Published on: 11 May 2026
A local privilege escalation vulnerability(Dirty Frag) is found in the Linux kernel, which chains two separate vulnerabilities(CVE-2026-43284 and CVE-2026-43500). A local unprivileged attacker may leverage the vulnerability to escalate its privilege on a vulnerable system.
Reports indicated that proof-of-concept (PoC) exploit code is publicly available for an elevation of privilege vulnerability and it is at high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Successful exploitation of the vulnerability could lead to elevation of privilege on an affected system.
The vulnerability is fixed in some of the affected Linux distributions including Debian, Red Hat, SUSE and Ubuntu. The following is only a sample list of Linux distributions that are affected. The list is not exhaustive and it is strongly recommended to consult the product vendors if the used Linux systems are affected. System administrators should check with their product vendors to confirm if their Linux systems are affected and the availability of patches, and if so, apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.