'Tech' Media Keeps Hyping Up Local Privilege Escalation, Cites Microsoft as 'Linux Authority' (FUD Source)

posted by Roy Schestowitz on May 12, 2026,
updated May 13, 2026

See: The Slop-Amplified Fear of Privilege Escalation (Local, Not Remote) in Linux, the Kernel

• Security Week ☛ New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

  Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released.

  [...]

  Researcher Hyunwoo Kim responsibly disclosed the vulnerability, but someone made it public before patches could be released, prompting Kim to make the technical details and PoC code available.

  “Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is very high,” Kim explained.

• InfoSecurity Magazine ☛ Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities

  Major Linux distributions are rushing to fix two new vulnerabilities after the disclosure embargo was broken.

  The vulnerability, comprised of two chained issues in subsystems of the Linux kernel and known as ‘Dirty Frag,’ was detected in late April 2026 by independent security researcher Hyunwoo Kim.

  He found a local privilege escalation (LPE) flaw in the Linux kernel that could allow an attacker with local access to a vulnerable device to obtain root privileges on all major Linux distributions.

• ZDNet ☛ Linux is getting a security wake-up call - why it was inevitable and I'm not worried

  Serious Linux vulnerabilities, like Copy Fail and Dirty Frag, are becoming more common. Here's why, and how the Linux development community is responding.

• CSO ☛ New ‘Dirty Frag’ exploit targets Linux kernel for root access [Ed: Citing Microsoft as authority on Linux again?]

  A newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” is giving attackers a cleaner path to post-compromise escalation to root privileges.

• Dark Reading ☛ 'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros [Ed: Once again treating Microsoft as the go-to authority that speaks for Linux]

  Security researcher Hyunwoo Kim disclosed the flaw, dubbed "Dirty Frag," and published a proof of concept (PoC) exploit last week on X. The vulnerability affects a wide range of Linux distributions, including Ubuntu, Red Hat Enterprise Linux (RHEL), CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora — none of which are fully patched yet.

• HackRead ☛ 9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems

  Dirty Frag is the collective name researchers assigned to two Linux vulnerabilities that existed in the Linux kernel for around nine years before being discovered.

• ZDNet ☛ Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet

  Linux has been having a rough few weeks. First, the Copy Fail security hole was uncovered by AI researchers. In that case, the patches were quickly made and distributed. We weren't so lucky with the newly disclosed Linux kernel flaw, dubbed Dirty Frag, which was also, it seems, discovered with AI's help, but patches are still in the works.

• Open Source For U ☛ Public Linux Code Commits Trigger Early Dirty Frag Disclosure

  The open-source Linux ecosystem is facing mounting pressure on its vulnerability disclosure model after parallel bug discovery triggered the premature exposure of the Dirty Frag local privilege escalation (LPE) vulnerability before complete patches were available.

  The Linux kernel security team had embargoed Dirty Frag until May 12 to allow fixes to be prepared. However, the embargo was broken on May 7 after developer Trevor (_SiCK) independently identified related exploit primitives through publicly visible kernel code commits while researching Copy Fail 2 (CVE-2026-43284).

• LWN ☛ Two stable kernels with Dirty Frag fixes

  Greg Kroah-Hartman has released the 7.0.6 and 6.18.29 stable kernels with Hyunwoo Kim's patch for the second vulnerability (CVE-2026-43500) reported with Dirty Frag and Copy Fail 2. All users are advised to upgrade.

• Homo Ludditus ☛ Is Debian the Answer?

  What I meant is this: Is Debian the Answer to the Ultimate Question of Life, the Universe, and Everything? The context is that of a new Linux local privilege escalation vulnerability: Dirty Frag. 💣💥

• Noë Flatreaud ☛ Thoughts on Dirty Frag

  The embargo was broken by external factors before patches existed, and the document was published at the request of the linux-distros maintainers.

Lots more of the same a day later:

• Computing UK ☛ Linux security concerns deepen after 'Dirty Frag' discovery

  The newly revealed vulnerability, nicknamed "Dirty Frag," allows attackers with low-level access to an affected system to gain full administrative control, according to security researchers and Linux distribution maintainers.

• InfoQ ☛ Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

  Two recent Linux kernel vulnerabilities have been disclosed: Copy Fail (CVE-2026-31431) on April 29, 2026, and Dirty Frag (CVE-2026-43284 and CVE-2026-43500) on May 7, 2026. Both allow local users to gain root access, affecting multiple GNU/Linux distributions.

  [...]

  The disclosure timeline shows that Theori reported the issue to the Linux kernel security team on 23 March 2026. An initial acknowledgment followed the next day, patches were proposed and reviewed by 25 March, a mainline commit landed on 1 April, and CVE-2026-31431 was assigned on 22 April. Public disclosure came on 29 April 2026. Major distributions began shipping fixes in the days that followed. Bugcrowd security researcher Casey Ellis wrote on the Bugcrowd blog that Theori "did not pivot to AI exploit development to chase a trend. They pivoted because the math now favours it."

• Cybersecurity News: A.I. software flaw hackers, Forza Horizon 6 leak, Linux kernel hit again

• Dirty Frag Linux Flaw Allows Local Privilege Escalation to Root Access

  A newly discovered Linux flaw dubbed “Dirty Frag” is raising alarms among security experts as it enables attackers to escalate minor breaches into full system takeovers quickly. This vulnerability highlights how even limited access can quickly spiral into complete control of critical systems.

• Dirty Frag: A Second Critical Linux Flaw Hits in Two Weeks

  Linux administrators have barely caught their breath from one severe kernel flaw before being hit with another. A freshly leaked exploit called Dirty Frag lets low-privilege users — and even those confined to virtual machines — seize root control on practically any major Linux distribution. It’s the second nasty surprise in fourteen days, and patches need to go on tonight.

• The Record ☛ Dirty Frag: Linux kernel hit by second major security flaw in two weeks

  Copy Fail had prompted concern as it provided hackers with an escape route from cloud containers, meaning a compromised application running inside a supposedly isolated environment can break out and take control of the entire host server — a major risk given the cloud industry’s dependence on Linux distributions.

• CVE-2026-43500 and CVE-2026-43284: Dirty Frag Linux Privilege Escalation Flaw Raises Post-Compromise Risk

  Linux local privilege escalation bugs remain especially dangerous when they turn a limited foothold into full root access. The CVE-2026-43500 vulnerability is the RxRPC half of the Dirty Frag exploit chain, which Microsoft says is already linked to limited in-the-wild post-compromise abuse, while Qualys describes it as a page-cache write issue that can let an unprivileged local user escalate privileges on major Linux distributions.

• Dirty Frag Linux Flaw Raises Post-Compromise Risk

  Dirty Frag refers to Linux local privilege escalation flaws tracked as CVE-2026-43284 and CVE-2026-43500 that allow a low-privileged user to obtain root access by abusing kernel networking and memory-fragment handling components, including esp4, esp6, and rxrpc. The exploit has been observed in real-world attacks where adversaries first gain an initial foothold through SSH access, web shells, container escapes, or compromised service accounts, then trigger the vulnerability with an ELF binary that invokes the su command. Once root privileges are obtained, attackers can disable security controls, alter logs, move laterally, and establish long-term persistence. The report describes a limited but active campaign using this technique.

• It's FOSS ☛ Linux 7.0.6 is Out, and It Fully Patches the Dirty Frag Exploit

  Fedora and Pop!_OS have also pushed fixes. Here's what changed and how to get patched.

  Dirty Frag has been the talk of the town (at least in Linux and open source circles) recently. The LPE was inadvertently exposed to the public, catching the Linux project and the various distros off guard.

  Thankfully, a proper patch is now out, landing in Linux 7.0.6 and Linux 6.18.29 LTS. Fedora and Pop!_OS have already pushed their own fixes too.lockquote>

• Bruce Schneier ☛ Copy.Fail Linux Vulnerability

  Why does that matter on shared infrastructure? Because “local” covers a lot of ground in 2026: every container on a shared Kubernetes node, every tenant on a shared hosting box, every CI/CD job that runs untrusted pull-request code, every WSL2 instance on a Windows laptop, every containerised AI agent given shell access. They all share one Linux kernel with their neighbours. A kernel LPE collapses that boundary.