{"id":243057,"date":"2026-05-08T03:49:00","date_gmt":"2026-05-08T07:49:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/08\/dirty-frag-linux-flaws-grant-root-access\/"},"modified":"2026-05-10T12:00:24","modified_gmt":"2026-05-10T16:00:24","slug":"dirty-frag-linux-flaws-grant-root-access","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/08\/dirty-frag-linux-flaws-grant-root-access\/","title":{"rendered":"\u201cDirty Frag\u201d: Linux flaws grant root access"},"content":{"rendered":"<p><a href=\"https:\/\/www.heise.de\/en\/news\/Dirty-Frag-Linux-flaws-grant-root-access-11286796.html\">\u201cDirty Frag\u201d: Linux flaws grant root access<\/a><\/p>\n<p><a href=\"https:\/\/www.heise.de\/en\/news\/Dirty-Frag-Linux-flaws-grant-root-access-11286796.html\">https:\/\/www.heise.de\/en\/news\/Dirty-Frag-Linux-flaws-grant-root-access-11286796.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-08 03:49:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.heise.de\">www.heise.de<\/a><\/p>\n<p>\u201cDirty Frag\u201d marks the third privilege escalation vulnerability (or rather, combination of vulnerabilities) discovered within two weeks, allowing attackers to escalate their privileges in most Linux distributions. As some parties apparently published information too early, the discoverer Hyunwoo Kim (X-handle @v4bel) felt compelled to make the vulnerabilities public now \u2013 without updates for affected Linux distributions or a CVE vulnerability entry being available.<\/p>\n<p>He writes this in the GitHub project for the vulnerability combination \u201cDirty Frag.\u201d There he demonstrates a chaining of two vulnerabilities. A complete deep dive discusses them in detail. These are vulnerabilities that ultimately manipulate the page cache of files in memory to which users only have read access, such as \u201c\/etc\/passwd\u201d or \u201c\/usr\/bin\/su.\u201d On subsequent access, Linux uses the modified entries from RAM, which grant further-reaching privileges and ultimately root access. This is very reminiscent of the vulnerability known as \u201cCopy Fail.\u201d Kim explains that this was also the starting point for his vulnerability search. To circumvent certain restrictions in Linux distributions that would prevent an exploit, he also chains two security vulnerabilities. On systems that were secured against \u201cCopy Fail\u201d by blacklisting the algif_aead module, \u201cDirty Frag\u201d still works.<\/p>\n<p>The vulnerabilities impact xfrm-ESP and RxRPC, both of which have a page cache write vulnerability. Kim has successfully tested the vulnerabilities on several distributions, gaining root privileges: Ubuntu 24.04.4 (Kernel 6.17.0-23-generic), RHEL 10.1 (Kernel 6.12.0-124.49.1.el10_1.x86_64), openSUSE Tumbleweed (Kernel 7.0.2-1-default), CentOS Stream 10 (Kernel 6.12.0-224.el10.x86_64), AlmaLinux 10 (Kernel 6.12.0-124.52.3.el10_1.x86_64), and Fedora 44 (with Kernel 6.19.14-300.fc44.x86_64).<\/p>\n<h3 class=\"subheading\" id=\"nav_countermeasure__0\">Countermeasure: Remove modules<\/h3>\n<p>Since the distributions have not yet had time to release&#8230;<\/p>\n<p><a href=\"https:\/\/www.heise.de\/en\/news\/Dirty-Frag-Linux-flaws-grant-root-access-11286796.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cDirty Frag\u201d: Linux flaws grant root access https:\/\/www.heise.de\/en\/news\/Dirty-Frag-Linux-flaws-grant-root-access-11286796.html Publish Date: 2026-05-08 03:49:00 Source Domain: www.heise.de&#8230;<\/p>\n","protected":false},"author":1,"featured_media":243058,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/heise.cloudimg.io\/bound\/1200x1200\/q85.png-lossy-85.webp-lossy-85.foil1\/_www-heise-de_\/imgs\/18\/5\/0\/7\/8\/7\/6\/3\/2026-05-08-Linux_LPE-Dirty_Frag-Aufmacher-ef61fdc1e7778ace.png","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[143,144,90,31,97,71,98,57,79,27],"class_list":["post-243057","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-almalinux","tag-centos","tag-cve","tag-exploit","tag-fedora","tag-linux","tag-opensuse","tag-security","tag-ubuntu","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243057"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=243057"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243057\/revisions"}],"predecessor-version":[{"id":243059,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243057\/revisions\/243059"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/243058"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=243057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=243057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=243057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}