MAJOR Linux distributions are rushing to fix two new vulnerabilities after the disclosure embargo was broken. The vulnerability, comprised of two chained issues in subsystems of the Linux kernel and known as ‘Dirty Frag,’ was detected in late April 2026 by independent security researcher Hyunwoo Kim.
Kim found a local privilege escalation flaw that could allow an attacker with local access to obtain root privileges on all major Linux distributions, and he contacted the Linux kernel security team on 30 April; the embargo was broken before patches were ready, on 8 May. Two fixes disclosed by the Linux kernel security team on 8 May are CVE-2026-43284, a write-what-where issue in the xfrm-ESP (IPsec) subsystem with a CVSS of 8.8, and CVE-2026-43500, an out-of-bounds write in the RxRPC subsystem with a CVSS of 7.8.
Observed in-the-wild activity could be linked to Dirty Frag exploitation, according to Microsoft Defender Security Research Team, which reported limited privilege escalation activity involving “su.”