Linux Kernel 7.0.6 Delivers Full Fix for Critical Dirty Frag Vulnerability

The Linux kernel community has been on high alert following the accidental public exposure of the Dirty Frag local privilege escalation (LPE) vulnerability. Now, a complete patch has arrived, landing in Linux kernel 7.0.6 and the 6.18.29 LTS release. This update addresses CVE-2026-43500, a high-severity flaw that could allow a local attacker to gain root access. Major distributions like Fedora and Pop!_OS have already rolled out their own fixes, ensuring users are protected.

Understanding the Dirty Frag Exploit

Root Cause and Impact

The vulnerability, discovered and responsibly disclosed by researcher Hyunwoo Kim, traces back to a kernel commit in 2019. The bug emerged in the rxrpc (RxRPC) packet handling path, where two specific packet types were not properly accounted for: those fed through the splice() system call and those with attached fragment chains. Because the kernel did not treat these as shared memory, it skipped creating a safe copy before decryption. Instead, decryption occurred in place, leaving a window for a local attacker to manipulate those pages from userspace while decryption was happening—enough to achieve root access and full system compromise.

Linux Kernel 7.0.6 Delivers Full Fix for Critical Dirty Frag Vulnerability — Source: itsfoss.com

The CVE-2026-43500 entry now carries a CVSS score of 7.8 (HIGH) on the National Vulnerability Database, underscoring the severity of the flaw. The official patch extends the existing security checks in two rxrpc functions to catch these two previously overlooked cases, ensuring they are copied to a private buffer before decryption—exactly as they should have been from the beginning.

The Patch and Official Releases

Linux Kernel 7.0.6 and 6.18.29 LTS

Linus Torvalds merged the fix on May 10, and the first stable releases carrying the patch—Linux 7.0.6 and the long-term support (LTS) version 6.18.29—followed the next day. The tarball for 7.0.6 is available at kernel.org for those who prefer to install it manually. This approach, however, requires advanced skills and carries risks; a full data backup is strongly advised before proceeding. For Ubuntu-based distributions, dedicated guides are available to walk users through the process.

Distro-Specific Updates

Fedora

Fedora kernel maintainer Justin Forbes moved quickly to push the fix to the stable branch before the official 7.0.6 release. Fedora 43 and Fedora 44 received the patch with kernel 7.0.4, while Fedora 42 users get it via kernel 6.19.14-101. Forbes noted that they skipped an update to 7.0.5 for F43 and F44, as the fix was already fully implemented in their 7.0.4 builds.

To update a Fedora system:

First, check for available updates by running:
sudo dnf update
After verifying that the patched kernel (e.g., x86_64 7.0.4-100.fc43) appears, apply the upgrade with:
sudo dnf upgrade
Press Y when prompted to confirm.

Pop!_OS

For users on Pop!_OS LTS releases (22.04 and 24.04), System76 released kernel updates covering both CVEs associated with Dirty Frag. The esp4 and esp6 modules, tied to the second CVE, were patched and are considered safe to re-enable. However, for the rxrpc module, System76 chose to disable it rather than patch it, and they are holding off on re-enabling it until further testing.

To apply the fixes on Pop!_OS:

Run the following command to refresh package lists and install updates:
sudo apt update && sudo apt upgrade
After the upgrade completes, reboot your system:
sudo reboot

How to Update Safely

Regardless of your distribution, the most reliable path to protection is to apply the official kernel update through your package manager. Before any kernel upgrade, always back up critical data. For distributions that haven't yet released a patched kernel, consider temporarily disabling the rxrpc module as an interim mitigation. Further details on the Dirty Frag vulnerability and its discovery can be found in our earlier coverage (see above).

Stay tuned for ongoing updates as more distributions roll out their fixes.

Tags: