cd /news/cybersecurity/linux-bitten-by-second-severe-vulner… · home topics cybersecurity article
[ARTICLE · art-8628] src=arstechnica.com ↗ pub= topic=cybersecurity verified=true sentiment=↓ negative

Linux bitten by second severe vulnerability in as many weeks

The article reports that a second severe Linux vulnerability, named "Dirty Frag," has been disclosed within two weeks, allowing low-privilege users and containers to gain root access. Exploit code was leaked online and is deterministic, working reliably across most Linux distributions without causing crashes, and Microsoft has observed hackers experimenting with it in the wild. While patches have been released by distributors like Debian, AlmaLinux, and Fedora, the vulnerability poses an immediate threat, and organizations are urged to apply fixes swiftly.

read2 min views21 publishedMay 11, 2026

Linux users have been bitten by yet another vulnerability that gives containers and untrusted users the ability to gain root access, marking the second time in as many weeks that a severe threat has caught defenders off guard. The threat, known as Dirty Frag, allows low-privilege users, including those using virtual machines, to gain root control of servers. Attacks are particularly suitable in shared environments, where a server is used by multiple parties. Hackers can also gain root as long as they have access to a separate exploit that gives a toehold into a machine. Exploit code was leaked online three days ago and works reliably across virtually all Linux distributions. Microsoft has said it has spotted signs that hackers are experimenting with Dirty Frag in the wild. Immediate and significant threat The leaked exploit is deterministic, meaning it works precisely the same way each time it’s run and across different Linux distributions. It causes no crashes, making it stealthy to run. A vulnerability known as Copy Fail, disclosed last week with no patches available to end users, possesses the same characteristics. “The ‘Dirty Frag’ vulnerability presents an immediate and significant threat to Linux systems, as it allows unauthorized users to gain root access by exploiting unpatched kernel flaws,” researchers from security firm Aviatrix wrote Monday. “With proof-of-concept exploits publicly available and signs of limited in-the-wild exploitation, organizations must act swiftly to apply patches and implement mitigations to protect their systems from potential compromise.” Dirty Frag was discovered and disclosed late last week by researcher Hyunwoo Kim. The exploit chains together code for exploiting two vulnerabilities—tracked as CVE-2026-43284 and CVE-2026-43500. Shortly after the disclosure, someone else leaked key details, effectively making the vulnerability a zero-day. With that, Kim published the source code for the proof-of-concept exploit he had developed. While both vulnerabilities were patched in the Linux kernel, none of the distributions had incorporated the fix. At the time this post went live, several distributors had released patches. Known distributors included Debian, AlmaLinux, and Fedora. People who are interested in other distributions should check with the official provider.

── more in #cybersecurity 4 stories · sorted by recency
── more on @linux 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/linux-bitten-by-seco…] indexed:0 read:2min 2026-05-11 ·