'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros

A public exploit is available for a nine-year old vulnerability that affects the Linux kernel, paving the way for root privilege escalation. The flaw, which actually is two vulnerabilities chained together, is in the same class as previously discovered Linux flaws Dirty Pipe and Copy Fail, but affects a different kernel data structure than those issues. Security researcher Hyunwoo Kim disclosed the flaw, dubbed "Dirty Frag," and published a proof of concept (PoC) exploit last week on X. The vulnerability affects a wide range of Linux distributions, including Ubuntu, Red Hat Enterprise Linux (RHEL), CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora — none of which are fully patched yet. In fact, there are signs Dirty Frag already is under limited exploitation, although it's unclear if attackers targeted Dirty Frag or Copy Fail, according to the Microsoft Defender Security Resarch Team. "Microsoft Defender is currently seeing limited in-the-wild activity where privilege escalation involving 'su' is observed, and which may be indicative of techniques associated with either "Dirty Frag" or "Copy Fail," read a blog post published Friday by the team. Exploiting the flaw allows for modification of protected system files in memory without authorization, leading to privilege escalation on a compromised system. The two flaws that comprise Dirty Frag are tracked CVE-2026-43284 and CVE-2026-43500, both of which were assigned 7.8 CVSS scores and a severity impact of "Important" by...