Dirty Frag: Universal Linux LPE
Summary
Dirty Frag describes a Linux local privilege escalation (LPE) technique chaining two page-cache write vulnerabilities (xfrm-ESP and RxRPC) to obtain root access on major distributions. The disclosure notes CVE-2026-43284 for the xfrm-ESP component and a reserved CVE-2026-43500 for RxRPC, with patches not yet released due to embargo status. The piece emphasizes responsible disclosure, cross-distro testing, and the need for kernel updates and mitigations while the vulnerabilities remain unpatched.