The article discusses newly identified privilege escalation vulnerabilities in the Linux kernel, primarily due to issues with how page caches in memory are managed. Specifically, two vulnerabilities, CVE-2026-43284 and CVE-2026-43500, exploit flaws in the handling of network and memory fragments, affecting processes like esp4, esp6, and rxrpc.
The recent CopyFail exploit leveraged a flawed page cache related to IPsec. A previous vulnerability, Dirty Pipe, also allowed attackers to overwrite page caches. The new vulnerability, termed Dirty Frag, shares characteristics with these exploits but targets kernel structures related to network handling. It enables attackers to manipulate read-only page caches, leading to potential file corruption.
CVE-2026-43284 affects the IPsec ESP receive path, while CVE-2026-43500 is linked to the decryption of RxRPC payloads. Although these exploits are unreliable when used alone, chaining them can lead to root access on major Linux distributions, posing risks like SSH access and web shell execution.
Researchers note that while the exploit is unlikely to penetrate secured environments like Kubernetes, risks remain significant in less restricted settings. Linux users are urged to apply patches promptly, even if it requires a system reboot, and to follow mitigation steps if immediate patching isn’t possible.
Source link
