Emergency Linux Kernel Update Patches 'Dirty Frag' Privilege Escalation Flaw

Breaking: Linux 7.0.6 Released with 'Dirty Frag' Patch

The Linux kernel team has rushed out version 7.0.6 (and 6.18.29 LTS) to fix a high‑severity privilege escalation bug known as Dirty Frag (CVE‑2026‑43500). The vulnerability, which carries a CVSS score of 7.8 (HIGH), allows a local attacker to gain root access by manipulating kernel memory during decryption of network packets.

What You Need to Know

Researcher Hyunwoo Kim discovered the flaw and authored the patch. In a statement, Kim explained: The root cause traces to a 2019 commit that left two packet types – those fed via splice() and those with fragment chains – unaccounted for in the rxrpc handling path. The kernel did not treat them as shared memory, so it skipped the safe copy and decrypted them in place.

This opened a window for an attacker to tamper with those pages while decryption was happening, enough to escalate privileges to root. The fix now extends the existing check to catch those two cases, ensuring they are copied to a private buffer before decryption, as they should have been all along.

Background: The Dirty Frag Vulnerability

Dirty Frag is a local privilege escalation (LPE) exploit that was inadvertently exposed to the public, catching both the Linux project and distributions off guard. The bug resides in the kernel’s rxrpc handling, which deals with RxRPC protocol packets. Linus Torvalds merged the patch on May 10, and Linux 7.0.6 was released the following day, with the LTS kernel 6.18.29 also receiving the fix.

According to the National Vulnerability Database, CVE‑2026‑43500 is rated 7.8 HIGH because it requires local access but yields complete system compromise. The vulnerability affects all systems running vulnerable Linux kernels – including desktops, servers, and embedded devices.

What This Means

All Linux users should treat this as an urgent security update. If you run a distribution that has not yet patched, you are at risk of local privilege escalation. Manual installation from kernel.org is possible but carries inherent risks – back up your data first. For Ubuntu‑based systems, a step‑by‑step guide is available, but the safest route is to wait for your distribution’s official update.

Fedora and Pop!_OS Already Protected

Both Fedora and Pop!_OS pushed their own fixes before the official 7.0.6 tarball was released. Justin Forbes, Fedora kernel maintainer, announced the fix was already flowing to stable branches. Fedora 43 and 44 receive the patched kernel 7.0.4, while Fedora 42 users get 6.19.14‑101. Forbes noted they skipped updating to 7.0.5 because the fix was already implemented in 7.0.4 builds.

For Pop!_OS, System76 released kernel updates covering both Dirty Frag CVEs for LTS releases 22.04 and 24.04. The esp4 and esp6 modules related to the second CVE were patched and deemed safe to re‑enable. For rxrpc, however, they chose to disable the module rather than patch it, holding off on re‑enabling it for now.

How to Update

If you are on Fedora Workstation, run the following commands in your terminal:

1. sudo dnf update to list available updates
2. sudo dnf upgrade and confirm with Y when prompted

For Pop!_OS (Ubuntu‑based), use:

1. sudo apt update && sudo apt upgrade
2. Reboot with sudo reboot after completion

Remember: Always back up critical data before applying kernel updates manually.

Further Reading

For a complete breakdown of the Dirty Frag vulnerability and its impact, see our earlier coverage.