Skip to content
Tech News
← Back to articles

Dirty Frag: Universal Linux LPE

2026-05-08 | original
read original get Linux Privilege Escalation Toolkit → more articles
Why This Matters

The Dirty Frag vulnerability exposes a significant security risk for Linux systems by enabling attackers to escalate privileges to root without relying on race conditions, making it highly reliable and dangerous. Its discovery underscores the importance of ongoing security assessments and timely patching in the Linux ecosystem to protect users and enterprise infrastructure from potential exploits.

Key Takeaways

Dirty Frag: Universal Linux LPE

Abstract

This document describes the Dirty Frag vulnerability class, first discovered and reported by Hyunwoo Kim (@v4bel), which can obtain root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability.

Dirty Frag is a case that extends the bug class to which Dirty Pipe and Copy Fail belong. Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is very high.

For detailed technical information and the timeline, see here.

Because the embargo has currently been broken, no patch or CVE exists. After consultation with the maintainers on [email protected] and at their request, this Dirty Frag document is being published. For the disclosure timeline, refer to the technical details.

Note 2026-05-08 Update: The xfrm-ESP Page-Cache Write vulnerability has been assigned CVE-2026-43284 and patched in mainline at f4c50a4034e6.

vulnerability has been assigned and patched in mainline at f4c50a4034e6. The RxRPC Page-Cache Write vulnerability has been reserved as CVE-2026-43500 for tracking; no patch exists in any tree yet.

Exploiting

One-line special

... continue reading

Explore topics: dirty frag linux kernel xfrm-esp rxrpc cve-2026-43284
Related:
New Linux 'Dirty Frag' zero-day gives root on all major distros
Dirtyfrag: Universal Linux LPE
Cloudflare responded to the "Copy Fail" Linux vulnerability
How Cloudflare responded to the “Copy Fail” Linux vulnerability
5 ways I make Zorin OS faster and better than it already is

© 2026 GoKawiil

About | Editorial Policy | Contact