![Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31](https://img.transistorcdn.com/yHhwR22Hulnn4cWp94SNBPKPhW5UCK6DRFC8lk6QW9M/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS82NzNl/MTQzOGUxZDRhZjRi/NjJkZmMwMTRiYmE2/Yjk5OS5wbmc.jpg)
Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31
From Autonomous IT by Automox
May 8, 2026 · 11 min · Episode 31
About this episode
This emergency episode discusses the DirtyFrag exploit and its implications for Linux security.
Breaking from the normal Patch Tuesday cadence for an emergency drop. On May 7, security researcher Hyunwoo Kim published a working proof-of-concept for DirtyFrag - a Linux kernel local privilege escalation chain that gets unprivileged users to root on every major distribution. The embargo was broken by a third party before distribution backports were ready, so the exploit is public and the patch is not. CTO Jason Kikta and Landon Miles walk through what makes DirtyFrag different from the Copy Fail mitigation many teams already deployed (spoiler: the CopyFail mitigation does NOT cover this), why AWS is calling it a class rather than a single CVE, and the five kernel modules you need to block right now: esp4, esp6, ipcomp4, ipcomp6, and rxrpc. In this episode: Why the embargo break matters and what changed on May 7 How DirtyFrag chains CVE-2026-43284 and CVE-2026-43500 to defeat both Ubuntu's namespace policy and the absence of rxrpc.ko on other distros Why this is the third generation of a bug class (DirtyPipe → Copy Fail → DirtyFrag) and what that means for what comes next The Automox Worklet that mitigates both arms across your Linux fleet, and what it deliberately does not do…
People in this episode
Hosts: Jason Kikta, Landon Miles
Topics covered
- Linux security
- privilege escalation
- DirtyFrag exploit
- kernel vulnerabilities
- patch management
- emergency security updates
Keywords
- DirtyFrag
- Linux kernel
- privilege escalation
- CVE-2026-43284
- CVE-2026-43500
- security patch
- Automox Worklet
- Copy Fail
- AWS
- kernel modules
Mentioned in this episode
Organizations: AWS, Automox
Places: Ubuntu, RHEL, AlmaLinux, CentOS Stream, openSUSE Tumbleweed, Fedora
More episodes of Autonomous IT
- Product Talk – CISA's BOD 26-04 Directive Explained, E26 · June 11, 2026 · 27 min
- Patch [FIX] Tuesday – [Nothing Weaponized, Everything Exposed], E33 · June 9, 2026 · 24 min
- Patch [FIX] Tuesday – [AI Hits the Hat Trick], Ep. 32 · May 12, 2026 · 34 min
- Autonomous IT, Live! The Math of Modern Attacks, E07 · April 28, 2026 · 33 min
- Secure IT – Claude Mythos: AI Vulnerability Hype vs. Evidence, E23 · April 23, 2026 · 8 min
- Patch [FIX] Tuesday – April 2026 [Double Feature: SQL Another Day + XSS Never Dies], E30 · April 14, 2026 · 8 min
Explore listener stats, chart rankings, contacts and more on the Autonomous IT podcast page.