A nine-year-old Linux kernel bug gives root in one command. No patch exists yet.

Hyunwoo Kim published a full proof-of-concept exploit for Dirty Frag on May 8, 2026. The vulnerability chain grants root privileges to any local user on every major Linux distribution, and no upstream kernel patch exists.

The disclosure came earlier than planned. A third party independently reverse-engineered the fix and broke the embargo on May 7. Kim consulted with distribution maintainers via [email protected] and released complete documentation and exploit code the next day.

What we know

• Two CVEs, one exploit chain. CVE-2026-43284 affects the xfrm-ESP (IPsec) subsystem. CVE-2026-43500 affects RxRPC. Both allow modification of page-cache-backed memory that the kernel shouldn’t let userspace touch.

• The ESP bug has been in the kernel since 2017. The RxRPC bug arrived in 2023. Together, they’ve created a nine-year attack surface that went unnoticed until Kim’s research.

• The exploit is deterministic. Unlike race-condition bugs that need precise timing and may crash the kernel, this LPE is a logic bug. Kim stated: “Dirty Frag is a case that extends the bug class to which Dirty Pipe and Copy Fail belong. Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required.” It won’t cause kernel panics. It just works.

• CAP_NET_ADMIN is technically required but effectively bypassed. The exploit path lets any unprivileged local user gain root in a single command.

• Every major distro is affected. Red Hat issued advisory RHSB-2026-003 covering RHEL 8, 9, and 10. Ubuntu confirmed all supported releases. Fedora, openSUSE Tumbleweed, AlmaLinux, and CentOS Stream are also vulnerable.

What we don’t know

• When upstream kernel patches will land. Distribution maintainers are working on backports, but as of May 10, no official patches have been released.
• Whether this has been exploited in the wild before disclosure. Kim’s research doesn’t address prior exploitation, and no incident reports have surfaced.
• How cloud providers are responding. Containerized environments with default seccomp profiles offer some protection (the exploit needs network-related syscalls), but VMs and bare-metal servers are fully exposed.

How Dirty Frag works

The exploit corrupts files through the kernel’s page cache. When a process reads a file, the kernel maps its contents into memory pages. Normally, those pages are protected: userspace can read them but not write back through the page cache without proper authorization.

Dirty Frag breaks that guarantee. The ESP and RxRPC subsystems both have code paths that write to page-cache pages they don’t exclusively own. By sending specially crafted network packets that trigger these paths, an attacker can overwrite the cached contents of sensitive files (like /etc/passwd or SUID binaries) and escalate to root.

The “frag” in the name refers to the fragment reassembly path in the network stack that triggers the page-cache write. It’s the same class of bug as Dirty Pipe (2022) and Copy Fail, but through a different kernel subsystem.

Mitigations until patches arrive

The immediate workaround is disabling the vulnerable kernel modules. Create /etc/modprobe.d/dirtyfrag.conf with:

install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false

This breaks IPsec VPNs (which depend on ESP) and AFS distributed file systems (which use RxRPC). If your infrastructure relies on either, you’re choosing between the vulnerability and the functionality.

SELinux and AppArmor in enforcing mode add a layer of protection by restricting what a newly-rooted process can do. But they don’t prevent the escalation itself.

What this means for you

If you run Linux servers, containers, or VMs with local user access, this is a patch-immediately situation, except the patch doesn’t exist yet. Monitor your distribution’s security advisory feed. Ubuntu, Red Hat, and SUSE have all issued tracking pages.

For cloud workloads, check whether your container runtime’s seccomp profile blocks the AF_KEY and AF_RXRPC socket families. Default Docker and Kubernetes profiles typically do, which limits exposure in containerized environments. VMs and bare-metal instances don’t have that protection.

The embargo breach means the PoC is public and the window between disclosure and patch is entirely open. Treat this as an active threat, not a theoretical one.