A TL;DR on Dirty Frag #cybersecurity #threatwire @endingwithali

Added: 2026-05-23

[00:00:00]Two Linux zero days in basically one week feels kind of insane, but I think that this story is also going to blow your mind. Yes, another zero-day has hit Linux. This time by the name of Dirty Frag. Dirty Frag was discovered by researcher Han Wu Kim, and it actually consists of two CVEs, CVE 2026 43284 and CVE 2026 43500.

[00:00:24]Microsoft has confirmed Dirty Frag being used in the wild and exploited today.

[00:00:29]Dirty Frag is extremely similar to copy fail, which we covered in the last episode. They're even considered to be in the same family of attacks.

[00:00:37]The attack chains together the two CVEs to write to unauthorized kernel caches to achieve local privilege escalation.

[00:00:44]There are no system crashes that occur when this happens, and it does not require any kind of special permissions and anything new. The two vulnerabilities are kernel flaws. An >> [music] >> cache write vulnerability and an at write vulnerability.

[00:01:04]Attackers can achieve privilege escalation by chaining these two vulnerabilities together. Allegedly, Kim found this vulnerability at the end of April, but Linux failed to patch the vulnerability.

[00:01:14]And they decided to go public with the findings. [music] Kim released a proof of concept of the attack on their GitHub, but no patch or CVE exists for this yet because it [music] turns out that a third party had published the exploit independently, rushing them to come forward with their findings.

[00:01:29]Because the embargo has now been broken, no patches or CVEs exist for these vulnerabilities. After consultation with the Linux distros [music] at openwall.org maintainers and at the maintainers' requests, I am publicly releasing this Dirty Frag document.