Linux vulnerability ‘Dirty Frag’ affects nearly all distributions
Linux vulnerability ‘Dirty Frag’ affects nearly all distributions
Publish Date: 2026-05-08 06:49:00
Source Domain: www.techzine.eu
A new critical Linux vulnerability named Dirty Frag is causing concern among system administrators and Linux distributors. The flaw allows an attacker to gain direct root privileges from a local account on a large number of Linux systems released since 2017. However, the first patches are now available for some distributions.
This is reported by various sources, including Tom’s Hardware and AlmaLinux. Dirty Frag was made public this week after an embargo surrounding the vulnerability was lifted prematurely. According to the information released, the issue involves a flaw in the Linux kernel located in components related to IPsec ESP and rxrpc. The vulnerability is reportedly easy to exploit and affects virtually all major Linux distributions, including Ubuntu, Fedora, RHEL-based systems, Arch Linux, and AlmaLinux.
The attack is technically very similar to the previously discovered Copy Fail vulnerability. In both cases, flaws in so-called zero-copy operations within the kernel are exploited. This allows an attacker to manipulate memory data linked to sensitive system files, ultimately enabling root access.
Initially, it was reported that no patches were yet available, but AlmaLinux has since released its own updated kernels via its testing repositories. In doing so, the distribution uses an upstream fix for the ESP component made available by kernel developers. According to AlmaLinux, the severity of the vulnerability was the reason for not waiting for official updates from Red Hat or CentOS Stream.
AlmaLinux Begins Testing with Modified Kernels
The distribution reports that all supported AlmaLinux versions are vulnerable, but that modified kernels are now ready for testing. Specific kernel versions have been published for AlmaLinux 8, 9, and 10 in which the vulnerability has been fixed. After additional validation by the community, the patches should also become available in the regular production channels.
According to…
