A public exploit for the nine-year-old Linux kernel vulnerability, dubbed “Dirty Frag,” has been published, with the PoC exploit circulating after Hyunwoo Kim disclosed the flaw on X. The vulnerability chain affects a wide range of Linux distributions, including Ubuntu, Red Hat Enterprise Linux, CentOS Stream, AlmaLinux, openSUSE Tumbleweed and Fedora, with none fully patched yet.
Microsoft Defender’s researchers note there are signs of limited in-the-wild activity, potentially related to Dirty Frag or Copy Fail, and Red Hat has already released patches for CVE-2026-43284 while a fix for CVE-2026-43500 is not yet available. The two flaws are tracked as CVE-2026-43284 and CVE-2026-43500, each assigned a CVSS score of 7.8 and an Important severity by Red Hat, and the exploit chain works by modifying memory-backed data structures to grant root privileges.
Red Hat and other distributors are rushing fixes, with Ubuntu promising kernel image package updates and SUSE preparing kernel updates and livepatches. Exploitation allows modification of protected system files in memory without authorisation, and defenders are urged to apply patches and mitigate by disabling unused modules and hardening local access as soon as possible.