Copy Fail → Dirty Frag → Fragnesia: The Linux Page-Cache Exploit Family

In April-May 2026, three related kernel vulnerabilities dropped in rapid succession. All three share the same bug class: they corrupt the Linux page cache to modify read-only files in memory without altering the on-disk data. The result is the same every time: unprivileged user to root, reliably, on nearly every major distribution.

This is the same family as Dirty Pipe (CVE-2022-0847) and Dirty COW (CVE-2016-5195), but the new variants are more reliable and don’t depend on race conditions.

The Page Cache in 30 Seconds

Linux caches file contents in RAM (the page cache) to avoid repeated disk reads. When you read /usr/bin/su, the kernel loads its pages into the cache. Subsequent reads serve from cache. The cache is shared: every process reading the same file sees the same cached pages.

The kernel enforces that read-only files produce read-only page-cache mappings. If an attacker can corrupt a cached page of a setuid binary like /usr/bin/su, every subsequent execution of su runs the corrupted version. The file on disk remains untouched. A reboot (which flushes the cache) restores the clean version.

Copy Fail (CVE-2026-31431)

Disclosed: April 29, 2026 by Xint Code Affected subsystem: algif_aead (crypto API socket interface) In kernel since: 2017 (commit 72548b093ee3, kernel 4.14)

Mechanism

The algif_aead crypto interface provides a socket-based API for authenticated encryption. The vulnerability exists in how the kernel handles splice() and vmsplice() operations during in-place crypto processing. The zero-copy path reuses page-cache pages for crypto output buffers. By carefully controlling the input to an AEAD operation, an attacker triggers a code path where the kernel writes the crypto output directly into a page-cache page belonging to a read-only file.

Exploitation

Public PoC targets /usr/bin/su:

1. Open a socket to the algif_aead interface
2. Use splice() to pipe the contents of /usr/bin/su through the crypto socket
3. The crypto operation corrupts specific bytes in the cached pages
4. The corrupted su binary, when executed, drops to a root shell

No race condition. No timing dependency. Works on the first attempt.

Patch Status

Patched in mainline kernel. All major distros (Ubuntu, RHEL, Debian, Fedora, SUSE) have released fixes.

Mitigation (if patching is delayed)

printf 'install algif_aead /bin/false\n' > /etc/modprobe.d/copyfail.conf
rmmod algif_aead 2>/dev/null
echo 3 > /proc/sys/vm/drop_caches

This prevents the algif_aead module from loading and flushes the page cache. Impact: breaks userspace crypto that depends on the AF_ALG AEAD socket interface (rare in most environments).

Dirty Frag (CVE-2026-43284 + CVE-2026-43500)

Disclosed: May 7, 2026 by Hyunwoo Kim (V4bel) Affected subsystems: IPsec ESP (esp4/esp6) + RxRPC (rxrpc) In kernel since: esp since 2017, rxrpc since 2023

Mechanism

Dirty Frag chains two separate bugs:

CVE-2026-43284 (xfrm-ESP Page-Cache Write): The IPsec ESP module performs in-place encryption/decryption on network packets using skb (socket buffer) structures. Under specific conditions involving fragmented packets, the ESP processing path reuses a page-cache-backed page as the output buffer for crypto operations. This gives a 4-byte controlled write into a read-only page-cache page.

CVE-2026-43500 (RxRPC Page-Cache Write): The RxRPC module (used for AFS distributed filesystem) has a similar bug in its packet reassembly path. It provides the ability to create the user namespace required to reach the ESP vulnerability without elevated privileges.

Why Chaining Works

Neither bug alone gives reliable root. The ESP bug provides the write primitive but requires a namespace. The RxRPC bug provides the namespace creation primitive. Combined, they chain into a consistent exploit:

Unprivileged user
    → RxRPC bug creates user namespace
    → ESP bug writes 4 bytes into cached /usr/bin/su
    → Execute corrupted su → root shell

Active Exploitation

Microsoft confirmed limited in-the-wild activity as of May 11, 2026. The observed attack chain: SSH access → upload ELF binary (./update) → escalate via corrupted su → modify application configs → access session data.

