HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Dirty Frag: Two Linux Kernel Page‑Cache Write Bugs (CVE‑2026‑43284 & CVE‑2026‑43500) Enable Local Root Escalation

The newly disclosed ‘Dirty Frag’ flaws—CVE‑2026‑43284 (patched) and CVE‑2026‑43500 (unpatched)—allow any local user to corrupt kernel memory and obtain root privileges on vulnerable Linux distributions. Third‑party risk managers must act quickly to patch, mitigate, and inventory affected assets to prevent supply‑chain compromise.

LiveThreat™ Intelligence · 📅 May 08, 2026· 📰 helpnetsecurity.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
5 recommended
📰
Source
helpnetsecurity.com

Dirty Frag: Two Linux Kernel Page‑Cache Write Bugs (CVE‑2026‑43284 & CVE‑2026‑43500) Enable Local Root Escalation

What It Is — “Dirty Frag” is the name given to a pair of newly disclosed Linux kernel flaws. CVE‑2026‑43284 (a xfrm‑ESP page‑cache write bug) has been patched, while CVE‑2026‑43500 (an RxRPC page‑cache write bug) remains unpatched. Both allow a local, unprivileged user to corrupt kernel memory and gain root privileges.

Exploitability — A proof‑of‑concept exploit for CVE‑2026‑43284 was released publicly within a week of discovery; a PoC for CVE‑2026‑43500 is expected soon. The vulnerabilities are trivial to trigger on any affected Linux distribution, making active exploitation highly probable. CVSS v3.1 scores are estimated at 9.8 (Critical) for the unpatched bug and 9.3 (High) for the patched one.

Affected Products — All Linux distributions that ship kernel versions prior to the patch for CVE‑2026‑43284 (released in early May 2026) and any kernel version that includes the RxRPC module are vulnerable. This includes major enterprise‑grade distributions (Ubuntu LTS, Red Hat Enterprise Linux, SUSE Linux Enterprise, Debian, CentOS, Oracle Linux) as well as cloud‑hosted Linux instances.

TPRM Impact

  • Third‑party services that rely on unpatched Linux hosts (e.g., SaaS platforms, managed hosting, CI/CD pipelines) inherit a direct path to root compromise.
  • A compromised host can be leveraged to pivot into internal networks, exfiltrate data, or disrupt services, amplifying supply‑chain risk.

Recommended Actions

  • Patch immediately: Deploy the latest kernel updates that address CVE‑2026‑43284.
  • Mitigate CVE‑2026‑43500: Apply vendor‑provided work‑arounds (disable the RxRPC module, restrict access to vulnerable syscalls) until a patch is released.
  • Inventory: Conduct a rapid inventory of all Linux assets, noting kernel versions and RxRPC usage.
  • Segmentation: Isolate critical workloads from unpatched hosts and enforce least‑privilege access controls.
  • Monitoring: Enable kernel audit logging and monitor for suspicious privilege‑escalation attempts (e.g., unexpected setuid root processes).

Source: Help Net Security – Dirty Frag Linux Vulnerability

📰 Original Source
https://www.helpnetsecurity.com/2026/05/08/dirty-frag-linux-vulnerability-cve-2026-43284-cve-2026-43500/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →