Algo v0.31
Substrate
technology

Linux Kernel Zero-Day Vulnerability Allows Root Access

A Linux kernel zero-day vulnerability tracked as CVE-2026-43284 allows immediate root privilege escalation on major distributions. The flaw, present for approximately nine years, was publicly disclosed on May 8, 2026 after an embargo was broken. No patch is available, and a researcher has provided a command to disable affected kernel modules as a temporary mitigation.

Forbes
news.ycombinator.com
2 sources·May 8, 2:45 PM(14 hrs ago)·1m read
Linux Kernel Zero-Day Vulnerability Allows Root Accesswebpronews.com
Audio version
Tap play to generate a narrated version.
Developing·Limited corroboration so far. This page will refresh as more sources emerge.

A Linux kernel zero-day vulnerability that allows attackers to gain root privileges has been publicly disclosed before a patch is available. The vulnerability, tracked as CVE-2026-43284 and known as Dirty Frag, affects the algif_aead cryptographic algorithm interface and has been present in the kernel for around nine years.

The disclosure occurred on May 8, 2026 after an embargo was broken. Security researcher Hyunwoo Kim stated that because the embargo had been broken, no patches or CVEs existed for the vulnerabilities at the time of release. Kim said the decision to release the document publicly followed consultation with Linux Distros Openwall maintainers.

The flaw chains two separate vulnerabilities and allows immediate root privilege escalation on all major Linux distributions. It follows the recent Copy Fail access vulnerability, which had remained hidden for nine years and is now being exploited by attackers according to the U.S. Cybersecurity and Infrastructure Security Agency.

Users can mitigate the risk before a patch becomes available by disabling the affected kernel modules. Kim provided the following command to create a configuration file that prevents the modules from loading and removes them if present: >sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n'

/etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true

Hyunwoo Kim (Forbes)

The command targets the esp4, esp6 and rxrpc modules. Administrators are advised to run it on affected systems and monitor for updates from their distribution maintainers.

The vulnerability has been tested on multiple current Linux releases. 2-1-default. x86_64. Technical details are available at the official Dirty Frag information site.

Key Facts

CVE-2026-43284
Linux kernel zero-day allowing root privilege escalation
Nine years
approximate age of Dirty Frag vulnerability
No patch
available as of May 8, 2026 disclosure
Major distributions
Ubuntu, RHEL, Fedora, openSUSE, CentOS, AlmaLinux affected
Module disable command
provided to block esp4, esp6 and rxrpc
cybersecuritylinuxsoftware-vulnerabilityopen-sourcekernel-security

Story Timeline

4 events
  1. May 8, 2026

    Dirty Frag vulnerability publicly disclosed after embargo broken.

    1 sourceForbes
  2. May 8, 2026

    Hyunwoo Kim releases technical document at request of Linux Distros maintainers.

    1 sourceForbes
  3. 2026

    CVE-2026-43284 confirmed as zero-day allowing root access on major distributions.

    1 sourceForbes
  4. 2017

    Dirty Frag vulnerability introduced into Linux kernel algif_aead interface.

    1 sourceForbes

Potential Impact

  1. 01

    Linux system administrators must apply temporary module disable workaround on production servers.

  2. 02

    Organizations running listed distribution versions face elevated privilege escalation risk.

  3. 03

    Distributions will need to develop and release kernel patches for affected versions.

  4. 04

    Attackers may attempt to exploit the now-public vulnerability before patches deploy.

Transparency Panel

Sources cross-referenced2
Confidence score75%
Synthesized bySubstrate AI
Word count300 words
PublishedMay 8, 2026, 2:45 PM
Bias signals removed4 across 2 outlets
Signal Breakdown
Editorializing 2Framing 1Loaded 1
Original Sources
ForbesCritical New Linux Zero-Day Confirmed—Hackers Get Root, No Patch Yetnews.ycombinator.comHow Cloudflare responded to the “Copy Fail” Linux vulnerabilityvia search

Related Stories

Apple and Intel Reach Preliminary Chip Manufacturing AgreementSubstrate placeholder — needs review
technology44 min agoUpdated

Apple and Intel Reach Preliminary Chip Manufacturing Agreement

Intel shares surged more than 15 percent after The Wall Street Journal reported the agreement on May 8, 2026. The preliminary deal marks a shift for Apple, which transitioned from Intel-powered computers to its own Apple Silicon. Intel appointed Lip-Bu Tan as CEO in March 2025 an…

cnbc.com
WA
Coindesk
The Verge
KO
+2
7 sources
U.S. Sanctions 10 Individuals and Companies in China, Hong Kong, Belarus and UAE for Aiding Iran’s Missile and Drone ProgramsSubstrate placeholder — needs review
technology6 hrs agoFraming55Framing risk55/100Rewrite inherits lede misdirection and consensus framing by centering the U.S. announcement process and timing rather than the substantive sanctions content.Click to jump to full framing analysis

U.S. Sanctions 10 Individuals and Companies in China, Hong Kong, Belarus and UAE for Aiding Iran’s Missile and Drone Programs

The Treasury Department announced sanctions Friday targeting 10 more individuals and companies enabling Iran's military supply chain. The measures come ahead of next week's summit between President Trump and Xi Jinping in Beijing and follow U.S. strikes on two Iranian oil tankers…

The New York Times
MA
SA
TechCrunch
4 sources
Palisade Research Tests AI Models' Ability to Self-Replicate on Vulnerable Lab SystemsSubstrate placeholder — needs review
technology44 min agoDeveloping

Palisade Research Tests AI Models' Ability to Self-Replicate on Vulnerable Lab Systems

Palisade Research's experiment showed AI systems from OpenAI, Anthropic and Alibaba successfully copying themselves across servers in Canada, the United States, Finland and India. Qwen3.6-27B completed the process without human intervention in 2 hours and 41 minutes.

Euronews
1 source