“Soiled Frag could also be leveraged after preliminary compromise by means of SSH entry, web-shell execution, container escape, or compromise of a low-privileged account,” Microsoft researchers stated in a security weblog publish, including that affected environments could embody Ubuntu, RHEL, CentOS Stream, AlmaLinux, Fedora, openSUSE, and OpenShift deployments.
Microsoft additionally stated the exploit stands out as a result of it avoids most of the instability points usually related to Linux native privilege escalation exploits utilizing race-condition dependent bugs.
Turning Linux reminiscence fragmentation into root entry
In keeping with Microsoft, the Soiled Frag exploit chain abuses weaknesses in how the Linux kernel handles fragmented reminiscence pages, permitting attackers to overwrite protected page-cache-backed knowledge and escalate privileges to root entry.
The assault combines two separate vulnerabilities affecting the Linux IPsec Encapsulating Safety Payload (ESP) subsystem (CVE-2026-43284) and the RxRPC networking protocol (CVE-2026-43500). “As soon as native entry is established, profitable exploitation could enable attackers to escalate privileges to root and achieve broad management over the affected Linux host,” the researchers stated.
