain root on affected systems. Microsoft said its Defender product saw limited in-the-wild activity that could indicate exploitation of Dirty Frag or Copy Fail, and Red Hat, Amazon Linux, Ubuntu, Fedora, and Alma Linux began releasing patches and mitigations for the affected xfrm-ESP (IPsec) and RxRPC components.
Show sources
- New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks — www.securityweek.com — 11.05.2026 11:15
- Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities — www.infosecurity-magazine.com — 11.05.2026 17:30