#DirtyFrag status/advisories:

AlmaLinux:
https://almalinux.org/blog/2026-05-07-dirty-frag/

Debian:
https://security-tracker.debian.org/tracker/CVE-2026-43500
https://security-tracker.debian.org/tracker/CVE-2026-43284

Gentoo:
https://bugs.gentoo.org/974307

RedHat:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2026-43284
https://access.redhat.com/security/cve/cve-2026-43284
nothing yet on CVE-2026-43500

Rocky:
https://kb.ciq.com/article/rocky-linux/rl-dirty-frag-mitigation

SUSE / OpenSUSE:
https://www.suse.com/security/cve/CVE-2026-43500.html
https://www.suse.com/security/cve/CVE-2026-43284.html
https://www.suse.com/c/addressing-copy-fail2-aka-dirtyfrag-in-suse-virtualization/

Ubuntu:
https://ubuntu.com/security/CVE-2026-43284
https://ubuntu.com/security/CVE-2026-43500
https://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available

AWS:
https://aws.amazon.com/security/security-bulletins/rss/2026-027-aws/
https://explore.alas.aws.amazon.com/CVE-2026-43284.html

2 new vulnerabilities similar to copyfail:

- CVE-2026-43284 (Dirty Frag)
- CVE-2026-43500

https://github.com/V4bel/dirtyfrag

We're waiting for a release containing the last one before pushing new kernels to aports.

https://github.com/V4bel/dirtyfrag#mitigation mentions a mitigation in the meantime.

Just got a kernel update from Debian 13's security channel, which fixes both CVE-2026-43284 and CVE-2026-43500, aka "Dirty Frag".

Debian 12 is not yet patched.

Tracker Links:
https://security-tracker.debian.org/tracker/CVE-2026-43284
https://security-tracker.debian.org/tracker/CVE-2026-43500

#DirtyFrag #Debian #Linux #Kernel #InfoSec

CVE-2026-43284 / "Dirty Frag" .. Antoher one of those nasty local-privilege-escallations.

Quickfix for Centos/Fedora based systems:

printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf && rmmod esp4 esp6 rxrpc 2>/dev/null; true

Caution: That also effectively disables IPSEC and AFS client support. But it can easily be reverted by removing the file when a patched kernel arrives.

#dirtyfrag #cve_2026_43284 #security #centos #fedora #redhat

Nouveaux kernels stables : 7.0.5 / 6.18.28 / 6.12.87 / 6.6.138

Ils embarquent un fix partiel pour #DirtyFrag (CVE-2026-43284) et Copy Fail 2.

Partiel, car Greg Kroah-Hartman a confirmé qu'un second patch est encore en développement et n'a pas encore été mergé.

La mitigation par blacklist des modules reste donc recommandée en attendant.
👇
https://lwn.net/Articles/1071775/

#Linux #Kernel #CyberVeille

OhMyDebn 3.7.1 now available with mitigation for Dirty Frag local privilege escalation (CVE-2026-43284)

OhMyDebn is a debonair Linux desktop for power users. It gives you the stability of the Debian distro, the ease of use of the Cinnamon desktop, and the power of AI, containers, and virtualization.

[related]
chez AlmaLinux

"Dirty Frag (CVE-2026-43284) vulnerability fix is ready for testing"
👇
https://almalinux.org/blog/2026-05-07-dirty-frag/

📰 Critical Unpatched 'Dirty Frag' Linux Zero-Day Allows Instant Root Access

🚨 CRITICAL ZERO-DAY: 'Dirty Frag' (CVE-2026-43284) vulnerability in Linux kernel disclosed with NO PATCH. Allows immediate root privilege escalation. Flaw has existed for 9 years. Admins must seek mitigations now! 🐧🔥 #Linux #ZeroDay #CyberSecurity

🔗 https://cyber.netsecops.io

@jschauma About https://istheinternetonfire.com/ DirtyFrag now has one CVE (two, actually) CVE-2026-43284 and CVE-2026-43500

"Dirty Frag" status update on the clickbait overhype: ESP half (CVE-2026-43284) now patched: mainline f4c50a4034e6, stable backports in 7.0.5 / 6.18.28 / 6.12.87 / 6.6.138 / 6.1.171 / 5.15.205 / 5.10.255. RxRPC half (CVE-2026-43500) still unpatched upstream. AWS now adds ipcomp4/ipcomp6 to the blacklist alongside esp4/esp6/rxrpc, adjacent xfrm code paths, defense in depth or a hint more is coming. AlmaLinux and CloudLinux shipped both fixes. Ubuntu, Debian, RHEL, Amazon still mitigation only.

As I haven't seen this in my timeline yet:
There is another #Linux #zeroday privilege escalation #vulnerability.
No, not copy_fail, a new one, called DirtyFrag, combining CVE-2026-43284 and CVE-2026-43500

Apparently the finder was gonna disclose this responsibly, but they claim the embargo was broken by a third party.

Most probably not patched yet in distros, but fix (at least for one of the CVEs) is in mainline.

https://github.com/V4bel/dirtyfrag

A workaround/mitigation exists: https://github.com/V4bel/dirtyfrag#mitigation

Habis #CopyFail terbitlah #DirtyFrag

• CVE-2026-43284
• CVE-2026-43500

Belum coba sih poc-nya, tapi sepertinya simpel juga.

https://github.com/V4bel/dirtyfrag/blob/master/README.md

#linux #cve #infosec

Les deux vulnérabilités composant #DirtyFrag ont reçu leurs numéros CVE :

🔴 CVE-2026-43284 — xfrm-ESP Page-Cache Write (patché en mainline : f4c50a4034e6)
🟡 CVE-2026-43500 — RxRPC Page-Cache Write

Si ce n'est pas encore fait, la mitigation reste de blacklister esp4, esp6 et rxrpc.
👇
https://vulnerability.circl.lu/vuln/CVE-2026-43284

Another day, another severe Linux vulnerability / bug: #DirtyFrag

Links:

https://www.theregister.com/security/2026/05/08/dirty-frag-linux-flaw-one-ups-copyfail-with-no-patches-and-public-root-exploit/5237230

https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/

Mitigation:

https://github.com/V4bel/dirtyfrag#mitigation

CVE:
https://nvd.nist.gov/vuln/detail/CVE-2026-43284

#cve_2026_43500 #cve_2026_43284 #cve #Linux #ZeroDay #infosec #security

@Edent In theory yes, if they load one of the vulnerable kernel modules then you could achieve root on them with a compatible exploit.
The vulnerable module in the initial CopyFail exploit was AF_ALG.

There is a good summary of the vulnerable modules for the second two disclosed this week here, there are more, in this post on @ifin
https://discourse.ifin.network/t/cve-2026-43284-cve-2026-2026-43500-new-copyfail-variants-dirtyfrag/395

Did you update your Linux kernel again to protect against the last privilege escalation bug?

No, not CopyFail (CVE-2026-31431), the new DirtyFrag (CVE-2026-43284, CVE-2026-43500).

#DirtyFrag status/advisories:

AlmaLinux:
https://almalinux.org/blog/2026-05-07-dirty-frag/

Debian:
https://security-tracker.debian.org/tracker/CVE-2026-43500
https://security-tracker.debian.org/tracker/CVE-2026-43284

Gentoo:
https://bugs.gentoo.org/974307

RedHat:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2026-43284
https://access.redhat.com/security/cve/cve-2026-43284
nothing yet on CVE-2026-43500

Rocky:
https://kb.ciq.com/article/rocky-linux/rl-dirty-frag-mitigation

SUSE / OpenSUSE:
https://www.suse.com/security/cve/CVE-2026-43500.html
https://www.suse.com/security/cve/CVE-2026-43284.html
https://www.suse.com/c/addressing-copy-fail2-aka-dirtyfrag-in-suse-virtualization/

Ubuntu:
https://ubuntu.com/security/CVE-2026-43284
https://ubuntu.com/security/CVE-2026-43500
https://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available

AWS:
https://aws.amazon.com/security/security-bulletins/rss/2026-027-aws/
https://explore.alas.aws.amazon.com/CVE-2026-43284.html

2 new vulnerabilities similar to copyfail:

- CVE-2026-43284 (Dirty Frag)
- CVE-2026-43500

https://github.com/V4bel/dirtyfrag

We're waiting for a release containing the last one before pushing new kernels to aports.

https://github.com/V4bel/dirtyfrag#mitigation mentions a mitigation in the meantime.

and we have another one. This one with CVE.

#dirtyfrag #CVE-2026-43500

Just got a kernel update from Debian 13's security channel, which fixes both CVE-2026-43284 and CVE-2026-43500, aka "Dirty Frag".

Debian 12 is not yet patched.

Tracker Links:
https://security-tracker.debian.org/tracker/CVE-2026-43284
https://security-tracker.debian.org/tracker/CVE-2026-43500

#DirtyFrag #Debian #Linux #Kernel #InfoSec

Why wait for the slow UEFI when you can just `systemctl kexec` to remediate Dirty Frag with (almost) sub- 1 Minute downtime (2nd reboot for CVE-2026-43500 follows)
(all VMs except the pinned ones have been migrated off before)

@jschauma About https://istheinternetonfire.com/ DirtyFrag now has one CVE (two, actually) CVE-2026-43284 and CVE-2026-43500

"Dirty Frag" status update on the clickbait overhype: ESP half (CVE-2026-43284) now patched: mainline f4c50a4034e6, stable backports in 7.0.5 / 6.18.28 / 6.12.87 / 6.6.138 / 6.1.171 / 5.15.205 / 5.10.255. RxRPC half (CVE-2026-43500) still unpatched upstream. AWS now adds ipcomp4/ipcomp6 to the blacklist alongside esp4/esp6/rxrpc, adjacent xfrm code paths, defense in depth or a hint more is coming. AlmaLinux and CloudLinux shipped both fixes. Ubuntu, Debian, RHEL, Amazon still mitigation only.

As I haven't seen this in my timeline yet:
There is another #Linux #zeroday privilege escalation #vulnerability.
No, not copy_fail, a new one, called DirtyFrag, combining CVE-2026-43284 and CVE-2026-43500

Apparently the finder was gonna disclose this responsibly, but they claim the embargo was broken by a third party.

Most probably not patched yet in distros, but fix (at least for one of the CVEs) is in mainline.

https://github.com/V4bel/dirtyfrag

A workaround/mitigation exists: https://github.com/V4bel/dirtyfrag#mitigation

Habis #CopyFail terbitlah #DirtyFrag

• CVE-2026-43284
• CVE-2026-43500

Belum coba sih poc-nya, tapi sepertinya simpel juga.

https://github.com/V4bel/dirtyfrag/blob/master/README.md

#linux #cve #infosec

Les deux vulnérabilités composant #DirtyFrag ont reçu leurs numéros CVE :

🔴 CVE-2026-43284 — xfrm-ESP Page-Cache Write (patché en mainline : f4c50a4034e6)
🟡 CVE-2026-43500 — RxRPC Page-Cache Write

Si ce n'est pas encore fait, la mitigation reste de blacklister esp4, esp6 et rxrpc.
👇
https://vulnerability.circl.lu/vuln/CVE-2026-43284

Another day, another severe Linux vulnerability / bug: #DirtyFrag

Links:

https://www.theregister.com/security/2026/05/08/dirty-frag-linux-flaw-one-ups-copyfail-with-no-patches-and-public-root-exploit/5237230

https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/

Mitigation:

https://github.com/V4bel/dirtyfrag#mitigation

CVE:
https://nvd.nist.gov/vuln/detail/CVE-2026-43284

#cve_2026_43500 #cve_2026_43284 #cve #Linux #ZeroDay #infosec #security

Did you update your Linux kernel again to protect against the last privilege escalation bug?

No, not CopyFail (CVE-2026-31431), the new DirtyFrag (CVE-2026-43284, CVE-2026-43500).

CISA KEV update May 7: CVE-2026-6973 Ivanti EPMM added. Actively exploited input validation flaw. Federal deadline applies, everyone else should patch. - https://www.cisa.gov/news-events/alerts/2026/05/07/cisa-adds-one-known-exploited-vulnerability-catalog

Tracked as CVE-2026-6973, this security flaw allows attackers with administrative privileges to execute arbitrary code remotely on systems running EPMM 12.8.0.0 and earlier. https://www.bleepingcomputer.com/news/security/cisa-gives-feds-four-days-to-patch-ivanti-flaw-exploited-as-zero-day/

⚠️ PSA: patch your AlmaLinux systems.

Copy Fail lets any local user escalate to root. We shipped fixes for AL 8, 9 & 10 ahead of upstream—they're in production now. https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/

Was Sysadmins zu CVE 2026 31431 wissen müssen
https://www.golem.de/news/732-bytes-bis-root-was-sysadmins-zu-cve-2026-31431-wissen-muessen-2605-208469.html?utm_source=flipboard&utm_medium=activitypub

Gepostet in GOLEM @golem-Golemde

Did you update your Linux kernel again to protect against the last privilege escalation bug?

No, not CopyFail (CVE-2026-31431), the new DirtyFrag (CVE-2026-43284, CVE-2026-43500).

The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an unauthenticated attacker to execute arbitrary code with root privileges by sending specially crafted packets. https://thehackernews.com/2026/05/pan-os-rce-exploit-under-active-use.html

📰 Critical Palo Alto Networks Zero-Day (CVE-2026-0300) Actively Exploited for RCE

🚨 CRITICAL ZERO-DAY: Palo Alto Networks warns of an unpatched, actively exploited RCE vulnerability (CVE-2026-0300) in PAN-OS firewalls. The flaw allows root access via the User-ID portal. Mitigate immediately! #CyberSecurity #ZeroDay #PANOS

🔗 https://cyber.netsecops.io

Sur le même sujet: https://moto-station.com/moto-revue/actu/failles-de-cybersecurite-sur-les-motos-zero-et-les-scooters-yadea/727298

Recherche citée pour les scooters Yadea: https://github.com/ktauchathuranga/CVE-2025-70994

💬
⬇️
https://infosec.pub/post/46128998

Oh, neat, the daily MS CVSS 10 :apartyblobcat:

https://nvd.nist.gov/vuln/detail/cve-2026-42826

Google pushes massive Chrome 148 security update — patches 127 flaws including 3 critical bugs (CVE-2026-7896/7897/7898). Users are urged to update now; fixes also affect Chromium-based browsers (e.g., Brave, Helix). Read more: https://cyberinsider.com/google-pushes-massive-chrome-security-update-to-patch-127-flaws/ 🔒⚠️ #Chrome #Security #Cybersecurity

Davide Ornaghi and Giuseppe Caruso found a very interesting bug in #Linux's in-kernel Samba3 server from 6.12 to 6.19.x. Essentially, from the commit message and #CVE description:

> Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to hijack an orphaned durable handle by predicting or brute-forcing the persistent ID.

Very interesting stuff! The kernel let's users resume their connection to an open file even after WiFi drops (durable handle), and a bug in this code let another authenticated user become this WiFi-dropped user, letting the hijacker access all files.

https://github.com/TurtleARM/CVE-2026-31717-KSMBD-Exploit

CVE-2026-31717