CVE-2026-43284KEVEXPLOITEDPATCHED

linux · linux_kernel

xfrm: esp: avoid in-place decrypt on shared skb frags

Description

Dirty Frag also allows for container escape, and similarly affects nearly all Linux distributions in use today. It was discovered by Hyunwoo Kim, and exploits the same underlying design flaw in how Linux manages files in memory. The attack corrupts files in memory without touching the originals on disk, leaving standard security monitoring tools unable to detect it.

Affected Products

Vendor	Product	Versions
linux	linux_kernel	cac2661c53f35cbe651bef9b07026a5a05ab8ce0, cac2661c53f35cbe651bef9b07026a5a05ab8ce0, cac2661c53f35cbe651bef9b07026a5a05ab8ce0, cac2661c53f35cbe651bef9b07026a5a05ab8ce0, cac2661c53f35cbe651bef9b07026a5a05ab8ce0, cac2661c53f35cbe651bef9b07026a5a05ab8ce0, cac2661c53f35cbe651bef9b07026a5a05ab8ce0, cac2661c53f35cbe651bef9b07026a5a05ab8ce0, cac2661c53f35cbe651bef9b07026a5a05ab8ce0, cac2661c53f35cbe651bef9b07026a5a05ab8ce0, 4.11

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
linux	linux	mitre_affected	90%
open source	linux kernel	cert_advisory	90%

References

Related News (17 articles)

Tier D

The Record8h ago

Dirty Frag: Linux kernel hit by second major security flaw in two weeks

→ No new info (linked only)

Tier D

CSO Online8h ago

New ‘Dirty Frag’ exploit targets Linux kernel for root access

→ No new info (linked only)

Tier A

Microsoft MSRC11h ago

CVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared skb frags

→ No new info (linked only)

Tier D

SecurityWeek12h ago

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

→ No new info (linked only)

Tier B

CERT-FR20h ago

Bulletin d'actualité CERTFR-2026-ACT-021 (11 mai 2026)

→ No new info (linked only)

Tier E

Hacker News2d ago

"Dirty Frag" (CVE-2026-43284): The Second Linux Root Exploit in Eight Days

→ No new info (linked only)

Tier E

Hacker News2d ago

CVE-2026-43284 ("Dirty Frag") Alma Linux

→ No new info (linked only)

Tier E

Hacker News2d ago

Dirty Frag: Ongoing Linux Kernel Privilege Escalation Vulnerability Since 2017

→ No new info (linked only)

Tier C

Qualys Blog2d ago

Dirty Frag: Using the Page Caches as an Attack Surface

→ No new info (linked only)

Tier E

Hacker News2d ago

Dirty Frag Linux kernel local privilege escalation vulnerability mitigations

→ No new info (linked only)

Tier E

Hacker News3d ago

Dirty Frag (CVE-2026-43284, CVE-2026-43500): Mitigation

→ No new info (linked only)

Tier B

CCCS Canada3d ago

AL26-011 - Vulnerabilities affecting Linux - CVE-2026-43284 and CVE-2026-43500

→ No new info (linked only)

Tier D

Help Net Security3d ago

Dirty Frag: Unpatched Linux vulnerability delivers root access

→ No new info (linked only)

Tier B

BSI Advisories3d ago

[NEU] [hoch] Linux Kernel (Dirty Frag): Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-43284 | Linux Kernel up to 6.6.137/6.12.86/6.18.27/7.0.4 xfrm skb_splice_from_iter privilege escalation

→ No new info (linked only)

Tier C

oss-security3d ago

Re: Dirty Frag: Universal Linux LPE

→ No new info (linked only)

Tier C

Linux Kernel CVEs3d ago

CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags

→ No new info (linked only)

CVSS 3.18.8 IMPORTANT

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

50ed1e7873100f77abad20fd31c51029bc49cd03b54edf1e9a3fd3491bdcb82a21f8d21315271e0d71a1d9d985d26716f74d21f18ee8cac821b06e9752646cbd00e765a6db9c3afe9535f2621827603406.6.1386.12.876.18.287.0.5

CWECWE-20, CWE-125, CWE-416

PublishedMay 8, 2026

Last enriched7h agov10

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-31431EXPKEV

crypto: algif_aead - Revert to operating out-of-place

Trending: 122

HIGHCVE-2026-43500EXPKEV

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

Trending: 118

CRITICALCVE-2026-43312EXP

media: i2c: ov5647: Initialize subdev before controls

Trending: 62

CRITICALCVE-2025-71301EXP

drm/tests: shmem: Hold reservation lock around vmap/vunmap

Trending: 62

CRITICALCVE-2026-43010EXP

bpf: Reject sleepable kprobe_multi programs at attach time

Trending: 62

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 8, 2026

Added to CISA KEV

May 8, 2026

Discovered by ZDM

May 8, 2026

Updated: affectedVersions

May 8, 2026

Updated: cweIds, tags

May 8, 2026

Updated: description, cweIds, exploitAvailable, activelyExploited, tags

May 8, 2026

Updated: description, affectedVersions, tags

May 8, 2026

Updated: affectedVersions, cweIds, tags

May 9, 2026

Updated: description, severity

May 9, 2026

Actively Exploited

May 11, 2026

Exploit Available

May 11, 2026

Patch Available

May 11, 2026

Updated: cweIds, tags

May 11, 2026

Updated: description, cweIds, tags

May 11, 2026

Updated: description, severity

May 11, 2026

Version History

v10

Last enriched 7h ago

v10Tier D7h ago

Updated description with new details about the discovery and impact, changed severity to IMPORTANT, and noted that no patch is currently available.

descriptionseverity

via The Record

v9Tier D7h ago

Updated description with detailed technical information about the Dirty Frag exploit and added new CWE and tags.

descriptioncweIdstags

via CSO Online

v8Tier D11h ago

Updated description with detailed technical information, added new CWE IDs, and included new tags related to the vulnerability.

cweIdstags

via SecurityWeek

v7Tier C2d ago

Updated description with detailed technical information about the Dirty Frag exploit and changed severity from NONE to HIGH.

descriptionseverity

via Qualys Blog

v6Tier C2d ago

Updated description with new technical details, added affected versions, changed severity to HIGH, and included new CWE and tags.

affectedVersionscweIdstags

via Qualys Blog

v5Tier B3d ago

Updated description with details on publicly available Proof of Concepts and added affected environments and tags.

descriptionaffectedVersionstags

via CCCS Canada

v4Tier B3d ago

Updated description with details on CVE-2026-43284 and CVE-2026-43500, added CWE-123, marked as actively exploited, and noted that no universal fix is available.

descriptioncweIdsexploitAvailableactivelyExploitedtags

via CCCS Canada

v3Tier D3d ago

Updated description with details about the 'Dirty Frag' vulnerability and added new CVE IDs and tags.

cweIdstags

via Help Net Security

v2Tier C3d ago

Updated affected versions to include 6.6.137, 6.12.86, 6.18.27, 7.0.4 and changed severity to CRITICAL.

affectedVersions

via VulDB

v13d ago

Initial creation