Company

Red Hat

2 articles First covered Apr 30, 2026, latest May 10, 2026

Wiz Research's disclosure page for the Dirty Frag Linux kernel privilege escalation vulnerability

A nine-year-old Linux kernel bug gives root in one command. No patch exists yet.

Dirty Frag chains two page-cache flaws in the ESP and RxRPC subsystems into a deterministic privilege escalation that hits every major distro. A PoC exploit is public.

The Copy Fail launch graphic showing a stylized terminal prompt and the title text on a dark background.

Security·last week

'Copy Fail' lets a 732-byte script grab root on Ubuntu, RHEL, and SUSE. Patched April 29.

CVE-2026-31431 chains AF_ALG and splice() to write into the page cache of /usr/bin/su. Xint Code disclosed it on April 29, nine years after the bug shipped.