Updated · The Record from Recorded Future News · May 11
Hyunwoo Kim Discloses 2 Linux Kernel Flaws After Embargo Break Enables Container Escape
Updated
Updated · The Record from Recorded Future News · May 11
Hyunwoo Kim Discloses 2 Linux Kernel Flaws After Embargo Break Enables Container Escape
8 articles · Updated · The Record from Recorded Future News · May 11
Hyunwoo Kim published “Dirty Frag” on May 7 after a third party released an exploit first, collapsing coordinated disclosure before patches or CVE assignments were ready.
Two linked bugs—CVE-2026-43284 and CVE-2026-43500—must be chained for a reliable attack, letting a low-privilege user gain full root control and escape cloud containers.
The flaws hit Linux file-in-memory handling like last month’s Copy Fail, corrupting data without changing files on disk and evading standard monitoring tools.
Red Hat said its enterprise Linux products are affected and is expediting fixes; AlmaLinux and Ubuntu had patches or mitigations by May 8, while SUSE, Debian, Fedora and Amazon Linux were still preparing updates.
The disclosure underscores UK NCSC warnings that AI-assisted research is accelerating discovery of long-hidden bugs and could trigger a broader patch wave across critical open-source infrastructure.
A new bug lets hackers escape the cloud. How vulnerable are the data centers powering our digital world?
AI now finds critical security flaws in hours. Can our global digital defenses possibly keep pace?
The Dirty Frag vulnerability, disclosed by security researcher Hyunwoo Kim on May 11, 2026, is a critical local privilege escalation flaw that has existed in the Linux kernel for about nine years. Originating in the algif_aead cryptographic algorithm interface, Dirty Frag specifically affects the xfrm-ESP (IPsec) and RxRPC components, posing an immediate threat to Linux systems. The public release of a proof-of-concept exploit highlights the urgency for system administrators to act quickly. With its long-standing presence and ready exploitability, Dirty Frag demands prompt detection, patching, and strong access controls to protect affected systems.