SECURITYWEEK reports a newly disclosed local privilege escalation flaw in major Linux distributions, named Dirty Frag and Copy Fail 2, tracked as CVE-2026-43284 and CVE-2026-43500, which lets an unprivileged user escalate to root. The vulnerability affects the xfrm-ESP (IPsec) and RxRPC components of the Linux kernel, with the greatest impact on hosts not running container workloads, though a container escape could be possible in some deployments.
Hyunwoo Kim responsibly disclosed the flaw, but it was made public before patches, leading Kim to publish technical details and PoC code. Copy Fail has been exploited in the wild, and Microsoft reported that Dirty Frag may also have seen in-the-wild activity, according to Microsoft. Linux distributions have begun releasing patches and mitigations, including Red Hat, Amazon Linux, Ubuntu, Fedora, and Alma Linux, and Ubuntu developers noted the potential for broader impacts beyond containers.