CVE-2026-43500

“Dirty Frag” is a recently disclosed Linux kernel local privilege escalation (LPE) vulnerability that allows an unprivileged local user to obtain root access on many major Linux distributions. This includes a user logged in remotely via SSH. It belongs to the same class of page-cache corruption issues as Dirty Pipe and the more recent “Copy Fail” vulnerability. The vulnerability works by chaining two separate kernel flaws in the networking subsystem. Together, these flaws allow attackers to overwrite protected file contents in the Linux page cache without proper write permissions, ultimately enabling deterministic root privilege escalation. The issue has been fixed in the Linux kernel, but an official kernel release containing the patch has not yet been published. Most Linux distributions however have backported these patches to their kernels and started to make them available through updates. No in-the-wild exploitation has been reported to date. However, the similar “Copy Fail” vulnerability was exploited shortly after its public disclosure.

EPSS 40.27% · 97.4th percentile