{"id":217767,"date":"2026-05-21T03:30:07","date_gmt":"2026-05-21T07:30:07","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/21\/linux-kernel-dirty-frag-lpe-exploit-enables-root-access-across-major-distributions\/"},"modified":"2026-05-21T03:30:10","modified_gmt":"2026-05-21T07:30:10","slug":"linux-kernel-dirty-frag-lpe-exploit-enables-root-access-across-major-distributions","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/21\/linux-kernel-dirty-frag-lpe-exploit-enables-root-access-across-major-distributions\/","title":{"rendered":"Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/linux-kernel-dirty-frag-lpe-exploit.html\">Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/linux-kernel-dirty-frag-lpe-exploit.html\">https:\/\/thehackernews.com\/2026\/05\/linux-kernel-dirty-frag-lpe-exploit.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-08 01:12:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>A new local privilege escalation (LPE) vulnerability dubbed &#8220;Dirty Frag&#8221; has been disclosed, affecting the Linux kernel. This variant, initially reported on April 30, 2026, by security researcher Hyunwoo Kim, is said to allow an unprivileged local user to gain elevated root privileges on a variety of major Linux distributions, including popular ones like Ubuntu, RHEL, and Fedora. The vulnerability stems from two components: an xfrm-ESP Page-Cache Write issue and an RxRPC Page-Cache Write vulnerability which extend the vulnerability class that includes Dirty Pipe and Copy Fail.<\/p>\n<p>The exploitation chain does not require the kernel&#8217;s algif_aead module and does not depend on a timing window, thus providing an extremely high success rate. Because this vulnerability doesn&#8217;t correlate precisely with any race conditions, and due to the involvement of xfrm-ESP and RxRPC, it functions reliably across environments where other mitigation techniques like those for Copy Fail are applied. The absence of patches and the release of a working proof-of-concept exploit intensify the urgency for immediate mitigation. Linux distributions like Ubuntu and AlmaLinux recommend blocking the esp4, esp6, and rxrpc modules to prevent exploitation until patches become available.<\/p>\n<p>Key Points:<br \/>\n&#8211; Dirty Frag exploits vulnerabilities in Linux kernel to escalate privileges to root.<br \/>\n&#8211; It chains xfrm-ESP and RxRPC Page-Cache Write vulnerabilities to bypass normal mitigations.<br \/>\n&#8211; The exploit is highly reliable and does not rely on a timing window.<br \/>\n&#8211; While no official CVE initially existed due to an embargo breach, patches were later issued for the underlying components.<br \/>\n&#8211; The exploit is observed to be used in limited in-the-wild scenarios, especially within environments allowing privileged actions.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions https:\/\/thehackernews.com\/2026\/05\/linux-kernel-dirty-frag-lpe-exploit.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":217769,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgnVSDBWt4hKZ-DOrZqHWPVH0JxrpcUeup9hpMpoH5Ny8bpuJ6Lviv58aH0aK2S2IJvAugaYRhM8P9wUW3tbVCu2kFMQbG5F16kI3PvS6gmR2Px8qOxcat-tK-UHV9oSDsAv9MHjvrduyndsqhicJxX1GroDTBo8it4ANI2wKIUVauhdxbgrNBQHhdgq2SW\/s1700-e365\/linux.gif","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,31,27],"class_list":["post-217767","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217767"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=217767"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217767\/revisions"}],"predecessor-version":[{"id":217771,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217767\/revisions\/217771"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/217769"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=217767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=217767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=217767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}