Recent Page Cache Corruption Bugs

Multitude of vulnerabilities that allow overwriting the page cache and thus changing the in-memory contents of read-only files to gain LPE or escape a container in certain scenarios.

All stem from kernel code paths that perform in-place overwrites of user-supplied input pages without verifying that the pages are writable.

Copy Fail (CVE-2026-31431):

— Announcement;
— Better write-up.

Dirty Frag (CVE-2026-43284 and CVE-2026-43500):

— Covers two independent vulnerabilities that do not require chaining;
— CVE-2026-43284 is alternatively titled Copy Fail 2;
— Original write-up;
— Avoiding bruteforcing for CVE-2026-43500.

Fragnesia (CVE-2026-46300):

— Original report;
— Variant.

DirtyCBC / DirtyDecrypt (CVE-2026-31635?):

— Write-up;
— Another exploit.