{"id":241817,"date":"2026-05-08T13:23:00","date_gmt":"2026-05-08T17:23:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/08\/dirty-frag-gives-root-on-linux-distros\/"},"modified":"2026-05-08T13:50:08","modified_gmt":"2026-05-08T17:50:08","slug":"dirty-frag-gives-root-on-linux-distros","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/08\/dirty-frag-gives-root-on-linux-distros\/","title":{"rendered":"&#8216;Dirty Frag&#8217; Gives Root on Linux Distros"},"content":{"rendered":"<p><a href=\"https:\/\/www.bankinfosecurity.com\/dirty-frag-gives-root-on-linux-distros-a-31641\">&#8216;Dirty Frag&#8217; Gives Root on Linux Distros<\/a><\/p>\n<p><a href=\"https:\/\/www.bankinfosecurity.com\/dirty-frag-gives-root-on-linux-distros-a-31641\">https:\/\/www.bankinfosecurity.com\/dirty-frag-gives-root-on-linux-distros-a-31641<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-08 13:23:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bankinfosecurity.com\">www.bankinfosecurity.com<\/a><\/p>\n<p>                    <span class=\"article-sub-title\">No Patches Yet Available, After Third Party Published Vulnerability Details<\/span><br \/>\n                <span class=\"article-byline\"><br \/>\n                                                Mathew J. Schwartz (euroinfosec)                                                    \u2022<br \/>\n                        <span class=\"text-nowrap\">May 8, 2026<\/span> \u00a0 \u00a0 <\/span><\/p>\n<p>                Image: Shutterstock\/ISMG            <\/p>\n<p>Security researchers have discovered a new, critical flaw in the Linux kernel that attackers can exploit to gain root access. No patches are yet available.<\/p>\n<p>See Also: AI Impersonation Is the New Arms Race-Is Your Workforce Ready?<\/p>\n<p>Nicknamed &#8220;Dirty Frag,&#8221; the local privilege escalation flaw allows an attacker to gain &#8220;root privileges on all major distributions&#8221; of Linux, said security researcher Hyunwoo Kim. <\/p>\n<p>He discovered the flaw and reported the vulnerability directly to the Linux maintainers, together with exploit code, on April 30. <\/p>\n<p>The vulnerability, which dates from code introduced into the kernel in January 2017, &#8220;can obtain root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability.&#8221; <\/p>\n<p>On Friday, this exploit chain was assigned CVE-2026-43284. <\/p>\n<p>This is the second new local privilege escalation vulnerability in the Linux kernel to be publicly reported in the past two weeks, following researchers at offensive security firm Theori on April 29 announcing discovery of CVE-2026-31431, a vulnerability nicknamed &#8220;Copy Fail&#8221; (see: Linux &#8216;Copy Fail&#8217; Flaw Delivers Root-Level Access to Distros).<\/p>\n<p>&#8220;An unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root,&#8221; they said of the flaw, which they shared with the Linux maintainers as part of a coordinated vulnerability disclosure process.<\/p>\n<p>Kim said, &#8220;Copy Fail was the motivation for starting this research,&#8221; which led to&#8230;<\/p>\n<p><a href=\"https:\/\/www.bankinfosecurity.com\/dirty-frag-gives-root-on-linux-distros-a-31641\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8216;Dirty Frag&#8217; Gives Root on Linux Distros https:\/\/www.bankinfosecurity.com\/dirty-frag-gives-root-on-linux-distros-a-31641 Publish Date: 2026-05-08 13:23:00 Source Domain: www.bankinfosecurity.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":241819,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/ismg-cdn.nyc3.cdn.digitaloceanspaces.com\/articles\/dirty-frag-gives-root-on-linux-distros-image_large-1-a-31641.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,89,71,57,27],"class_list":["post-241817","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-flaw","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241817"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=241817"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241817\/revisions"}],"predecessor-version":[{"id":241821,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241817\/revisions\/241821"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/241819"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=241817"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=241817"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=241817"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}