# Titles: Kukurigu LPE - Linux Kernel Privilege Escalation (CVE-2026-43284 / CVE-2026-43500) # Author: nu11secur1ty # Date: 2026-05-11 # Vendor: Linux Kernel # Software: Linux Kernel (all major distributions) # Reference: ## Description: A critical vulnerability in the Linux kernel's page-cache handling allows unprivileged local users to gain root privileges. The vulnerability chains two separate flaws: 1. **CVE-2026-43284** - xfrm-ESP Page-Cache Write: Allows arbitrary 4-byte writes to page-cache via ESP protocol when ESN (Extended Sequence Numbers) is enabled. 2. **CVE-2026-43500** - RxRPC Page-Cache Write: Allows in-place decryption of page-cache pages via RxRPC protocol. The attack requires no race condition, does not panic the kernel on failure, and has near 100% success rate. The vulnerabilities affect kernels from 2017-01-17 up to 2026-05-10 (approximately 9 years). **STATUS: MEDIUM - HIGH / Vulnerability** **Affected systems (tested):** - Ubuntu 24.04.4 / 25.10 - RHEL 10.1 - openSUSE Tumbleweed - CentOS Stream 10 - AlmaLinux 10 - Fedora 44 [+]Payload: ```post POST / HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Content-Length: 42 action=exploit&target=/usr/bin/su&method=esp ``` [+]Exploit: [href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2026/CVE-2026-43284-CVE-2026-43500) # Demo: [href](https://www.patreon.com/posts/cve-2026-43284-157962202) # Patch if you want: [href](https://www.patreon.com/posts/cve-2026-43284-157966167) # Time spent: 01:30:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ home page: https://www.asc3t1c-nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <https://www.asc3t1c-nu11secur1ty.com/>