Dirty Frag – Linux Kernel Local Privilege Escalation (CVE-2026-43284 & CVE-2026-43500)
Overview
Dirty Frag - Linux Kernel Local Privilege Escalation is a Linux kernel vulnerability chain tracked as CVE-2026-43284 and CVE-2026-43500. The chain affects kernel networking paths where externally shared page fragments can be handled as if they were privately owned by the kernel.
Vulnerability Overview
Dirty Frag combines two related Linux kernel issues. CVE-2026-43284 affects the xfrm ESP path, while CVE-2026-43500 affects RxRPC packet handling. In both cases, the core problem is unsafe in-place processing of packet data backed by shared paged fragments.
When kernel networking code modifies externally backed fragments without first making a private copy, data integrity boundaries can break down. This makes Dirty Frag part of the broader class of Linux page-cache and shared-fragment bugs that can become local privilege escalation risks.
Impact
The highest severity in the chain is High with a CVSS 3.1 score of 8.8 for CVE-2026-43284. CVE-2026-43500 is also rated High with a CVSS 3.1 score of 7.8.
Successful exploitation can allow a local low-privilege user to influence privileged execution paths, with high confidentiality, integrity, and availability impact. The risk is especially important on multi-user Linux systems and environments where untrusted users can execute code locally.
Vulnerability Scope
CVE-2026-43284 affects Linux kernel xfrm ESP handling across multiple stable branches, including ranges from 4.11 up to fixed releases such as 5.10.255, 5.15.205, 6.1.171, 6.6.138, 6.12.87, 6.18.28, and 7.0.5.
CVE-2026-43500 affects Linux kernel RxRPC handling, with NVD-listed exposure from after 5.3 up to fixed releases before 6.18.29, and from 6.19 up to before 7.0.6, including early 7.1 release candidates.
Distribution kernels may carry backported fixes, so administrators should confirm vendor package status and changelogs instead of relying only on upstream version numbers.
Lab Focus
This Hackviser lab focuses on understanding how shared page fragments in kernel networking paths can create local privilege escalation exposure. You will practice reading multi-CVE vulnerability scope, comparing related kernel fixes, and prioritizing Linux kernel patching based on local attacker impact.