Hyunwoo Kim (@v4bel) has disclosed a severe Linux local privilege escalation vulnerability called Dirty Frag that affects virtually all major Linux distributions. The exploit chains two kernel vulnerabilities—the xfrm-ESP Page-Cache Write and RxRPC Page-Cache Write flaws—to achieve root access without requiring race conditions or timing windows.

The attack works by combining arbitrary 4-byte write primitives from both vulnerabilities, creating a universal exploit that bypasses namespace restrictions. While xfrm-ESP requires namespace creation privileges that Ubuntu sometimes restricts via AppArmor, RxRPC works without such requirements but isn't loaded by default on most distributions. Together, they cover each other's blind spots, making the exploit effective everywhere.

No patches currently exist because the disclosure embargo was broken externally. The xfrm-ESP vulnerability received CVE-2026-43284 after the fact, while RxRPC awaits tracking via CVE-2026-43500. Systems running kernels from 2017 onward remain vulnerable, creating a nine-year exposure window across Ubuntu, RHEL, Fedora, and other distributions until vendors backport fixes.