Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions

Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.

Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers on April 30, 2026.

"Dirty Frag is a vulnerability (class) that achieves root privileges on most Linux distributions by chaining the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability," security researcher Hyunwoo Kim (@v4bel) said in a write-up.

"Dirty Frag is a case that extends the bug class to which Dirty Pipe and Copy Fail belong. Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is very high."

The vulnerability currently does not have a CVE identifier, as the embargo is said to have been broken after detailed information and an exploit for the xfrm-ESP Page-Cache Write vulnerability were published publicly by an unrelated third-party.

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions

Other newsrooms on this story

Related reading

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

Other newsrooms on this story

Related reading

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access

Critical New Linux Zero-Day Leaked—What Admins Need To Do Now

New Fragnesia Linux flaw lets attackers gain root privileges

Dirty Frag is a new Linux bug putting your system at risk - and there's no…

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit