)
)
)
)
Summary
Automox CTO Jason Kikta and Landon Miles break from the regular Patch Tuesday cadence to cover Dirty Frag, a Linux kernel local privilege escalation chain for which researcher Hyunwoo Kim (@v4bel) published working proof-of-concept code on May 7, before any distribution backport was ready. The chain links CVE-2026-43284 (with a mainline patch not yet in distros) and CVE-2026-43500 (no patch in any tree) to take an unprivileged user to root on every major distribution. Kikta's central warning is that the Copy Fail mitigation many teams already deployed does not stop Dirty Frag, and that AWS is right to call this a class of bug rather than a single CVE. Automox shipped an open-source Worklet that blocks the affected kernel modules so teams can act at fleet scale before the patch lands.
)
)
)