Linux bitten by second serious vulnerability in as many weeks

Linux The user encountered another loophole, which enabled containers and untrusted users to access root, marking the second serious threat in weeks to surprise defenders.

This threat, known as Dirty Frag, allows low-authority users (including those using virtual machines) to take root control of the server. Attacks are particularly well suited to a shared environment, where servers are used in multiple ways. If hackers can access a single loophole that provides a foothold for the machine, they can also get root privileges. The loophole was leaked online three days ago and can be reliably operated on almost all Linux releases. MicrosoftIt states that it found evidence that hackers were testing Dirty Frag in the field.

Direct and significant threat

The leaked loophole is of a certain nature, which means that it works in exactly the same way each time it runs and on different Linux releases. It won't lead to a collapse, allowing it to operate secretly. A loophole named Copy Fail revealed last week had the same characteristics but no available patches were provided to end-users.

The security company Aviatrix's researchers wrote on Monday: “The `dirty debris' loophole poses a direct and significant threat to the Linux system, as it allows unauthorized users to obtain root access by taking advantage of unrecovered kernel defects”. “As the open concept validates the use of loopholes and limited evidence of field utilization, the organization must act quickly to apply patches and implement mitigation measures to protect its systems from potential damage.”

Dirty Frag was discovered and disclosed by researcher Hyunwoo Kim late last week. The loophole will be linked to one code using two loopholes - CVE-2026-43284 and CVE-2026-43500. Shortly after the disclosure, others leaked key details, effectively making the loophole a zero-day loophole. And then Kim released the source code for the conceptual verification loophole he developed. Although both of these loopholes were repaired in the Linux kernel, none of the releases included the restoration process.

By the time the article was published, a number of distributors had published patches. Known distributors include Debian, Alma Linux and Fedora. Those interested in other editions should consult with official providers.