A serious vulnerability known as 'Dirty Frag' affects major Linux distributions.
A ' Dirty Frag ' vulnerability has been reported in almost all major Linux distributions, allowing a local user to gain root privileges. Security experts say the attack has an extremely high success rate and is also highly dangerous because it does not cause a kernel panic even if the attack fails.
GitHub - V4bel/dirtyfrag · GitHub
https://github.com/V4bel/dirtyfrag
oss-security - Dirty Frag: Universal Linux LPE
https://www.openwall.com/lists/oss-security/2026/05/07/8
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html
💥 Introducing 'Dirty Frag'
— V4bel (@v4bel) May 7, 2026
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years late.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even… pic.twitter.com/2pfLnD77zy
🚨 Notes for Linux
— 23pds (Yamage) (@im23pds) May 8, 2026
Introducing the latest version of the Linux-based Dirty Frag with a limited root system.
You can directly access root on any mainstream Linux operating system that owns a low-level version. This is a certain qualitative communication leakage, the attacker has no demand, the actual conditions are very high, the attack success rate is very high, and the internal nuclear collapse is not possible, and the danger is very high. https://t.co/Y8087NXf96
A new privilege escalation vulnerability, 'Dirty Frag,' has been disclosed for Linux. It has been discovered that a combination of multiple flaws allows for the acquisition of root privileges in major distributions. Currently, there is no patch, and widespread impact is a concern.
— yousukezan (@yousukezan) May 7, 2026
This vulnerability is Hyunwoo…
'Dirty Frag' is an attack method that can gain root privileges by combining vulnerabilities in xfrm-ESP and RxRPC. Security researcher Kim Hyun-woo (@V4bel) describes it as a successor to ' Dirty Pipe ,' which was disclosed in March 2022, and ' Copy Fail ,' which was disclosed in April 2026.
The supported Linux distributions include Ubuntu 24.04.4, RHEL 10.1, openSUSE Tumbleweed, CentOS Stream 10, AlmaLinux 10, and Fedora 44, listing all the major ones.
While the earlier 'Copy Fail' vulnerability could be mitigated by disabling the kernel's 'algif_aead' module, 'Dirty Frag' can be exploited regardless of whether the algif_aead module is enabled or disabled.
Therefore, it is recommended to block the 'esp4,' 'esp6,' and 'rxrpc' modules to prevent them from loading until a patch becomes available. Additionally, if your system may have been attacked, your page cache will likely be contaminated and should be discarded.
According to Kim, the prohibition against responsible disclosure was broken before each distribution could coordinate their responses, so CVE identifiers have not been assigned to the two vulnerabilities that make up the 'Dirty Frag.'
AlmaLinux, prioritizing security above all else, has built a patched kernel ahead of the CentOS Stream and RHEL updates, considering the severity of the vulnerability and how easily it can be exploited. This kernel is being provided to the testing repository and will be released to the production repository once community verification is complete.
AlmaLinux OS - Forever-Free Enterprise-Grade Operating System
https://almalinux.org/ja/blog/2026-05-07-dirty-frag/
Related Posts:
in Security, Posted by logc_nt