Security
Linux Kernel Dirty Frag Vulnerability Patched
By Steven | TrustYourWebsite2 min read
Source: Next.ink
A security vulnerability in the Linux kernel, nicknamed "Dirty Frag", was publicly disclosed on 7 May 2025 after third parties broke an embargo that was intended to give distributions time to prepare patches. According to Next.ink, the disclosure happened before patches were ready, leaving systems temporarily exposed.
What is Dirty Frag?
According to Next.ink, two vulnerabilities were identified in the Linux kernel's page cache handling. They are tracked as CVE-2026-43284 and CVE-2026-43500 (note: the 2026 year prefix in these identifiers is unusual for a 2025 disclosure and may reflect an error in the source). The first affects the xfrm-ESP component, which has been present in the kernel since 2017. The second affects RxRPC, present since 2023.
Both vulnerabilities allow a local user who already has an account on a machine to escalate their privileges to root level, meaning they could gain full control over that system. The attack vector is local, so an attacker would first need existing access to the machine.
What happened after disclosure?
Because the embargo was broken before patches existed, researcher Hyunwoo Kim published a workaround. According to Next.ink, the workaround involves blocking the esp4, esp6 and rxrpc kernel modules to prevent exploitation.
Patches were subsequently developed and merged. According to Next.ink, the patch for CVE-2026-43284 was merged on 5 May and the patch for CVE-2026-43500 on 10 May. Linux distributions then began deploying these patches to their users. CVE-2026-43284 received a CVSS severity score of 8.8, according to Next.ink. A score for CVE-2026-43500 had not yet been confirmed at the time of reporting.
What does this mean for your website?
If your website or web application runs on a Linux-based server, which is the case for the majority of hosting environments, keeping your server software up to date is the most important step you can take right now. Contact your hosting provider to confirm that kernel patches for Dirty Frag have been applied to your server. For a broader overview of security steps relevant to small business websites, see our security checklist for small businesses and our guide on vulnerable WordPress plugins.
Check your website now
Free website scan covering GDPR, copyright, accessibility, security, and more.
Start free checkRelated articles
Security
PHP Security Flaws: Update Now to Fix Critical
CERT-FR published advisory CERTFR-2026-AVI-0553 on 11 May 2026 reporting multiple vulnerabilities in PHP versions 8.2.x, 8.3.x, 8.4.x, and 8.5.x, including remote denial of service, SQL injection,…
2 min read
Security
Exim CVE-2026-45185 Vulnerability: CERT-FR Advisory
CERT-FR published advisory CERTFR-2026-AVI-0589 on 13 May 2026 disclosing a vulnerability in Exim versions 4.97 and later up to (but not including) 4.99.3, referenced as CVE-2026-45185.
2 min read
Security
Spring 2026 web security roundup: what changed in 6 weeks
SPIP, Spring, NGINX, cPanel, Let's Encrypt, MD5, Windows worm CVEs and a WordPress backdoor — a grounded recap of late April to mid May 2026.
4 min read