9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems

Dirty Frag is the collective name researchers assigned to two Linux vulnerabilities that existed in the Linux kernel for around nine years before being discovered.

Red Hat, a major American software firm, has released a report on two Linux kernel vulnerabilities collectively dubbed Dirty Frag. It is a local privilege escalation (LPE) vulnerability similar to the recently reported Copy Fail, allowing an unprivileged user with a basic local account to gain root access.

For context, in cybersecurity, root is the highest level of power possible, and getting it without permission is called privilege escalation.

According to researchers, the Dirty Frag vulnerability has existed for around nine years, and caused by a logic flaw in the networking sections of the system that handle the IPSec ESP (esp4 and esp6) and rxrpc modules. The IPSec ESP issue is tracked as CVE-2026-43284, whereas the rxrpc part is given the ID CVE-2026-43500.

How the ...