Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31.
Download MP3Breaking from the normal Patch Tuesday cadence for an emergency drop. On May 7, security researcher Hyunwoo Kim published a working proof-of-concept for DirtyFrag - a Linux kernel local privilege escalation chain that gets unprivileged users to root on every major distribution. The embargo was broken by a third party before distribution backports were ready, so the exploit is public and the patch is not.
CTO Jason Kikta and Landon Miles walk through what makes DirtyFrag different from the Copy Fail mitigation many teams already deployed (spoiler: the CopyFail mitigation does NOT cover this), why AWS is calling it a class rather than a single CVE, and the five kernel modules you need to block right now: esp4, esp6, ipcomp4, ipcomp6, and rxrpc.
In this episode:
- Why the embargo break matters and what changed on May 7
- How DirtyFrag chains CVE-2026-43284 and CVE-2026-43500 to defeat both Ubuntu's namespace policy and the absence of rxrpc.ko on other distros
- Why this is the third generation of a bug class (DirtyPipe → Copy Fail → DirtyFrag) and what that means for what comes next
- The Automox Worklet that mitigates both arms across your Linux fleet, and what it deliberately does not do
- Tested affected platforms: Ubuntu 24.04, RHEL 10.1, AlmaLinux 10, CentOS Stream 10, openSUSE Tumbleweed, Fedora 44
Back to the regular Patch Tuesday schedule next week.
Links:
Creators and Guests
Host
Jason Kikta
Jason Kikta is the Chief Technology Officer at Automox, where he leads the Product, Engineering, and IT/Security organizations. He has over 30 years of experience in IT, beginning with independent consulting and spanning more than two decades of military service, building and operating communications networks across the globe. During seven years at US Cyber Command’s Cyber National Mission Force, he focused on countering state actors and ransomware threats to critical infrastructure. Jason is an adjunct lecturer for the Alperovitch Institute at Johns Hopkins SAIS and an adjunct senior technical advisor to the Institute for Security and Technology, focused on AI, cybersecurity, and ransomware.
Host
Landon Miles
Landon Miles is the host of the Hands-On IT podcast. Landon’s profound passion for technology isn't just evident in his voice, it’s apparent in how he breaks down cutting-edge tech trends, formats user-friendly tutorials, and gets into the weeds of the complexities of IT technologies. His approach makes the Hands-On IT podcast an essential resource for both seasoned IT pros and those new to the field, looking to enrich their tech experience. With a background that spans various facets of technology, Landon brings a wealth of knowledge and practical insights to each episode.
![Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31.](https://img.transistorcdn.com/8c97Yf-EQztJdkVs-edq-UCuj3FJI8_aqAvhPIC1bms/rs:fill:0:0:1/w:800/h:800/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS82NzNl/MTQzOGUxZDRhZjRi/NjJkZmMwMTRiYmE2/Yjk5OS5wbmc.webp)