🚨 Meet "Dirty Frag": a new Linux kernel privilege escalation, fresh off the heels of Copy Fail. Wiz Research is tracking CVE-2026-43284 and CVE-2026-43500 (also known as Copy Fail 2), discovered by Hyunwoo Kim (@v4bel). No official patches are out yet, and a public PoC already exists. 🔑 The technical bit: A vulnerability chain in the ESP (IPsec) and RxRPC kernel subsystems, with two deterministic page-cache write primitives in the same spirit as Dirty Pipe. Ubuntu, RHEL 8/9/10, AlmaLinux, Fedora, openSUSE, and more are all affected. 🛡️ Slightly less risky for containers: Exploitation usually requires CAP_NET_ADMIN, so hardened Kubernetes setups with default seccomp profiles are at lower risk. VMs and less restricted environments should still take this seriously. 🔧 What to do now: Until patches drop, you can temporarily disable the vulnerable kernel modules (esp4, esp6, rxrpc). Full mitigation and detection guidance in the blog. Wiz customers: pre-built queries and a live advisory are already in the Threat Intel Center. We'll keep updating both as more info comes to light. Full research from Merav Bar and @ramimacisabird: