Microsoft · Google · Ars Technica
Linux bitten by second severe flaw in as many weeks
Compiled by KHAO Editorial — aggregated from 1 outlet. See llms.txt for citation guidance.
◌ Single Source
Linux users have been bitten by yet another vulnerability that gives containers and untrusted users the ability to gain root access, marking the second time in as many weeks that a severe threat has caught defenders off guard.
Key facts
- The exploit chains together code for exploiting two vulnerabilities—tracked as CVE-2026-43284 and CVE-2026-43500
- Specifically, CVE-2026-43284 attacks the esp4 and esp6 processes, and CVE-2026-43500 zeroes in on rxrpc
- CVE-2026-43284 is found in the esp_input process on the IPsec ESP receive path
- A 2022 vulnerability named Dirty Pipe also stemmed from flaws that allow attackers to overwrite page caches
Summary
The threat, known as Dirty Frag, allows low-privilege users, including those using virtual machines, to gain root control of servers. Microsoft has said it has spotted signs that hackers are experimenting with Dirty Frag in the wild. The leaked exploit is deterministic, meaning it works precisely the same way each time it’s run and across different Linux distributions. “The ‘Dirty Frag’ vulnerability presents an immediate and significant threat to Linux systems, as it allows unauthorized users to gain root access by exploiting unpatched kernel flaws,” researchers from security firm Aviatrix wrote Monday. Dirty Frag was discovered and disclosed late last week by researcher Hyunwoo Kim. The exploit chains together code for exploiting two vulnerabilities—tracked as CVE-2026-43284 and CVE-2026-43500.