Two critical Linux kernel exploits dropped with no patches available

Published: 8 May 2026
Last updated: 11 May 2026
linux kernel bug grants root access
Image by Cybernews.

Unprivileged users on a Linux system can gain root privileges in seconds using two recently disclosed critical kernel exploits, with no patches available. The multiplying kernel exploits put most cloud infrastructure at risk. Until patches arrive, security researchers warn users to be extra careful when installing new software or updating packages.

Two additional critical Linux kernel exploits affecting major distributions were disclosed just hours ago, with no patches widely available yet. They stem from Copy Fail, a critical Linux kernel vulnerability disclosed last week, as well as other bugs.

The first flaw is a universal Linux local privilege escalation exploit that chains two kernel vulnerabilities. Hyunwoo Kim (@v4bel), a security researcher who discovered and reported the vulnerability, dubbed it “Dirty Frag.”

ADVERTISEMENT

“Dirty Frag … allows obtaining root privileges on all major distributions. This vulnerability has a similar impact to the previous Copy Fail. Because the embargo has now been broken, no patches or CVEs exist for these vulnerabilities,” acknowledged the Openwall Open Source Security mailing list on X.

The researcher attempted to responsibly disclose the bug, but someone broke the embargo over a month ahead of schedule, while no patch exists. They published everything immediately to provide defenders with the information that attackers might exploit.

Kim warns that the vulnerability has existed in Ubuntu, Red Hat Enterprise Linux, Fedora, openSUSE, CentOS, AlmaLinux, and other Linux versions for the past nine years.

Like the Copy Fail, the new exploit tricks the kernel into rewriting memory, where read-only system files are stored.

“No race, no panic on failure, fully deterministic,” the post read.

The vulnerability is so fresh that it hasn’t yet been assigned a CVE (Common Vulnerabilities and Exposures) identifier.

The same researcher also disclosed the second bug, named “Copy Fail 2: Electric Boogaloo,” which is another similar and publicly available unprivileged privilege escalation exploit, tested on all major distributions.

ADVERTISEMENT

Kim’s previous posts suggest they worked at Theori, a cybersecurity research firm that disclosed the original Copy Fail bug that sent shockwaves throughout the cyber world last week.

Kernel vulnerabilities are particularly dangerous because attackers can escape from containers and compromise the entire host and every tenant running on it.

Warning: stop new software installs and unimportant updates

Due to the severity of the situation, some experts are urging administrators and developers to refrain from unnecessary installs or updates.

“Right now would be one of the best times for a supply chain attack via NPM to hit hard,” explains Xe Iaso, technical educator, in a blog post.

“Outside of Linux kernel patches from your distro, I think it's probably a good idea to put a moratorium on installing new software for a week or so.”

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Massive supply chain attacks have been ongoing recently, compromising one repository after another, including Checkmarx, LiteLLM, Axios, etc., and spreading self-propagating malware. Developers pulling a compromised package risk granting immediate root access to attackers.

Security pros on Hacker News, Silicon Valley's premier tech forum, note that the current software dependency model creates an enormous and largely unaudited attack surface.

ADVERTISEMENT

Curious what others think about this story? Contribute your thoughts to the debate below.

“This was always a nightmare waiting to happen. The sheer mass of packages and the consequent vast attack surface for supply chain attacks was always a problem that was eventually going to blow up in everyone's face,” said user marcus_holmes.

AI tools allow attackers to immediately weaponize newly discovered vulnerabilities.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

What can be done?

Because no patch exists for Dirty Frag, as a temporary mitigation, Kim suggests running a command that disables three kernel modules where the vulnerabilities reside: esp4, esp6, and rxrpc.

“Once each distribution backports a patch, update accordingly,” the researcher said.

“Even on systems where the publicly known Copy Fail mitigation (algif_aead blacklist) is applied, your Linux is still vulnerable to Dirty Frag.”

It also appears that kernel maintainers are scrambling to backport fixes to all major supported Linux kernel versions.

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked