www.microsoft.com 5/8/2026, 7:01:39 PM · via preferred

Dirty Frag Linux flaw (CVE-2026-43284) lets users gain root

Dirty Frag Linux flaw (CVE-2026-43284) lets users gain root
Developing story vulnerability 12 articles tracked
Dirty Frag Linux kernel flaw (CVE-2026-43284) allows local root via page cache corruption
CyberSIXT Evidence Panel Source marked as original reporting
CISA KEV Not in KEV
Patch Patch Available

A newly disclosed Linux local privilege escalation vulnerability known as “Dirty Frag” enables escalation from an unprivileged user to root through vulnerable kernel networking and memory-fragment handling components, including esp4, esp6 (CVE-2026-43284), and rxrpc (CVE-2026-43500). Public reporting and proof-of-concept activity indicate the exploit is designed to provide more reliable privilege escalation than traditional race-condition-dependent Linux local privilege escalation techniques.

Dirty Frag may be leveraged after initial compromise through SSH access, web-shell execution, container escape, or compromise of a low-privileged account, with affected environments including Ubuntu, RHEL, CentOS Stream, AlmaLinux, Fedora, openSUSE, and OpenShift deployments, according to Microsoft Defender Security Research Team. Microsoft Defender is actively monitoring related activity and investigating additional detections and protections.

The article notes that mitigation and detection guidance are evolving and highlights that post-mitigation integrity verification may be necessary if exploitation occurred prior to remediation.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline