Linux hit by second severe vulnerability in two weeks
Original: Linux bitten by second severe vulnerability in as many weeks
Why This Matters
Second critical Linux vulnerability in two weeks highlights ongoing kernel security challenges
Linux systems face another critical vulnerability called Dirty Frag, allowing low-privilege users to gain root access. Exploit code leaked online works reliably across distributions. Microsoft reports signs of wild exploitation.
Security researchers have identified a new Linux vulnerability dubbed Dirty Frag that enables containers and untrusted users to escalate privileges to root access. The exploit chains together two kernel vulnerabilities (CVE-2026-43284 and CVE-2026-43500) affecting page cache handling in networking and memory-fragment components. Discovered by researcher Hyunwoo Kim, the deterministic exploit works across virtually all Linux distributions without causing crashes. Microsoft has detected signs of hackers experimenting with Dirty Frag in the wild. This marks the second severe Linux vulnerability in two weeks, following Copy Fail disclosed last week. Debian, AlmaLinux, and Fedora have released patches, with other distributors expected to follow.