{"id":243224,"date":"2026-05-10T16:25:00","date_gmt":"2026-05-10T20:25:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/10\/parallel-bug-discovery-triggers-premature-linux-lpe-disclosure\/"},"modified":"2026-05-10T17:00:09","modified_gmt":"2026-05-10T21:00:09","slug":"parallel-bug-discovery-triggers-premature-linux-lpe-disclosure","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/10\/parallel-bug-discovery-triggers-premature-linux-lpe-disclosure\/","title":{"rendered":"Parallel bug discovery triggers premature Linux LPE disclosure"},"content":{"rendered":"<p><a href=\"https:\/\/www.itnews.com.au\/news\/parallel-bug-discovery-triggers-premature-linux-lpe-disclosure-625736\">Parallel bug discovery triggers premature Linux LPE disclosure<\/a><\/p>\n<p><a href=\"https:\/\/www.itnews.com.au\/news\/parallel-bug-discovery-triggers-premature-linux-lpe-disclosure-625736\">https:\/\/www.itnews.com.au\/news\/parallel-bug-discovery-triggers-premature-linux-lpe-disclosure-625736<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-10 16:25:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.itnews.com.au\">www.itnews.com.au<\/a><\/p>\n<p>The free and open source Linux kernel has seen three serious local privilege escalation (LPE) vulnerabilities in recent weeks, starting with the Copy Fail bug\u00a0uncovered at the end of last month.<\/p>\n<p>A further two LPEs emerged last week, with proofs-of-concept:\u00a0Dirty Frag, and Copy Fail 2.<\/p>\n<p>Hyunwoo Kim reported the Dirty Frag bug to the Linux security team, and it was embargoed until May 12 to allow patches to be developed and be ready for distribution.<\/p>\n<p>However, on May 7 the embargo was broken by &#8220;an unrelated third-party&#8221;, and Kim disclosed the Dirty Frag vulnerability early, before full patches were ready.<\/p>\n<p>The embargo breach was accidental, the developer who spotted the Copy Fail 2 vulnerability, Trevor who also uses the handle _SiCK, confirmed to iTNews.\u00a0<\/p>\n<p>They were not aware of the embargo for Dirty Frag, and discovered the LPE primitive in a code commit.<\/p>\n<p>&#8220;Anyone can read code commits,&#8221; Trevor said.<\/p>\n<p>&#8220;There was no magic involved; I cannot break an embargo which I never entered into, or agreed to therein,&#8221; they added.<\/p>\n<p>&#8220;If code is indeed speech, the very idea of trying to censor it from eyes when it is open source is laughable,&#8221; Trevor said.<\/p>\n<p>Trevor said no artificial intelligence (AI) was used for the vulnerability discovery.<\/p>\n<p><strong>Dirty Frag and Copy Fail 2 in same class of vulnerabilities<\/strong><\/p>\n<p>Both Dirty Frag and Copy Fail 2 can be used to raise standard users on Linux-based systems to root status, which is the top-level account that has full administrative rights and privileges.<\/p>\n<p>As they are logic bugs not dependent on timing windows, neither vulnerability requires a race&#8230;<\/p>\n<p><a href=\"https:\/\/www.itnews.com.au\/news\/parallel-bug-discovery-triggers-premature-linux-lpe-disclosure-625736\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Parallel bug discovery triggers premature Linux LPE disclosure https:\/\/www.itnews.com.au\/news\/parallel-bug-discovery-triggers-premature-linux-lpe-disclosure-625736 Publish Date: 2026-05-10 16:25:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":243226,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/i.nextmedia.com.au\/News\/dirty_frag_tux.png","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[30,71,57,27],"class_list":["post-243224","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-breach","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243224"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=243224"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243224\/revisions"}],"predecessor-version":[{"id":243228,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243224\/revisions\/243228"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/243226"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=243224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=243224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=243224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}