Describe the issue you are experiencing
A newly disclosed Linux local privilege escalation vulnerability known as “Dirty Frag” enables escalation from an unprivileged user to root through vulnerable kernel networking and memory-fragment handling components, including esp4, esp6 (CVE-2026-43284), and rxrpc (CVE-2026-43500).
Public reporting and proof-of-concept activity indicate the exploit is designed to provide more reliable privilege escalation than traditional race-condition-dependent Linux local privilege escalation techniques.
Similar to the previously disclosed CopyFail vulnerability (CVE-2026-31431) (Patched in #4676)
I realize the impact for Home Assistant OS might be limited. But I created this issue anyway for constancy.
Sources:
Microsoft docs: Active attack: Dirty Frag Linux vulnerability expands post-compromise risk
Video ThioJoe: ANOTHER Linux Exploit - And It's Even Worse
What operating system image do you use?
generic-x86-64 (Generic UEFI capable x86-64 systems)
What version of Home Assistant Operating System is installed?
17.3
Did the problem occur after upgrading the Operating System?
No
Hardware details
.
Steps to reproduce the issue
...
Anything in the Supervisor logs that might be useful for us?
Anything in the Host logs that might be useful for us?
System information
No response
Additional information
No response
Describe the issue you are experiencing
A newly disclosed Linux local privilege escalation vulnerability known as “Dirty Frag” enables escalation from an unprivileged user to root through vulnerable kernel networking and memory-fragment handling components, including esp4, esp6 (CVE-2026-43284), and rxrpc (CVE-2026-43500).
Public reporting and proof-of-concept activity indicate the exploit is designed to provide more reliable privilege escalation than traditional race-condition-dependent Linux local privilege escalation techniques.
Similar to the previously disclosed CopyFail vulnerability (CVE-2026-31431) (Patched in #4676)
I realize the impact for Home Assistant OS might be limited. But I created this issue anyway for constancy.
Sources:
Microsoft docs: Active attack: Dirty Frag Linux vulnerability expands post-compromise risk
Video ThioJoe: ANOTHER Linux Exploit - And It's Even Worse
What operating system image do you use?
generic-x86-64 (Generic UEFI capable x86-64 systems)
What version of Home Assistant Operating System is installed?
17.3
Did the problem occur after upgrading the Operating System?
No
Hardware details
.
Steps to reproduce the issue
...
Anything in the Supervisor logs that might be useful for us?
Anything in the Host logs that might be useful for us?
System information
No response
Additional information
No response