9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems
9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems
https://hackread.com/9-year-old-dirty-frag-vulnerability-root-access-linux/
Publish Date: 2026-05-11 08:35:00
Source Domain: hackread.com
Dirty Frag is the collective name researchers assigned to two Linux vulnerabilities that existed in the Linux kernel for around nine years before being discovered.
Red Hat, a major American software firm, has released a report on two Linux kernel vulnerabilities collectively dubbed Dirty Frag. It is a local privilege escalation (LPE) vulnerability similar to the recently reported Copy Fail, allowing an unprivileged user with a basic local account to gain root access.
For context, in cybersecurity, root is the highest level of power possible, and getting it without permission is called privilege escalation.
According to researchers, the Dirty Frag vulnerability has existed for around nine years, and caused by a logic flaw in the networking sections of the system that handle the IPSec ESP (esp4 and esp6) and rxrpc modules. The IPSec ESP issue is tracked as CVE-2026-43284, whereas the rxrpc part is given the ID CVE-2026-43500.
How the attack works
The issue, discovered by an independent security researcher Hyunwoo Kim, is a third-generation class of vulnerabilities, part of the page-cache-write family of bugs. It works by linking two different vulnerabilities together to achieve root privileges on most Linux distributions that Kim tested.
These flaws are found in the xfrm-ESP Page-Cache Write and the RxRPC Page-Cache Write. CVE-2026-43284 targets the IPsec path to overwrite memory, but it usually needs namespace permissions, which some systems, like Ubuntu, can block. CVE-2026-43500 targets the RxRPC protocol and doesn’t need special permissions, but many systems do not turn this module on by default.
So, by combining these two, the attack covers the blind spots of each, and when used in a chain, a hacker can change protected files in the computer’s memory.
Kim originally planned to keep the details private until fixes were ready. However, the information was released early after a third party leaked parts of the research. He said…
