Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
First reported
Last updated
Happening score
H score 49
1 unique sources, 1 articles

Summary

Hide ▲

Major Linux distributions are rolling out fixes for Dirty Frag, the Linux kernel patch release that covers CVE-2026-43284 and CVE-2026-43500. The update matters because the chained flaws can enable local privilege escalation and lead to root privileges on vulnerable systems.

Related Happenings

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Open Happening

Drupal core security update for CVE-2026-9082

Security Patch Release
First: 22.05.2026 16:14 Last: 22.05.2026 16:14 Sources 1

About this happening: **Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...

Open Happening

TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926

Security Patch Release
First: 22.05.2026 11:19 Last: 22.05.2026 11:19 Sources 1

About this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....

Open Happening

Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498

Security Patch Release
First: 21.05.2026 10:49 Last: 21.05.2026 10:49 Sources 1

About this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...

Latest development: 21.05.2026 12:52

Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

Timeline

  1. 11.05.2026 17:30 1 articles · 16d ago

    Hyunwoo Kim notifies Linux kernel security team about Dirty Frag

    Initial Disclosure

    Hyunwoo Kim contacted the Linux kernel security team on April 30, 2026 about Dirty Frag, a Linux kernel local privilege escalation flaw that could let a local attacker gain root privileges on vulnerable Linux distributions.

    Show sources
    Open in new tab
  2. 11.05.2026 17:30 2 articles · 16d ago

    Dirty Frag is publicly released and Linux distributions start patching

    Mitigation Patch Update

    On May 8, 2026, the disclosure embargo for Dirty Frag broke, prompting Kim to publicly release the Dirty Frag document and a proof-of-concept exploit. The Linux kernel security team disclosed CVE-2026-43284 in xfrm-ESP (IPsec) and CVE-2026-43500 in RxRPC, Linux distribution maintainers began progressively releasing patches, Microsoft Defender Security Research Team reported limited in-the-wild activity involving 'su', and Wiz shared mitigation steps.

    Show sources
    Open in new tab