Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities

Dirty Frag is a chained local privilege escalation affecting major Linux distributions, formed by two high-severity Linux kernel flaws (CVE-2026-43284: write-what-where in xfrm-ESP, and CVE-2026-43500: out-of-bounds write in RxRPC). A PoC was published and Microsoft Defender observed limited in-the-wild privilege-escalation activity; maintainers and distributions are releasing patches and recommend temporary mitigations (disabling esp4/esp6/rxrpc modules) and monitoring for suspicious local privilege escalation behavior.