Dirty Frag is a new Linux bug putting your system at risk – and there’s no easy fix yet

Dirty Frag is a new Linux bug putting your system at risk – and there’s no easy fix yet

https://www.zdnet.com/article/dirty-frag-new-linux-bug-system-at-risk-no-easy-fix/

Publish Date: 2026-05-11 11:13:00

Source Domain: www.zdnet.com

hh5800/iStock / Getty Images Plus via Getty Images

Follow ZDNET: Add us as a preferred source on Google.

ZDNET’s key takeaways

• With one compromised account, Dirty Frag can expose your system.
• No patch can protect you from all possible attacks yet.
• To stay safe, you’ll need to block several services, including VPNs.

Linux has been having a rough few weeks. First, the Copy Fail security hole was uncovered by AI researchers. In that case, the patches were quickly made and distributed. We weren’t so lucky with the newly disclosed Linux kernel flaw, dubbed Dirty Frag, which was also, it seems, discovered with AI’s help, but patches are still in the works.

Also: Linux is getting a security wake-up call – why it was inevitable and I’m not worried

Security researcher Hyunwoo Kim, who disclosed the issue on May 7, describes Dirty Frag as an extension of the same bug class as previous high-profile Linux kernel flaws, 2022’s Dirty Pipe and Copy Fail. Like those flaws, Dirty Frag exploits kernel code paths that write to memory pages accessible to unprivileged user space, but it targets a different structure: the fragment field of sk_buff networking buffers.

Also: Immutable Linux delivers serious security – here are your 5 best options

Kim told the Linux kernel maintainers about the vulnerability at the end of April. Unfortunately, the coordinated disclosure and patch processes quickly went off the rails. On May 7, while distributions were still shipping fixes for the related Copy Fail flaw, detailed Dirty Frag technical information and a working proof-of-concept exploit for the xfrm-ESP component appeared online after an embargo break by an unrelated third party. Now, we’re all in trouble.