Patch Status

• CVE-2026-43284: patched in mainline (May 8, 2026)
• CVE-2026-43500: patch pending as of publication. The embargo was broken by a third party before the RxRPC fix was ready

Mitigation

sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches; true"

Impact: disabling esp4/esp6 breaks IPsec VPN functionality. Disabling rxrpc breaks AFS. For environments using IPsec, an alternative mitigation:

echo "user.max_user_namespaces=0" > /etc/sysctl.d/dirtyfrag.conf
sysctl --system

This blocks unprivileged user namespace creation, preventing the exploit from reaching the ESP code path. Warning: this breaks rootless containers, Flatpak, sandboxed browsers, and anything else relying on unprivileged namespaces.

Fragnesia (CVE-2026-46300)

Disclosed: May 13, 2026 by William Bowling (V12 Security / Zellic) Affected subsystem: XFRM ESP-in-TCP In kernel since: 2013 (the fix commit references a 2013-era commit)

Mechanism

Fragnesia targets the same XFRM subsystem as Dirty Frag’s ESP component, but through a different code path: ESP-in-TCP processing. The bug is a logic error in how skb coalescing interacts with ESP decapsulation when ESP packets are transported over TCP (as opposed to raw IP).

The key difference: Fragnesia achieves arbitrary byte writes into the page cache, not just 4 bytes. And it requires no race condition.

The PoC overwrites /usr/bin/su through the page cache and spawns a root shell. The exploit avoids race conditions entirely, making it more reliable than older page-cache attacks.

Timing

Fragnesia was found in the aftermath of the Dirty Frag patches. The Dirty Frag fix (f4c50a4034e6) inadvertently exposed the ESP-in-TCP path, and Bowling’s patch explicitly cites it as one of the commits it fixes. V12 Security attributes part of the discovery process to AI-assisted security tooling.

Patch Status

Upstream patch submitted to the netdev mailing list. Not yet merged at time of publication. No CVE was assigned at initial disclosure; CVE-2026-46300 was assigned shortly after.

Mitigation

Same as Dirty Frag. The ESP-in-TCP path requires CONFIG_INET_ESPINTCP to be compiled in:

# Check if your kernel has it
grep CONFIG_INET_ESPINTCP /boot/config-$(uname -r)

If not compiled in, your kernel is not reachable via this specific PoC (though the underlying skb defect may be reachable through other paths).

Summary Table

Vuln	CVE	Subsystem	Write Primitive	Race Needed	Patched
Copy Fail	CVE-2026-31431	algif_aead	Arbitrary	No	Yes
Dirty Frag (ESP)	CVE-2026-43284	esp4/esp6	4 bytes	No	Yes
Dirty Frag (RxRPC)	CVE-2026-43500	rxrpc	Namespace	No	Pending
Fragnesia	CVE-2026-46300	XFRM ESP-in-TCP	Arbitrary	No	Pending

Emergency Hardening Checklist

Immediate (minutes):

# Block all affected modules
printf 'install algif_aead /bin/false\ninstall esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/pagecache-lpe.conf
rmmod algif_aead esp4 esp6 rxrpc 2>/dev/null
echo 3 > /proc/sys/vm/drop_caches

Short-term (hours):

# Apply available kernel updates
apt update && apt upgrade -y linux-image-$(uname -r)  # Debian/Ubuntu
dnf update -y kernel                                    # RHEL/Fedora

Detection (ongoing):

• Monitor for privilege escalation chains: low-priv parent spawning UID 0 child (especially unsigned ELF binaries or Python scripts calling su)
• Alert on unexpected splice()/vmsplice() syscall patterns
• Monitor /proc/sys/vm/drop_caches writes (attackers flush cache to clean up)
• YARA rules from ReversingLabs target the V4bel reference implementation shellcode

The bug class is not exhausted. The page-cache attack surface involves splice, vmsplice, skb coalescing, ESP processing, and any kernel subsystem that performs in-place operations on page-cache-backed buffers. Expect more variants.