Description
CVE-2026-43500 exploits a memory-corruption vulnerability in the Linux kernel's RxRPC authentication subsystem (rxkad). When a crafted DATA packet is delivered to an AF_RXRPC socket configured with an attacker-controlled rxkad session key, the kernel's rxkad_verify_packet_1() function performs an in-place 8-byte pcbc(fcrypt) decryption directly on the page-cache page referenced by the splice offset. Because the decryption mutates the page in-place without marking it dirty, the corrupted in-memory view is immediately visible to all processes reading from the page cache. This allows a local attacker to corrupt the in-memory contents of a SUID binary and escalate privileges to root.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/linux/local/cve_2026_43500_dirty_fragmsf undefined(cve_2026_43500_dirty_frag) > show actions ...actions...msf undefined(cve_2026_43500_dirty_frag) > set ACTION < action-name >msf undefined(cve_2026_43500_dirty_frag) > show options ...show and set options...msf undefined(cve_2026_43500_dirty_frag) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub