A360
Key Takeaways✦ Atlas AI
01
A new Linux zero-day vulnerability, 'Dirty Frag,' allows local attackers to gain root privileges on major Linux distributions by chaining two kernel flaws, posing a significant security risk.
02
This critical privilege escalation vulnerability, present for nine years, affects widely used distributions like Ubuntu and Red Hat, highlighting a long-standing security oversight in the Linux kernel.
03
The premature public disclosure of 'Dirty Frag' and its proof-of-concept exploit before patches are available creates an immediate threat, necessitating urgent mitigation strategies like module removal despite potential service impacts.
Atlas AI
A newly disclosed Linux kernel zero-day vulnerability dubbed “Dirty Frag” can allow local attackers to escalate privileges to root on many widely used Linux distributions, according to documentation and a proof-of-concept (PoC) exploit released this week.
Security researcher Hyunwoo Kim said the bug stems from a class of issues affecting the Linux kernel’s algif_aead cryptographic algorithm interface, and that it was introduced roughly nine years ago.
How the exploit works
Kim said “Dirty Frag” achieves privilege escalation by chaining two kernel page-cache write flaws — described as the “xfrm-ESP Page-Cache Write” issue and the “RxRPC Page-Cache Write” issue — to modify protected system files in memory without authorization.
He said the technique is deterministic and does not rely on a race condition.
Affected systems and patch status
Kim said the issue affects major distributions including Ubuntu, Red Hat Enterprise Linux, CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora.
He also said an embargo on full public disclosure was broken on May 7, 2026, leading to the publication of documentation and a PoC exploit. At the time of disclosure, he said patches had not yet been released for affected systems.
The two vulnerabilities chained by the exploit are tracked as:
- CVE-2026-43284 for the xfrm-ESP issue - CVE-2026-43500 for the RxRPC issue
Mitigation
As a mitigation, Kim advised disabling the vulnerable kernel modules esp4, esp6, and rxrpc, noting that doing so may break IPsec VPN functionality and AFS distributed network file systems.
Related Articles
▸ Technology
Uber Offers $38 Per Share for Delivery Hero Acquisition
23 May, 15:26·about 14 hours ago
▸ Technology
100,000 GPS-Tagged ‘Sentinel’ Animals Could Tilt the Anti-Poaching Fight by 2030
23 May, 12:37·about 16 hours ago
▸ Technology
Nvidia CEO Urges Super Micro Compliance Amid Server Probe
23 May, 12:12·about 17 hours agoAbout this story
Atlas360 covers Technology as part of a broader effort to give international readers fast, source-checked context on global affairs. Our newsroom monitors original reporting from wire services, accredited correspondents and verified eyewitness accounts, then re-summarises the most important facts in clear, plain-language English so that you can understand both what happened and why it matters.
Every published article on Atlas360 is reviewed for accuracy, balance and timeliness before it reaches the homepage. When new information emerges — for example a correction from an official source, a casualty update, or a clarifying statement from a named spokesperson — we update the story in place and keep the original publication time so readers can track how a developing situation evolves.
If you want to keep following Technology, you can browse the related coverage at the foot of this page, subscribe to the Atlas360 newsletter for a daily roundup, or open the relevant topic page where every story we have published on the subject is listed in reverse chronological order. Reader signals from the community feed also shape which threads we keep reporting on.