Linux Kernel LPE 2026: Copy Fail, Dirty Frag, and Fragnesia Compared

Between April 29 and May 14, 2026, the Linux kernel was hit by three independent local privilege escalation vulnerabilities — all deterministic, all exploiting page-cache write primitives through different kernel subsystems, and all carrying a CVSS score of 7.8. Each was discovered by a different research team, and each requires a separate mitigation and patch.

This is a comparison guide for defenders who need to understand which mitigations cover which vulnerabilities — and which systems remain exposed if only part of the remediation chain has been completed.

Quick Reference

| | Copy Fail | Dirty Frag | Fragnesia | |---|---|---|---| | CVE | CVE-2026-31431 | CVE-2026-43284 + CVE-2026-43500 | CVE-2026-46300 | | Disclosed | April 29, 2026 | May 8, 2026 | May 14, 2026 | | Kernel subsystem | algif_aead (crypto API) | xfrm-ESP (IPsec) + RxRPC | XFRM ESP-in-TCP | | Discoverers | Xint Code (Theori) | Merav Bar + Rami McCarthy (Wiz) | William Bowling (Zellic) + V12 team | | Exploit reliability | Deterministic | Deterministic | Deterministic | | In-the-wild | Yes (CISA KEV) | Limited (Microsoft Defender) | None at disclosure | | CAP_NET_ADMIN needed (container) | No | Yes | Yes | | Working PoC public | Yes | Yes | Yes | | CVSS | 7.8 HIGH | 7.8 HIGH | 7.8 HIGH |

Why Three in 15 Days?

All three vulnerabilities belong to the same exploitation class: unprivileged abuse of the splice() system call to corrupt read-only page-cache pages through kernel networking or crypto subsystems. The underlying pattern — kernel code that allows a page-cache-backed page to reach a writable buffer path without forcing a copy — is apparently present in multiple kernel subsystems.

The simultaneous discovery by independent teams suggests this class of bug is actively being researched and is not yet fully audited across the kernel codebase.

What Each Mitigation Covers

This is the most critical operational question. Many teams applied the Copy Fail mitigation early — but that mitigation does nothing for the two later vulnerabilities.

| Mitigation applied | Copy Fail | Dirty Frag | Fragnesia | |---|---|---|---| | algif_aead blocklist only (Copy Fail workaround) | ✅ Mitigated | ❌ Not mitigated | ❌ Not mitigated | | esp4 + esp6 + rxrpc blocklist (Dirty Frag workaround) | ❌ Not mitigated | ✅ Mitigated | ✅ Mitigated | | Both blocklists applied | ✅ Mitigated | ✅ Mitigated | ✅ Mitigated | | Vendor kernel patch (all CVEs) | ✅ Patched | ✅ Patched | ✅ Patched |

Apply both blocklists until all kernel patches are deployed

# Copy Fail mitigation
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true

# Dirty Frag + Fragnesia mitigation
cat > /etc/modprobe.d/disable-dirtyfrag.conf << 'EOF'
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
EOF
rmmod rxrpc 2>/dev/null || true
rmmod esp6 2>/dev/null || true
rmmod esp4 2>/dev/null || true

Attack Surface Differences

Copy Fail (CVE-2026-31431)

• Module: algif_aead — the kernel userspace crypto API interface
• Path: AF_ALG socket → splice() → 4-byte write into page-cache-backed page
• Container risk: Does not require CAP_NET_ADMIN. An unprivileged container user can exploit this without special capabilities, making it particularly dangerous in multi-tenant environments.
• Blocked by: Disabling algif_aead module

Dirty Frag (CVE-2026-43284 + CVE-2026-43500)

• Modules: esp4, esp6 (IPsec/xfrm), rxrpc
• Path: Two separate page-cache write primitives — one through the xfrm-ESP processing path, one through RxRPC
• Container risk: Requires CAP_NET_ADMIN in default Kubernetes seccomp configurations. However, misconfigured pods, host-level SSH access, or container escapes bypass this requirement.
• In-the-wild: Active campaign observed by Microsoft Defender involving SSH foothold + privilege escalation + GLPI modification
• Blocked by: Disabling esp4, esp6, rxrpc modules

Fragnesia (CVE-2026-46300)

• Module: XFRM ESP-in-TCP (subset of the esp/xfrm subsystem)
• Path: Different internal code path from Dirty Frag within the same xfrm ESP subsystem
• Container risk: Requires CAP_NET_ADMIN (same class as Dirty Frag)
• In-the-wild: None observed at time of disclosure
• Blocked by: Same esp4/esp6 blocklist that covers Dirty Frag

Which Systems Are Highest Priority?

Highest risk — patch and mitigate immediately

• Kubernetes nodes running multi-tenant or mixed-trust workloads (all three CVEs; Copy Fail especially dangerous without CAP_NET_ADMIN barrier)
• Self-hosted CI/CD runners processing untrusted pull requests (all three CVEs)
• Systems reachable via SSH from external networks (Dirty Frag in-the-wild campaign targets this profile)
• SaaS/notebook platforms executing user-supplied code

Elevated risk — patch on priority schedule

• IPsec VPN gateways (esp4/esp6 modules are likely active; the blocklist workaround will break tunnels — patch without workaround, or use maintenance window)
• Multi-user Linux servers accessible to untrusted accounts

Manageable risk — standard patch schedule

• Single-tenant servers with trusted-only shell access still need all three patches but can be scheduled differently than the high-risk category.

Patch Checklist

| CVE | Module blocked? | Vendor patch applied? | Verified? | |---|---|---|---| | CVE-2026-31431 (Copy Fail) | algif_aead | ☐ | ☐ | | CVE-2026-43284 (Dirty Frag xfrm) | esp4, esp6 | ☐ | ☐ | | CVE-2026-43500 (Dirty Frag RxRPC) | rxrpc | ☐ | ☐ | | CVE-2026-46300 (Fragnesia) | esp4, esp6 | ☐ | ☐ |

Verify Current Module Load Status

# Check all four attack-surface modules at once
lsmod | grep -E "^(algif_aead|esp4|esp6|rxrpc)" || echo "None of the affected modules are loaded"

# Check if blocklists are in place
cat /etc/modprobe.d/disable-algif.conf 2>/dev/null || echo "Copy Fail blocklist not found"
cat /etc/modprobe.d/disable-dirtyfrag.conf 2>/dev/null || echo "Dirty Frag blocklist not found"

Detailed Analysis

For full technical write-ups of each vulnerability:

• Copy Fail CVE-2026-31431 — Technical Analysis
• Dirty Frag CVE-2026-43284 — Technical Analysis
• Fragnesia CVE-2026-46300 — Technical Analysis

FAQ

Do all three vulnerabilities require physical or local access?

They all require local code execution on the target system — not physical access. SSH sessions, web shells, compromised container workloads, and CI/CD job runners all provide the necessary execution context.

Can patching one CVE protect against all three?

No. Each CVE requires its own kernel patch. Check your distribution's advisory carefully to confirm which CVEs a given kernel update addresses.

Is a fully patched kernel still vulnerable to any of these?

No. Once your distribution releases a kernel package explicitly addressing all four CVEs (CVE-2026-31431, CVE-2026-43284, CVE-2026-43500, CVE-2026-46300), apply it and remove the module blocklists. The patches are permanent fixes; the blocklists are temporary mitigations only.

How do I know if my vendor patch covers all three vulnerabilities?

Check your distribution's CVE tracker. For example, Ubuntu's security notice should list all addressed CVEs. Confirm the notice references CVE-2026-31431, CVE-2026-43284, CVE-2026-43500, and CVE-2026-46300 before removing any blocklist.