Two Linux kernel local privilege escalation vulnerabilities were disclosed within a week: Copy Fail (CVE-2026-31431) on April 29 and Dirty Frag (CVE-2026-43284, CVE-2026-43500) on May 7, 2026. Both exploit flaws in the Linux page cache — Copy Fail through the crypto AF_ALG subsystem, Dirty Frag through IPsec (xfrm-ESP) and RxRPC modules — allowing unprivileged local users to gain root on every major Linux distribution including Ubuntu, RHEL, Amazon Linux, and SUSE. Copy Fail was discovered using an AI-powered security tool (Xint Code) in roughly an hour. Dirty Frag chains two primitives to cover each other's blind spots across different distro configurations. Both share the same bug class as the 2022 Dirty Pipe vulnerability. Mitigations involve blacklisting affected kernel modules and applying available kernel patches. Container-based multi-tenant environments (Kubernetes, CI/CD runners) are particularly exposed since the page cache is shared across the host kernel. The AI-assisted discovery angle signals that the cost of finding kernel-grade logic flaws may be dropping significantly.
Sort: