CVE-2026-43500

Published May 11, 2026

Last updated a month ago

CVSS high 7.8
Ubuntu
Container Security
Server

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-43500 is a vulnerability found within the Linux kernel's RxRPC networking subsystem, forming one half of a pair of flaws collectively dubbed "Dirty Frag." This issue arises when a non-linear socket buffer, which carries a splice-pinned page-cache reference, reaches the RxRPC authentication verification path. Instead of isolating the buffer, the kernel performs an in-place decryption directly on the referenced page-cache page. This behavior can be exploited by an unprivileged local attacker to corrupt the contents of the page-cache. By manipulating cached data in memory, an attacker could potentially overwrite sensitive system files, such as `/etc/passwd`, to achieve unauthorized access or escalate privileges.

Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-owned paged fragments (e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via __ip_append_data, or a chained skb_has_frag_list()) falls through to the in-place decryption path, which binds the frag pages directly into the AEAD/skcipher SGL via skb_to_sgvec(). Extend the gate to also unshare when skb_has_frag_list() or skb_has_shared_frag() is true. This catches the splice-loopback vector and other externally-shared frag sources while preserving the zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC page_pool RX, GRO). The OOM/trace handling already in place is reused.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Modified
Products
linux_kernel

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-787
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-787

Social media

Hype score
Not currently trending

  1. Unpopular opinion: The cybersecurity industry is selling you dashboards. This week handed cloud-native security teams a convergent crisis: a deterministic Linux kernel privilege escalation chain ("Dirty Frag," CVE-2026-43284 + CVE-2026-43500) with a public PoC sits…

    @lyrie_ai

    21 Jun 2026

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. CVE-2026-43284 TL;DR "Dirty Frag" (CVE-2026-43284, CVE-2026-43500) is a newly disclosed, unpatched Linux kernel local privilege escalation vulnerability chain affecting all major distributions.

    @lyrie_ai

    15 Jun 2026

    51 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Load-Bearing Assumptions: the rxrpc case (CVE-2026-43500) and the constraint that was never there https://t.co/zx3DcMOEEX

    @Komodosec

    14 Jun 2026

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ثغرة تصعيد امتيازات محلية في نواة Linux تتيح للمستخدم العادي الوصول لصلاحيات root، أُطلق عليها Dirty Frag المعرّفات : CVE-2026-43284, CVE-2026-43500 المكونات : esp4, esp6, rxrpc kernel modul

    @KasperskyDev

    7 Jun 2026

    211 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Dirty Frag / Kukurigu: Universal Linux kernel LPE chain. 3 CVEs (CVE-2026-43284/CVE-2026-43500/CVE-2026-46300) chain to write arbitrary data to page-cache pages via splice(). Root in <3s. PoC in 18h. Worse than Dirty COW — no race needed. https://t.co/dQxfhG91Rm

    @BunSnack

    6 Jun 2026

    7 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 2026 Linux 重置密码教程大全 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @furlingdu

    1 Jun 2026

    158 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Linux Kernel “Dirty Frag” Local Privilege Escalation (LPE), CVE-2026-43284 & CVE-2026-43500 https://t.co/yWHTqpxw1z

    @Djax_Alpha

    27 May 2026

    190 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  8. 【Linuxカーネルに複数脆弱性、権限昇格とコンテナ環境に注意】 JVNは、Linuxカーネルにおける複数の脆弱性を公開しました。Dirty Frag関連のCVE-2026-43284 / CVE-2026-43500、Copy FailのCVE-2026-31431により、認証済みローカ

    @01ra66it

    26 May 2026

    725 Impressions

    1 Retweet

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  9. 刚发现一个有点离谱的东西:DirtyFrag,一个不需要跑窗口就能稳定提权的 Linux 内核漏洞利用链。 本质上把两个页缓存写漏洞(CVE-2026-43284 + CVE-2026-43500)串起来,直接覆盖内核页面拿 root。跟 Dirty Pipe 是一类 bug,

    @vintcessun

    25 May 2026

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300) -PinTheft (CVE-2026-43494)

    @luadoles

    22 May 2026

    193 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Linux 重置密码大全 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300) -PinTheft (CVE-2026-4

    @hsn8086k

    22 May 2026

    37707 Impressions

    101 Retweets

    633 Likes

    317 Bookmarks

    40 Replies

    7 Quotes

  12. CVE-2026-43284 + CVE-2026-43500 Dirty Frag: escalada de privilegios via page cache en Linux https://t.co/DUYBrgfu1D

    @Blogredorbita

    18 May 2026

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Linuxのカーネルまわりの脆弱性(最近のやつ)の整理(as of 5月18日) ・Copy Fail / CVE-2026-31431 ・Dirty Frag (Copy Fail 2) / CVE-2026-43284, CVE-2026-43500 ・Fragnesia / CVE-2026-46300 ・DirtyDecrypt (Fragnesia亜種) LPE連打が厄介。

    @_hito_

    18 May 2026

    2501 Impressions

    13 Retweets

    18 Likes

    7 Bookmarks

    0 Replies

    1 Quote

  14. Dirty Flag / Fragnesia も KB が出てた。Copy Fail と似たような感じか。 Impact Evaluation of CVE-2026-43284, CVE-2026-43500, and CVE-2026-46300 (Dirty Frag/Fragnesia) of VMware by Broadcom product portfolio https://t.co/R0qATFzxuo

    @IrieMasahiro

    18 May 2026

    415 Impressions

    3 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. nu11secur1ty: CVE-2026-43284 / CVE-2026-43500 / CVE-2026-46300 -... https://t.co/Njo9b6A8Fa

    @nu11secur1ty1

    16 May 2026

    49 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Linuxのカーネルまわりの脆弱性(最近のやつ)の整理: ・Copy Fail / CVE-2026-31431 ・Dirty Frag / CVE-2026-43284, CVE-2026-43500 ・Fragnesia / CVE-2026-46300 ・Fragnesia亜種 / CVE未採番 <- 5/16(日本時間)に登場した新種

    @_hito_

    16 May 2026

    608 Impressions

    8 Retweets

    17 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  17. Copy Fail, Dirty Frag로 잘 알려진 CVE-2026-31431 CVE-2026-43284 CVE-2026-43500 의 검증,패채,확인 을 위해서 툴을 만들었어요. Linux용 실행파일 하나로 assess, remediate, verify 가능하게 만듬(amd64,arm64지원; rollback도 지원) https://t.co

    @skshin2000

    16 May 2026

    164 Impressions

    2 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  18. BREAKING: SUSE Linux ships critical kernel fixes for CVE-2026-43284 and CVE-2026-43500 affecting Enterprise 15 SP6, 16.0 and Micro 6.0/6.1, with public PoCs driving urgent patching. https://t.co/O0ZUmmjqsh

    @threatcluster

    15 May 2026

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Patching Dirty Frag (CVE-2026-43284/CVE-2026-43500) on Oracle Linux? This script works. But after you patch, you need to understand the next 0-day. Read more -> https://t.co/vpF08XYMdP https://t.co/UJL9DlCHWJ

    @Cezar_H_Linux

    15 May 2026

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. 🚨 Dirty Frag = root access via RAM corruption. No disk writes. FIM blind. CVE-2026-43284 + CVE-2026-43500 hit RHEL, Ubuntu, Debian & more. Patch now, blacklist esp4/esp6/rxrpc. Read here: https://t.co/WksXdUWmK6 #LinuxSecurity #CyberThreats https://t.co/Ch89IHZk6p

    @sequretek_sqtk

    15 May 2026

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 2026 Linux 如何重置密碼 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @sayaalauun

    14 May 2026

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Dirty Frag (CVE-2026-43284およびCVE-2026-43500): Linuxカーネル ESPおよび RxRPC経由のパッチ未適用のローカル権限昇格検出 https://t.co/TCjAhoy9mX

    @TYOBlackHatNews

    14 May 2026

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CachyOS patcht Dirty Frag und Copy Fail im Linux-Kernel Innerhalb einer Woche wurden zwei schwerwiegende Sicherheitslücken im Linux Kernel öffentlich bekannt: Copy Fail (CVE-2026-31431) sowie Dirty Frag (CVE-2026-43284 und CVE-2026-43500). Beide Schwachstellen ermöglichen es

    @tec4net

    14 May 2026

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Them: Linux is most secure OS Me: Yes - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @hetmehtaa

    14 May 2026

    72711 Impressions

    41 Retweets

    378 Likes

    163 Bookmarks

    40 Replies

    15 Quotes

  25. 😮‍💨За місяць аж три критичні вразливості у Linux: Copy Fail (CVE-2026-31431), DirtyFrag (CVE-2026-43284 та CVE-2026-43500), і найсвіжіша, з того ж сімейства Karnel LPE — Fragnesia (CVE-2026-46300), що бул

    @manbiitesdog

    14 May 2026

    157 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Four critical Linux kernel LPEs in just 15 days. This isn't just a bad week; it’s a historic threat to Linux infrastructure. 🚨Copy Fail (CVE-2026-31431) 🚨Dirty Frag (CVE-2026-43284) 🚨Copy Fail 2 (CVE-2026-43500) 🚨Fragnesia (CVE-2026-46300) Every single one of t

    @Maxprotectsoc

    14 May 2026

    129 Impressions

    1 Retweet

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  27. Four critical Linux kernel LPEs in just 15 days. This isn't just a bad week; it’s a historic threat to Linux infrastructure. 🚨Copy Fail (CVE-2026-31431) 🚨Dirty Frag (CVE-2026-43284) 🚨Copy Fail 2 (CVE-2026-43500) 🚨Fragnesia (CVE-2026-46300) Every single one of t

    @Maxprotectsoc

    14 May 2026

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Dirty Frag (CVE-2026-43284 & CVE-2026-43500) - [ Indonesia Language ] This video discusses Dirty Frag (CVE-2026-43284 & CVE-2026-43500), a Linux kernel vulnerability that enables Local Privilege Escalation (LPE). https://t.co/g2VDY4mv0s

    @roomkangali

    14 May 2026

    134 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 2026 Linux 重置密码教程大全 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @hsn8086k

    14 May 2026

    69819 Impressions

    179 Retweets

    1061 Likes

    459 Bookmarks

    12 Replies

    11 Quotes

  30. 記憶バッファに収まらないんですが…… ・Copy Fail / CVE-2026-31431 ・Dirty Frag / CVE-2026-43284, CVE-2026-43500 ・Fragnesia / CVE-2026-46300

    @_hito_

    14 May 2026

    26921 Impressions

    37 Retweets

    230 Likes

    117 Bookmarks

    1 Reply

    3 Quotes

  31. 『Dirty Frag(CVE-2026-43284 および CVE-2026-43500):Linux カーネルの ESP と RxRPC を介した未修正のローカル権限昇格の検知』 https://t.co/N7ZezgXsEu #DirtyFrag #脆弱性 #特権昇格 #サイバーセキュリティ #Sysdig

    @TakaoShimizu1

    13 May 2026

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Linux “Dirty Frag”系の権限昇格、片方(CVE-2026-43284)は修正版公開済み。CVE-2026-43500は主要ディストリ向け未提供。「全部パッチで解決」ではなく、今は更新+緩和+監視の3点セットが現実的。 https://t.co/qTWKEgms

    @rakushu_sec

    13 May 2026

    76 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Dirty Frag (CVE-2026-43284 & CVE-2026-43500) gives attackers a near-certain path from minor foothold to full root access—silently—across virtually every major enterprise Linux distribution. Patch now. Learn more here: 🔗 https://t.co/NVQh3zkWQc https://t.co/oGvCx1Chzm

    @safebreach

    13 May 2026

    141 Impressions

    1 Retweet

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  34. ⁦Linux⁩ يواجه ثغرة حادة ثانية في أسبوعين. استغلال ⁦Dirty Frag⁩ يسمح بالوصول إلى المسؤول عبر ⁦CVE-2026-43284⁩ و ⁦CVE-2026-43500⁩. تصحيحات من ⁦Debian⁩ و ⁦AlmaLinux⁩ و ⁦Fedora⁩. ثبّ

    @ssict

    13 May 2026

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain https://t.co/YwgDBpNLUV https://t.co/CIVOjOLHTK

    @dansantanna

    13 May 2026

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 🚨 #AlertaSOC Nuevas vulnerabilidades críticas en kernel de Linux sobre CVE-2026-43284 y CVE-2026-43500 que afectan a la ruta xfrm/ESP (IPsec) y en el módulo/protocolo RxRPC, respectivamente. #CiberseguridadAND Actualizar el kernel a la mayor brevedad 🔗 https://t.co/02bpl

    @CentroCiberAND

    13 May 2026

    112 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🚨Linuxの新たな脆弱性「Dirty Frag」 攻撃で悪用されている可能性(CVE-2026-43284、CVE-2026-43500) 💡先週の脆弱性開示を受け、Linuxカーネルのキルスイッチが提案される(CVE-2026-31431) 〜サイバーアラート5月12日

    @MachinaRecord

    12 May 2026

    168 Impressions

    1 Retweet

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  38. CVE-2026-43284: The Dirty Frag Linux vulnerability (CVE-2026-43284 & CVE-2026-43500) is being actively exploited in the wild. Learn how to secure your servers from this root LPE exploit. #DirtyFrag #LinuxSecurity #CyberSecurity #ZeroDay #Vulnerability #ExploitInTheWild…

    @lyrie_ai

    12 May 2026

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  39. Dirty Frag — CVE-2026-43284 / CVE-2026-43500 Detection Script https://t.co/Nz7UOzh43g

    @jedisct1

    11 May 2026

    622 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  40. Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain https://t.co/sMBGdL0Emh https://t.co/6iecQje2oH

    @EAlexStark

    11 May 2026

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain https://t.co/bcaG0fVEbl https://t.co/43U54oq63P

    @Trej0Jass

    11 May 2026

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Over the weekend, we responded to the critical "DirtyFrag" Linux vulnerability (CVE-2026-43284 and CVE-2026-43500) by deploying an emergency kernel patch across all regions. While our systems are not affected by the RxRPC vulnerability (CVE-2026-43500) as we don't compile that

    @upsundotcom

    11 May 2026

    268 Impressions

    2 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  43. Critical Linux privilege escalation "Dirty Frag" (CVE-2026-43284, CVE-2026-43500) exploits IPsec ESP and RxRPC in-place decryption to corrupt page cache. Zero-day PoC public, patches pending. Technical details: • Affects Linux 4.10-7.0 via ESP (2017 commit) and RxRPC (2023) ht

    @DFIR_Radar

    8 May 2026

    236 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. CVE-2025-14269
  2. IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.CVE-2026-9320
  3. IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.CVE-2026-9072
  4. IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.CVE-2026-9071
  5. IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.CVE-2026-9006

References

Sources include official advisories and independent security research.