Dirty Frag: Linux kernel hit by second major security flaw in two weeks
Dirty Frag: Linux kernel hit by second major security flaw in two weeks
https://therecord.media/dirty-frag-linux-kernel-hit-by-second-major-bug
Publish Date: 2026-05-11 08:32:00
Source Domain: therecord.media
A second major Linux vulnerability has been disclosed in as many weeks, this time by an independent security researcher who published a working exploit after a coordinated disclosure embargo collapsed.
Nicknamed “Dirty Frag,” the issue was found in the same area of the Linux kernel that produced last month’s Copy Fail bug, and also allows anyone with a basic account on an affected computer to seize full administrative control.
Copy Fail had prompted concern as it provided hackers with an escape route from cloud containers, meaning a compromised application running inside a supposedly isolated environment can break out and take control of the entire host server — a major risk given the cloud industry’s dependence on Linux distributions.
Dirty Frag also allows for container escape, and similarly affects nearly all Linux distributions in use today. It was discovered by Hyunwoo Kim, and exploits the same underlying design flaw in how Linux manages files in memory.
Theori, the firm that discovered Copy Fail with the assistance of its own AI tooling, separately noted at the time that its own scanning had surfaced additional vulnerabilities in the same area of the kernel, although these remained under private disclosure.
Kim reported the flaw he discovered privately to Linux maintainers on April 30, giving them time to prepare patches as per the standard coordinated disclosure process.
But, on May 7, Kim said “an unrelated third party independently published the exploit,” prompting him to release his full writeup and his own working exploit on the same day. It is not known who the third party is.
“Because the embargo has currently been broken, no patch or CVE exists,” Kim wrote on the oss-security mailing list, adding that after consulting Linux maintainers, and at their request, he had decided to publish his writeup.
The Dirty Frag flaw is being tracked as two linked vulnerabilities — CVE-2026-43284 and CVE-2026-43500 — each affecting a…
