Back

Dirty Frag Exploit Targets Linux Kernel for Root Access

Severity: High (Score: 69.8)

Sources: Foro3D, Csoonline

Summary

The newly identified 'Dirty Frag' exploit affects the Linux kernel, allowing attackers to escalate privileges to root on systems like Ubuntu, RHEL, and CentOS. This vulnerability arises from improper handling of fragmented network packets, leading to memory corruption and arbitrary code execution. Microsoft confirmed active exploitation in the wild, primarily as a post-compromise privilege escalation tool after initial access via SSH or web shells. The exploit leverages two vulnerabilities: CVE-2026-43284 and CVE-2026-43500, with the former published on May 8, 2026, and the latter on May 11, 2026. Emergency patches are being developed for affected distributions. The exploit is part of a troubling trend of Linux kernel vulnerabilities, following similar issues like Dirty Pipe and Copy Fail. Key Points: • Dirty Frag allows privilege escalation to root on various Linux distributions. • Active exploitation is confirmed, primarily post-compromise via SSH or web shells. • Emergency patches are under development for affected systems.

Key Entities

  • Malware (attack_type)
  • Zero-day Exploit (attack_type)
  • Copy Fail Campaigns (campaign)
  • CVE-2022-0847 (cve)
  • CVE-2026-31431 (cve)
  • CVE-2026-43284 (cve)
  • CVE-2026-43500 (cve)
  • Cwe-362 - Race Condition (cwe)
  • T1021 - Remote Services (mitre_attack)
  • T1505.003 - Web Shell (mitre_attack)
  • AlmaLinux (platform)
  • CentOS (platform)
  • CentOS Stream (platform)
  • Linux (platform)
  • OpenShift (platform)
  • Debian (company)
  • Fedora (company)
  • OpenSUSE (company)
  • Ubuntu (company)
  • Copy Fail (vulnerability)
  • Dirty Cow (vulnerability)
  • Dirty Frag (vulnerability)
  • Dirty Pipe (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed