"Dirty Frag is a local privilege escalation vulnerability chain that exploits logic bugs in Linux's networking and authentication stacks to corrupt data in the kernel's page cache, enabling an unprivileged account to escalate to root."
"Like those flaws, Dirty Frag exploits kernel code paths that write to memory pages accessible to unprivileged user space, but it targets a different structure: the fragment field of sk_buff networking buffers."
"It works by targeting two separate networking subsystems: the IPsec Encapsulating Security Payload, or xfrm-ESP, path, tracked as CVE-2026-43284, and the RxRPC authentic"
"Unfortunately, the coordinated disclosure and patch processes quickly went off the rails. On May 7, while distributions were still shipping fixes for the related Copy Fail flaw, detailed Dirty Frag technical information and a working proof-of-concept exploit for the xfrm-ESP component appeared online after an embargo break by an unrelated third party."
Dirty Frag is a local privilege escalation vulnerability chain affecting Linux networking and authentication stacks. It corrupts data in the kernel’s page cache, allowing an unprivileged account to escalate to root. The exploit targets two networking subsystems: the IPsec Encapsulating Security Payload path (xfrm-ESP), tracked as CVE-2026-43284, and the RxRPC authentication component. The vulnerability is related to earlier Linux kernel flaws such as Dirty Pipe and Copy Fail, which also abused kernel code paths that write to memory pages accessible to unprivileged user space. Patches are still being developed, and detailed technical information and a working proof-of-concept exploit appeared after an embargo break, leaving systems exposed.
#linux-kernel-security #local-privilege-escalation #networking-vulnerabilities #ipsec-xfrm-esp #kernel-patching
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]