Overview of the Dirty Frag Vulnerability
The Linux community has been abuzz over a recently exposed local privilege escalation (LPE) flaw known as Dirty Frag. This vulnerability, which surfaced unintentionally, caught both the Linux kernel project and major distributions off guard. Fortunately, a definitive patch has now been integrated into Linux kernel versions 7.0.6 and 6.18.29 LTS, with distributions like Fedora and Pop!_OS rolling out their own fixes shortly thereafter.
Technical Details of the Patch
Root Cause and Severity
The vulnerability, officially tracked as CVE-2026-43500, carries a CVSS score of 7.8 (HIGH) on the National Vulnerability Database. It was discovered and responsibly disclosed by security researcher Hyunwoo Kim, who also authored the fix.
The underlying issue traces back to a commit in 2019 that inadvertently left two packet types unhandled in the rxrpc (RxRPC) processing path: those whose pages are fed in via splice() and those with attached fragment chains. The kernel treated these as non-shared memory, skipping the necessary safe copy and decrypting the data in place. This oversight opened a window for a local attacker to tamper with those pages from userspace during decryption, ultimately leading to root access.
How the Fix Works
The patch extends the existing checks in two rxrpc functions to also recognize these two packet types. As a result, they are now copied to a private buffer before decryption—exactly as they should have been from the start. Linus Torvalds merged the fix on May 10, and the patched kernels were released the following day.
How to Update Your System
General Kernel Update
The source tarball for Linux 7.0.6 is available at kernel.org. This option is intended for users comfortable with manual compilation. If you are on an Ubuntu-based distribution, we have a step-by-step guide to assist you.
Important: Manual kernel updates carry risks. Always ensure you have a full backup of your data before proceeding.
Fedora Update Process
Fedora kernel maintainer Justin Forbes announced that the fix was expedited to the stable branch. Fedora 43 and Fedora 44 receive it via the 7.0.4 kernel, while Fedora 42 users get it through 6.19.14-101. Notably, the team skipped a 7.0.5 update for F43 and F44 because the fix was already present in their 7.0.4 builds.
To apply the update on Fedora Workstation 43, follow these steps:
- Check for available updates with:
sudo dnf update - Once you verify the patched kernel (e.g.,
x86_64 7.0.4-100.fc43) is listed, run:sudo dnf upgrade - Press Y when prompted to confirm the upgrade.
Pop!_OS Update Process
For users on Pop!_OS LTS releases (22.04 and 24.04), System76 has released kernel updates addressing both Dirty Frag CVEs. The esp4 and esp6 modules tied to the second CVE were patched and are safe to re-enable. However, for rxrpc, System76 chose to disable the module rather than patch it and will hold off on re-enabling it.
To apply the fixes:
- Run:
sudo apt update && sudo apt upgrade - After the update completes, reboot your system with:
sudo reboot
Further Reading and Best Practices
For a comprehensive breakdown of the Dirty Frag vulnerability, refer to our earlier coverage here. Keeping your kernel up-to-date is critical for security; always apply patches as soon as they are available from your distribution. Remember to back up important data before performing any system-level updates.