Dirty Frag Vulnerability Disclosed, Allows Universal Linux Root Access

Severity: High (Score: 71.0)

Sources: lwn.net, Itnews.Au

Summary

The 'Dirty Frag' vulnerability, a local privilege escalation (LPE) flaw affecting major Linux distributions, was disclosed prematurely on May 7, 2026, after an embargo was broken. This vulnerability allows standard users to gain root access on systems running Ubuntu, Red Hat, openSUSE, Fedora, and CentOS. It chains two page-cache primitives from different subsystems, making it exploitable without requiring race conditions. The vulnerability is reported by Hyunwoo Kim and is similar to the previously disclosed 'Copy Fail' vulnerability. Currently, no patches are available for Dirty Frag, and users are advised to blacklist specific kernel modules as a temporary mitigation. The situation is compounded by the recent discovery of another LPE, 'Copy Fail 2', which has been assigned CVE-2026-43284 and has a patch available. The Linux community is under pressure due to the parallel discovery of these vulnerabilities, raising concerns over the disclosure process. Key Points: • Dirty Frag allows root access on major Linux distributions without requiring race conditions. • The vulnerability was disclosed prematurely due to an embargo breach on May 7, 2026. • No patches are currently available for Dirty Frag; users are advised to blacklist specific kernel modules.

Key Entities

• CVE-2026-43284 (cve)
• CWE-269 - Improper Privilege Management (cwe)
• imv4bel-at-gmail.com (domain)
• oss-security-at-lists.openwall.com (domain)
• vs.openwall.org (domain)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• Linux (platform)
• Copy Fail (vulnerability)
• Copy Fail 2 (vulnerability)
• Dirty Frag (vulnerability)