Dirty Frag: a zero-day universal Linux LPE
Date:
Thu, 07 May 2026 20:25:43 +0000
Description:
Hyunwoo Kim has announced the Dirty
Frag security flaw, a
local-privilege-escalation (LPE) vulnerability similar to the
recently disclosed Copy Fail flaw: Because the embargo has now been broken,
no patches or CVEs exist for
these vulnerabilities. After consultation with the
linux-distros@vs.openwall.org
maintainers, and at the maintainers' request, I am publicly releasing this Dirty Frag document. As with the previous Copy Fail vulnerability, Dirty Frag likewise allows
immediate root privilege escalation on all major distributions. Kim, who discovered the flaw and had attempted a coordinated
disclosure set for May12, has released the code for an exploit, as well as a example
script to remove the vulnerable modules. A full
write-up , with the disclosure timeline, is also available. It's
unknown at this time whether this is an example of parallel discovery
or how the third party was able to disclose it prior to the end of the
embargo. We will be following up as more information comes to light.
======================================================================
Link to news story:
https://lwn.net/Articles/1071719/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)