New ‘Dirty Frag’ exploit targets Linux kernel for root access
New ‘Dirty Frag’ exploit targets Linux kernel for root access
Publish Date: 2026-05-11 08:02:00
Source Domain: www.csoonline.com
“Dirty Frag may be leveraged after initial compromise through SSH access, web-shell execution, container escape, or compromise of a low-privileged account,” Microsoft researchers said in a security blog post, adding that affected environments may include Ubuntu, RHEL, CentOS Stream, AlmaLinux, Fedora, openSUSE, and OpenShift deployments.
Microsoft also said the exploit stands out because it avoids many of the instability issues typically associated with Linux local privilege escalation exploits using race-condition dependent bugs.
Turning Linux memory fragmentation into root access
According to Microsoft, the Dirty Frag exploit chain abuses weaknesses in how the Linux kernel handles fragmented memory pages, allowing attackers to overwrite protected page-cache-backed data and escalate privileges to root access.
The attack combines two separate vulnerabilities affecting the Linux IPsec Encapsulating Security Payload (ESP) subsystem (CVE-2026-43284) and the RxRPC networking protocol (CVE-2026-43500). “Once local access is established, successful exploitation may allow attackers to escalate privileges to root and gain broad control over the affected Linux host,” the researchers said.
