Back

Dirty Frag Exploit Threatens Linux Kernel with Privilege Escalation

Severity: High (Score: 69.9)

Sources: access.redhat.com, Zdnet, Therecord.Media, Foro3D, www.microsoft.com

Summary

A new privilege escalation vulnerability, dubbed 'Dirty Frag,' has been disclosed, affecting multiple Linux distributions including Ubuntu, RHEL, and CentOS. This exploit, which combines two vulnerabilities (CVE-2026-43284 and CVE-2026-43500), allows attackers to escalate privileges from unprivileged accounts to root by exploiting weaknesses in the Linux kernel's memory management. The flaw has been linked to active exploitation in the wild, with signs of limited attacks already observed. Security researcher Hyunwoo Kim published a proof of concept on May 8, 2026, prompting urgent attention from system administrators. Currently, patches are in development, but none are fully deployed yet, leaving systems vulnerable. The exploit is particularly dangerous due to its reliability and the fact that it does not cause kernel panics when it fails, allowing repeated attempts without detection. Key Points: • Dirty Frag exploits two vulnerabilities in the Linux kernel, allowing root access. • Active exploitation has been observed, with attackers leveraging existing footholds. • Patches are under development, but no distributions are fully protected yet.

Key Entities

  • Malware (attack_type)
  • Zero-day Exploit (attack_type)
  • Copy Fail Campaigns (campaign)
  • Red Hat (company)
  • Debian (company)
  • Fedora (company)
  • OpenSUSE (company)
  • Ubuntu (company)
  • CVE-2022-0847 (cve)
  • CVE-2026-31431 (cve)
  • CVE-2026-43284 (cve)
  • CVE-2026-43500 (cve)
  • CWE-269 - Improper Privilege Management (cwe)
  • Cwe-362 - Race Condition (cwe)
  • T1021.004 - SSH (mitre_attack)
  • T1021 - Remote Services (mitre_attack)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1505.003 - Web Shell (mitre_attack)
  • Aes-gcm (platform)
  • AlmaLinux (platform)
  • CentOS (platform)
  • CentOS Stream (platform)
  • IPSec (platform)
  • Copy Fail (vulnerability)
  • Dirty Cow (vulnerability)
  • Dirty Frag (vulnerability)
  • Dirty Pipe (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed