It’s raining Linux vulnerabilities: what’s going on?
It’s raining Linux vulnerabilities: what’s going on?
https://www.techzine.eu/blogs/security/141351/its-raining-linux-vulnerabilities-whats-going-on/
Publish Date: 2026-05-15 06:11:00
Source Domain: www.techzine.eu
In recent weeks, alarm bells have been ringing repeatedly over critical vulnerabilities in the Linux kernel. Why is that? Do we have AI to thank for these discoveries? And should we expect similar incidents in short order?
The four kernel vulnerabilities are characterized by the fact that they can only be exploited if an attacker has already gained access through other means. Furthermore, they are not memory safety errors—normally the most common vulnerabilities—but rather relate to errors in the fundamental logic of the kernel’s operation.
Three of a kind, and one outlier
Copy Fail and Dirty Frag, in particular, have received a lot of publicity, partly because Fragnesia and ssh-keysign-pwn were only discovered very recently. The first two vulnerabilities have also already been exploited “in the wild,” creating a high sense of urgency to apply patches to the affected Linux distributions.
There is another distinction between the vulnerabilities. Copy Fail (CVE-2026-31431) exposed a conceptual flaw in the operation of the Linux kernel, specifically the cryptographic subsystem. A single Python script, just 732 bytes in size, is enough to lead to an exploit. As Palo Alto Networks’ Unit 42 explains, this allows a malicious actor to escape from Kubernetes containers, compromise multi-tenant hosts, and infiltrate CI/CD pipelines.
More broadly, Copy Fail turned out to expose a logic flaw in the Linux kernel. This led to the discovery of Dirty Frag, where a single script can also lead to privilege escalation. Here, two vulnerabilities (CVE-2026-43284 and CVE-2026-43500) worked together to exploit vulnerable components related to the network and memory. A new variant soon followed after organizations had just implemented their mitigations and patches: Fragnesia. In this case (CVE-2026-46300), a different bug is capable of exploiting Linux’s page cache behavior to escalate privileges. Whereas Dirty Frag wreaked havoc in…
