https://hackingpassion.com/tags/cve-2026-43500/Recent content in Cve-2026-43500 on HackingPassion.com : root@HackingPassion.com-[~]HugoenFri, 08 May 2026 10:24:54 +0200https://hackingpassion.com/dirty-frag-linux-root/Fri, 08 May 2026 10:24:54 +0200https://hackingpassion.com/dirty-frag-linux-root/<p>A new Linux zero-day called <strong>Dirty Frag</strong> gives any local user full root access on every major Linux distribution, and right now no distribution has a patched kernel available. The researcher planned to give distributions until May 12 to prepare. Someone leaked the exploit five days early, and it went public before a single distribution had a fix ready.</p> <p><strong>Hyunwoo Kim</strong> (@v4bel) found both vulnerabilities and quietly reported them to the Linux kernel security team at the end of April, including working exploits and patches. The plan was to give Linux distributions until May 12 to prepare fixes before anything went public. On May 7, he told the group of distribution maintainers about it and set that five-day hold in motion. That same day, someone else published the exploit online. The agreement was clear: if that happened, everything would go public immediately. Kim released the full details within hours. Two CVEs have since been assigned: <strong>CVE-2026-43284</strong> for the IPsec variant, which now has a patch in the kernel mainline, and <strong>CVE-2026-43500</strong> for the RxRPC variant, which has no patch anywhere yet. How the exploit got out early is still unknown. The patch for the IPsec bug had been sitting on a public kernel mailing list since April 30, so someone paying close attention to kernel development could have spotted it there. Or someone inside the distribution group leaked it. Nobody knows.</p>