Unbiased AI-powered news
A Linux kernel zero-day vulnerability tracked as CVE-2026-43284 allows immediate root privilege escalation on major distributions. The flaw, present for approximately nine years, was publicly disclosed on May 8, 2026 after an embargo was broken. No patch is available, and a researcher has provided a command to disable affected kernel modules as a temporary mitigation.
Substrate placeholder — needs reviewA Linux kernel zero-day vulnerability that allows attackers to gain root privileges has been publicly disclosed before a patch is available. The vulnerability, tracked as CVE-2026-43284 and known as Dirty Frag, affects the algif_aead cryptographic algorithm interface and has been present in the kernel for around nine years.
The disclosure occurred on May 8, 2026 after an embargo was broken. Security researcher Hyunwoo Kim stated that because the embargo had been broken, no patches or CVEs existed for the vulnerabilities at the time of release. Kim said the decision to release the document publicly followed consultation with Linux Distros Openwall maintainers.
The flaw chains two separate vulnerabilities and allows immediate root privilege escalation on all major Linux distributions. It follows the recent Copy Fail access vulnerability, which had remained hidden for nine years and is now being exploited by attackers according to the U.S. Cybersecurity and Infrastructure Security Agency.
Users can mitigate the risk before a patch becomes available by disabling the affected kernel modules. Kim provided the following command to create a configuration file that prevents the modules from loading and removes them if present: >sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n'
“/etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true”
The command targets the esp4, esp6 and rxrpc modules. Administrators are advised to run it on affected systems and monitor for updates from their distribution maintainers.
The vulnerability has been tested on multiple current Linux releases. 2-1-default. x86_64. Technical details are available at the official Dirty Frag information site.
These outlets didn't split into competing frames — coverage was uniform.
espn.comFIFA launched an inquiry after footage showed an Argentina supporter confronting American influencer IShowSpeed at Hard Rock Stadium during a 3-2 win over Cape Verde. The incident occurred on 3 July during the last-32 fixture.
livemint.comCnbc reported that OpenAI offered the Trump administration a 5% stake. Kalshi traders assign less than 30% odds the government takes equity in OpenAI or Anthropic this year. Similar probabilities exceed 60% for several quantum and semiconductor firms.
americanbanker.comA draft Treasury Department report obtained by NOTUS warns that an artificial intelligence downturn could threaten millions of Americans' retirement savings through exposure in stock markets and index funds. The analysis contrasts with public support for AI investment from Treasu…