LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-43500

CVE-2026-43500 - Vulnerability Analysis

HighCVSS: 7.8

Last Updated: May 11, 2026

Linux Kernel - Memory Handling Vulnerability

Published: May 11, 2026Updated: May 11, 2026KEVPoC Available

Overview

Linux kernel contains a memory handling vulnerability in rxrpc_input_call_event() and rxrpc_verify_response() caused by improper unsharing of DATA/RESPONSE packets with paged fragments, letting attackers potentially cause memory corruption, exploit requires crafted network packets.

Severity & Score

Severity: High
CVSS Score: 7.8
EPSS Score: 1.0%(Probability of exploitation in next 30 days)

Impact

Attackers can cause memory corruption leading to potential denial of service or code execution.

Mitigation

Update to the latest Linux kernel version containing the fix.

References

Social Media Activity(9 posts)

mORA
mORA
@mora
May 12, 2026

Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC Unpatched kernel flaw chain (CVE-2026-43284, CVE-2026-43500) enables root escalation on major Linux distributions. https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 11, 2026

🟠 CVE-2026-43500 - High (7.8) In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() co... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43500/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Velocipede Rider
Velocipede Rider
@ruari
May 11, 2026

I upgraded my kernel for Copy Fail (CVE-2026-31431) not that long ago. Now I am upgrading again for Dirty Frag (CVE-2026-43284 and CVE-2026-43500). I hope things calm down a bit now but I guess we shall see…

View original post
linux
linux
@linux
May 8, 2026

Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain Weeks after the Copy Fail vulnerability was revealed, a new ... https://www.tenable.com/blog/dirty-frag-cve-2026-43284-cve-2026-43500-frequently-asked-questions-linux-kernel-lpe | https://awakari.com/sub-details.html?id=linux | https://awakari.com/pub-msg.html?id=YrumUmwcLLTdtws0xFlKmi9vbbk&interestId=linux

View original post
linux
linux
@linux
May 11, 2026

Two stable kernels with Dirty Frag fixes Greg Kroah-Hartman has released the 7.0.6 and 6.18.29 stable kernels with Hyunwoo Kim's patch for the second vulnerability ( CVE-2026-43500 ) reported w... https://lwn.net/Articles/1072311/ | https://awakari.com/sub-details.html?id=linux | https://awakari.com/pub-msg.html?id=QRMJmGt4T8eIl7bg5WQYFfpDDl2&interestId=linux

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 11, 2026

🟠 CVE-2026-43500 - High (7.8) In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() co... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43500/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Velocipede Rider
Velocipede Rider
@ruari
May 11, 2026

I upgraded my kernel for Copy Fail (CVE-2026-31431) not that long ago. Now I am upgrading again for Dirty Frag (CVE-2026-43284 and CVE-2026-43500). I hope things calm down a bit now but I guess we shall see…

View original post
linux
linux
@linux
May 7, 2026

Dirty Frag (CVE-2026-43284, CVE-2026-43500): Mitigation and Kernel Update on CloudLinux A week after Copy Fail (CVE-2026-31431), researcher Hyunwoo Kim disclosed a second Linux kernel local privil... https://mastodon.social/tags/KernelCare https://mastodon.social/tags/CVE https://mastodon.social/tags/Vulnerability https://mastodon.social/tags/Kernel https://mastodon.social/tags/Update https://mastodon.social/tags/AlmaLinux https://mastodon.social/tags/CloudLinux https://blog.cloudlinux.com/dirty-frag-mitigation-and-kernel-update | https://awakari.com/sub-details.html?id=linux | https://awakari.com/pub-msg.html?id=Ufc8eyi0bZFrULd6QZ0Y9dCKGcC&interestId=linux

View original post
linux
linux
@linux
May 8, 2026

Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain Weeks after the Copy Fail vulnerability was revealed, a new ... https://www.tenable.com/blog/dirty-frag-cve-2026-43284-cve-2026-43500-frequently-asked-questions-linux-kernel-lpe | https://awakari.com/sub-details.html?id=linux | https://awakari.com/pub-msg.html?id=FNDUVq4xr5Urwt6G4up1PilKbiq&interestId=linux

View original post

GitHub Repositories(13 repos)

Related Resources

Details

CVE ID
CVE-2026-43500
Severity
High
CVSS Score
7.8
Type
undefined
Status
modified
EPSS
1.0%
Social Posts
9

CWE

  • CWE-787

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.0%Probability of exploitation in the next 30 days