{"id":243679,"date":"2026-05-11T08:35:00","date_gmt":"2026-05-11T12:35:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/11\/9-year-old-dirty-frag-vulnerability-enables-root-access-on-linux-systems\/"},"modified":"2026-05-11T10:30:14","modified_gmt":"2026-05-11T14:30:14","slug":"9-year-old-dirty-frag-vulnerability-enables-root-access-on-linux-systems","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/11\/9-year-old-dirty-frag-vulnerability-enables-root-access-on-linux-systems\/","title":{"rendered":"9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems"},"content":{"rendered":"<p><a href=\"https:\/\/hackread.com\/9-year-old-dirty-frag-vulnerability-root-access-linux\/\">9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems<\/a><\/p>\n<p><a href=\"https:\/\/hackread.com\/9-year-old-dirty-frag-vulnerability-root-access-linux\/\">https:\/\/hackread.com\/9-year-old-dirty-frag-vulnerability-root-access-linux\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-11 08:35:00<\/a><\/p>\n<p>Source Domain: <a href=\"hackread.com\">hackread.com<\/a><\/p>\n<p class=\"is-style-cnvs-paragraph-callout\">Dirty Frag is the collective name researchers assigned to two Linux vulnerabilities that existed in the Linux kernel for around nine years before being discovered.<\/p>\n<p>Red Hat, a major American software firm, has released a report on two Linux kernel vulnerabilities collectively dubbed Dirty Frag. It is a local privilege escalation (LPE) vulnerability similar to the recently reported Copy Fail, allowing an unprivileged user with a basic local account to gain root access.<\/p>\n<p>For context, in cybersecurity, root is the highest level of power possible, and getting it without permission is called privilege escalation.<\/p>\n<p>According to researchers, the Dirty Frag vulnerability has existed for around nine years, and caused by a logic flaw in the networking sections of the system that handle the IPSec ESP (esp4 and esp6) and rxrpc modules. The IPSec ESP issue is tracked as CVE-2026-43284, whereas the rxrpc part is given the ID CVE-2026-43500.<\/p>\n<h3 id=\"how-the-attack-works\" class=\"wp-block-heading\"><strong>How the attack works<\/strong><\/h3>\n<p>The issue, discovered by an independent security researcher Hyunwoo Kim, is a third-generation class of vulnerabilities, part of the page-cache-write family of bugs. It works by linking two different vulnerabilities together to achieve root privileges on most Linux distributions that Kim tested.<\/p>\n<p>These flaws are found in the xfrm-ESP Page-Cache Write and the RxRPC Page-Cache Write. CVE-2026-43284 targets the IPsec path to overwrite memory, but it usually needs namespace permissions, which some systems, like Ubuntu, can block. CVE-2026-43500 targets the RxRPC protocol and doesn\u2019t need special permissions, but many systems do not turn this module on by default.<\/p>\n<p>So, by combining these two, the attack covers the blind spots of each, and when used in a chain, a hacker can change protected files in the computer\u2019s memory.<\/p>\n<p>Kim originally planned to keep the details private until fixes were ready. However, the information was released early after a third party leaked parts of the research. He said&#8230;<\/p>\n<p><a href=\"https:\/\/hackread.com\/9-year-old-dirty-frag-vulnerability-root-access-linux\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems https:\/\/hackread.com\/9-year-old-dirty-frag-vulnerability-root-access-linux\/ Publish Date: 2026-05-11 08:35:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":243681,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/hackread.com\/wp-content\/uploads\/2026\/05\/9-year-old-dirty-frag-vulnerability-root-access-linux.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,89,35,71,94,57,79,27],"class_list":["post-243679","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-flaw","tag-hacker","tag-linux","tag-red-hat-enterprise-linux","tag-security","tag-ubuntu","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243679"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=243679"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243679\/revisions"}],"predecessor-version":[{"id":243684,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243679\/revisions\/243684"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/243681"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=243679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=243679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=243679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}