9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems

Red Hat and independent researchers disclosed "Dirty Frag", a pair of Linux kernel vulnerabilities (CVE-2026-43284 and CVE-2026-43500) that can be chained to achieve reliable local privilege escalation to root across many Linux distributions by abusing page-cache-write logic in IPSec ESP and RxRPC; mitigations include blacklisting affected modules, keeping SELinux enforcing, avoiding root workloads, and applying vendor patches when available.