Summary
Linux systems face a new root escalation threat called "Dirty Frag," which chains two vulnerabilities (CVE-2026-43284 and CVE-2026-43500) to overwrite read-only page cache data in memory. The flaws allow unprivileged users to modify critical system files like /etc/passwd or /usr/bin/su in RAM to gain full administrative control.
Take Action:
Disable the esp4, esp6, and rxrpc kernel modules immediately to block the "Dirty Frag" exploit path if you do not use IPsec or AFS. Note that this mitigation will disable IPsec VPNs and AFS file systems. After applying the latest kernel updates from your vendor, ensure you clear the system page cache to remove any unauthorized memory modifications.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)