Another major Linux security flaw revealed — ‘Dirty Frag’ allows root on all major distros, with no patch or fix available yet
Publish Date: 2026-05-08 13:05:00
Source Domain: www.techradar.com
- Researcher Hyunwoo Kim discloses Dirty Frag, a nine‑year‑old kernel flaw enabling root privilege escalation across major Linux distros
- The exploit chains two page‑cache write bugs, works reliably without race conditions, and currently has no CVE or patch
- Mitigation requires disabling vulnerable kernel modules, but this breaks IPsec VPNs and AFS, leaving systems exposed until fixes arrive
Some of the most widely used and influential Linux distributions are vulnerable to a zero-day flaw that allows threat actors to gain root privileges, and a patch has not yet been made public, experts have warned.
Security researcher Hyunwoo Kim disclosed finding a nine-year-old flaw, and published a proof-of-concept (PoC) exploit.
He named the vulnerability Dirty Frag, and explained that it works by chaining two kernel flaws, the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability. This allowed him to tweak protected system files in memory without having proper authorization.
Latest Videos From
You may like
Mitigations available
Kim explained that he shared his findings with the maintainers of different Linux distros under embargo in order to give everyone time to patch up. However, that embargo was seemingly broken on May 7, when a third party published the exploit.
“Because the embargo has currently been broken, no patch or CVE exists. After consultation with the maintainers on [email protected] and at their request, this Dirty Frag document is being published,” Kim said.
Besides not having a CVE, the bug is also yet to be given a severity score. However, since this is an unauthenticated privilege escalation flaw, it’s safe to assume it will receive a critical-severity rating (9.0 and higher).
So far it was confirmed that Ubuntu, Red Hat Enterprise Linux, CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora, are all vulnerable, and have not yet received patches.
