A second zero-day in the Linux kernel was reported inside of 10 days — this time “Dirty Frag,” a bug that much like the recent "Copy Fail" vulnerability affects practically all Linux distributions.

The new Linux bug was disclosed by security researcher Hyunwoo Kim, who also released a proof-of-concept exploit. Following the disclosure, NIST on May 8 released CVE-2026-43284 with a high-severity rating of 7.8. No patches are yet known available.

Gidi Cohen, chief executive officer of Bonfy, added that Dirty Frag is another reminder that the most dangerous vulnerabilities aren’t the flashy remote exploits, they’re the quiet, deterministic logic flaws that sit unnoticed for nearly a decade and give attackers perfect reliability once discovered.

“Like Copy Fail, Dirty Frag shows how a single overlooked write primitive in the kernel’s page‑cache machinery can collapse every trust boundary above it,” said Cohen. “These bugs don’t just escalate privileges; they erode the foundational assumption that system‑level content is immutable.”

Cohen said it’s a clear lesson for organizations: privilege‑escalation flaws don’t stay confined to the OS. Once an attacker becomes root, every AI system, agent, and data pipeline running on that machine inherits the compromise.

“As AI‑driven workflows accelerate, the blast radius of a kernel‑level bug becomes exponentially larger, turning a local LPE into a full‑stack data‑integrity and confidentiality event,” said Cohen.

Read the full article here.