Linux kernel has been hit with another severe vulnerability as researchers discovered Dirty Frag, affecting critical networking components. Two exploits (CVE-2026-43284 and CVE-2026-43500) target page cache handling in memory, allowing untrusted users to modify sensitive data. These join recent vulnerabilities like CopyFail and share similarities with 2022's Dirty Pipe, creating concerning patterns in kernel security.

The vulnerabilities exploit the frag member of the kernel's struct sk_buff through splice() operations. When chained together, they provide attackers reliable root access across major Linux distributions. While some configurations like Ubuntu with AppArmor or distributions not using rxrpc.ko may remain partially protected, the combined attack vector poses significant risks for most systems.

Patches are available but require a reboot for full protection. Containerized environments with default security settings face reduced risk, while virtual machines and less restricted environments remain vulnerable. System administrators must prioritize patching to prevent potential SSH access, web-shell execution, container escapes, or compromise of low-privilege accounts.