New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released.

A newly disclosed local privilege escalation vulnerability affecting major Linux distributions may already be exploited in the wild.

The exploit, named Dirty Frag and Copy Fail 2, chains two flaws tracked as CVE-2026-43284 and CVE-2026-43500, allowing an unprivileged user to escalate permissions to root.

Researcher Hyunwoo Kim responsibly disclosed the vulnerability, but someone made it public before patches could be released, prompting Kim to make the technical details and PoC code available.

“Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is very high,” Kim explained.

The vulnerabilities affect the xfrm-ESP (IPsec) and RxRPC components of the Linux kernel, with the greatest impact on hosts that ...