Active attack: Dirty Frag Linux vulnerability expands post-compromise risk

Microsoft Defender describes “Dirty Frag,” a Linux kernel local privilege escalation that leverages esp4/esp6 and rxrpc networking/memory-fragment handling to reliably escalate from unprivileged user to root (CVE-2026-43284 and CVE-2026-43500). The report outlines technical behavior similar to CopyFail, observed limited in-the-wild usage after initial access (SSH, web-shells, container escape), detection coverage in Defender products, and mitigation recommendations including patching, disabling vulnerable modules, and increased monitoring.