Critical Patch Available for Dirty Frag Exploit
Linux kernel 7.0.6 and the LTS branch 6.18.29 have been released with a full fix for the Dirty Frag local privilege escalation (LPE) vulnerability, tracked as CVE-2026-43500. The flaw carries a CVSS score of 7.8 (HIGH) and could allow an attacker with local access to gain root privileges.
“The vulnerability creates a window where a local attacker can tamper with kernel memory during decryption, escalating to root,” said Hyunwoo Kim, the researcher who discovered and disclosed Dirty Frag. “The patch ensures vulnerable pages are copied to a private buffer before decryption, closing that window.”
Linus Torvalds merged the fix on May 10, and the patched kernels were released the following day. Fedora and Pop!_OS have already pushed their own updates.
Background
Dirty Frag was inadvertently exposed to the public, catching Linux distributions off guard. The root cause traces back to a 2019 commit that left two packet types unaccounted for in the rxrpc handling path: those with pages fed in through splice() and those with fragment chains attached.
The kernel did not treat these as shared memory, so it skipped making a safe copy and decrypted them in place. That left a window for a local attacker to reach in from userspace and tamper with those pages while decryption was happening – enough to get root.
What This Means
All Linux users, especially those running systems with local user accounts or untrusted users, should update immediately. The exploit requires local access, but in shared environments like servers or desktop systems, the risk is severe.
“If you have multiple users on a machine, this vulnerability could let any user become root,” said a security researcher familiar with the exploit. “Patching is critical.”
Users on Fedora and Pop!_OS should apply the distro-specific updates as soon as possible. For others, the official kernel tarball is available at kernel.org.
Where to Get the Fix
Linux Kernel 7.0.6
The tarball for 7.0.6 is available on kernel.org. This is intended for those with the skill to install manually. For Ubuntu-based distros, a guide is available, but note that manual installation carries risks – back up your data first.
Fedora
Fedora kernel maintainer Justin Forbes announced that the fix was already being pushed to the stable branch. Fedora 43 and Fedora 44 receive it with the 7.0.4 kernel, and Fedora 42 users get it with 6.19.14-101.
“We skipped an update to 7.0.5 for F43 and F44 because the fix was already implemented in our 7.0.4 builds,” Forbes explained. To update on Fedora Workstation 43, run:
sudo dnf updateVerify the patched kernel version (x86_64 7.0.4-100.fc43) and then run:
sudo dnf upgradePop!_OS
For Pop!_OS LTS releases 22.04 and 24.04, System76 has released kernel updates covering both Dirty Frag CVEs. The esp4 and esp6 modules tied to the second CVE were patched and are safe to re-enable.
For the rxrpc vulnerability, System76 chose to disable the module rather than patching it. They are holding off on re-enabling it. To get the fixes, run:
sudo apt update && sudo apt upgradeAfter the update, reboot:
sudo rebootFurther Reading
For more details on the Dirty Frag vulnerability and its disclosure, see our background section above or read the original coverage.