Linux Kernel Privilege Escalation to Root Vulnerabilities Tracker
This documents tracks the "2026 Linux local privilege escalation" vulnerabilities that has been reviewed and are being monitored by Cybersecurity.
| Vulnerability Name/Alias | CVE Identifier | Affected Kernel Module / Subsystem | Release Date | Proof of Concept Code Status | Actively Exploited | Patch Available |
|---|---|---|---|---|---|---|
| Copy Fail | CVE-2026-31431 | algif_aead module of the AF_ALG interface | 5/18/26 | Publicly Available | Yes | Yes |
| Dirty Frag / Copy Fail 2 / Fragnesia | CVE-2026-43284, CVE-2026-46300 | esp4, esp6, rxrpc | 5/19/26 | Publicly Available | No | Yes |
| Dirty Decrypt | CVE-2026-31635 | rxrpc | 5/19/26 | Publicly Available | No | Yes |
| PinTheft | CVE-2026-43494 | rds, rds_tcp | 5/20/26 | Publicly Available | No | Yes |
| DirtyClone | CVE-2026-43503 | skbs | 5/24/26 | Publicly Available | No | Yes |
| CIFSwitch | CVE-2026-46243 | cifs-utils | 5/28/26 | Publicly Available | No | Yes |
| pedit COW | CVE-2026-46331 | tc-pedit | 6/30/26 | Publicly Available | No | Yes |
| Bad Epoll | CVE-2026-46242 | epoll | 7/3/26 | Publicly Available | Yes | Yes |
See Also
- Cybersecurity Announcement: Linux Kernel Privilege Escalation to Root Vulnerability - Copy Fail (CVE-2026-31431)
- Cybersecurity Announcement: Linux Kernel Privilege Escalation to Root Vulnerability - Dirty Frag/Copy Fail 2/Fragnesia
- Cybersecurity Announcement: Linux Kernel Privilege Escalation to Root Vulnerability - Dirty Decrypt (CVE-2026-31635)
- Cybersecurity Announcement: Linux Kernel Privilege Escalation to Root Vulnerability - PinTheft
- Cybersecurity Announcement: Linux Kernel Privilege Escalation to Root Vulnerability - CIFSwitch
- Cybersecurity Announcement: Linux Kernel Privilege Escalation to Root Vulnerability - "pedit COW"