{"id":241603,"date":"2026-05-08T07:21:00","date_gmt":"2026-05-08T11:21:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/08\/dirty-frag-a-new-linux-privilege-escalation-vulnerability-is-already-in-the-wild\/"},"modified":"2026-05-08T08:20:08","modified_gmt":"2026-05-08T12:20:08","slug":"dirty-frag-a-new-linux-privilege-escalation-vulnerability-is-already-in-the-wild","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/08\/dirty-frag-a-new-linux-privilege-escalation-vulnerability-is-already-in-the-wild\/","title":{"rendered":"Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild"},"content":{"rendered":"

Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild<\/a><\/p>\n

https:\/\/securityaffairs.com\/191847\/hacking\/dirty-frag-a-new-linux-privilege-escalation-vulnerability-is-already-in-the-wild.html<\/a><\/p>\n

Publish Date: 2026-05-08 07:21:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ May 08, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

Dirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public. <\/h2>\n

Security researchers have disclosed a new unpatched vulnerability in the Linux kernel, code-named Dirty Frag, that allows an unprivileged local user to gain full root access on most major Linux distributions, including Ubuntu, RHEL, Fedora, AlmaLinux, and CentOS Stream.<\/p>\n

Dirty Frag is related to the Dirty Pipe family of vulnerabilities but is independent of the Copy Fail mitigation, meaning systems that already applied the algif_aead blacklist remain fully exposed.<\/p>\n

\u201c[the flaw] can obtain root privileges on major Linux distributions by chaining the\u00a0xfrm-ESP Page-Cache Write\u00a0vulnerability and the\u00a0RxRPC Page-Cache Write\u00a0vulnerability.\u201d reads the advisory. \u201cDirty Frag is a case that extends the bug class to which\u00a0Dirty Pipe\u00a0and\u00a0Copy Fail\u00a0belong. Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is very high.\u201d<\/p>\n

The researcher\u00a0Hyunwoo Kim (@v4bel) first disclosed the vulnerability.<\/p>\n

\"\"<\/p>\n

The vulnerability chains two separate flaws. The first is the xfrm-ESP Page-Cache Write bug, rooted in the Linux IPsec subsystem and introduced in a January 2017 source code commit, the same commit responsible for CVE-2022-27666, a buffer overflow affecting multiple Linux distributions. The second is the RxRPC Page-Cache Write bug, introduced in June 2023. Neither flaw alone is sufficient on all systems, but together they cover each other\u2019s blind spots: where one path is blocked by the environment, such as Ubuntu\u2019s AppArmor restrictions on namespace creation, the other opens. The chain is what makes Dirty Frag universally…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild https:\/\/securityaffairs.com\/191847\/hacking\/dirty-frag-a-new-linux-privilege-escalation-vulnerability-is-already-in-the-wild.html Publish…<\/p>\n","protected":false},"author":1,"featured_media":241604,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-20.png","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[143,144,90,31,97,89,71,57,79,27],"class_list":["post-241603","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-almalinux","tag-centos","tag-cve","tag-exploit","tag-fedora","tag-flaw","tag-linux","tag-security","tag-ubuntu","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241603"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=241603"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241603\/revisions"}],"predecessor-version":[{"id":241608,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241603\/revisions\/241608"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/241604"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=241603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=241603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=241603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}