Loading...
Loading...
Security researcher Hyunwoo Kim published 'Dirty Frag,' a universal Linux local privilege escalation that chains two kernel flaws to grant immediate root on major distributions. The embargo was broken and releases included exploit code and mitigation tips (such as blacklisting specific modules), but no CVEs or patches were available at publication. The disclosure echoes prior high-impact bugs like 'Copy Fail,' heightening risk across cloud, server, and desktop environments where local access exists. Administrators should monitor vendor advisories, apply kernel updates once released, and consider temporary mitigations to block vulnerable modules until official patches arrive.
Security researcher Hyunwoo Kim (v4bel) disclosed “Dirty Frag,” a deterministic Linux local privilege escalation that chains two page-cache write flaws—xfrm-ESP and RxRPC—to escalate to root across major distributions. The exploit reuses a 4-byte arbitrary STORE primitive (similar to Copy Fail) and combines both vulnerabilities to bypass distribution-specific mitigations like blocked unprivileged namespaces or absent kernel modules. The xfrm-ESP bug has been assigned CVE-2026-43284 and patched upstream; RxRPC is reserved as CVE-2026-43500 with no patch yet. A public PoC repository and a one-line build/run command are available; maintainers advised guidance for temporary mitigation (blacklisting modules and dropping caches). Because the embargo was broken, users should apply vendor patches when available and follow advised mitigations.
Researchers disclosed 'Dirty Frag,' a new deterministic local privilege-escalation (LPE) exploit that combines two Linux page-cache write bugs—xfrm-ESP Page-Cache Write and RxRPC Page-Cache Write—to gain root on major distributions. Hyunwoo Kim (v4bel) reported the class; a public PoC is available and the exploit reliably achieves root without races by corrupting sk_buff->frag fields. The xfrm-ESP bug is now tracked as CVE-2026-43284 and patched in mainline; the RxRPC issue is reserved as CVE-2026-43500 with no patch yet. The flaws affect kernels going back years and were tested across Ubuntu, RHEL, Fedora, CentOS Stream, AlmaLinux and openSUSE. Maintainers urged mitigations: blacklist affected modules and clear the page cache until official patches are backported.
Security researcher Hyunwoo Kim disclosed a new Linux kernel local privilege escalation chain called "Dirty Frag" that can yield root on almost all major distributions by chaining two distinct flaws in xfrm-ESP and RxRPC. The chain exploits page-cache behavior to overwrite in-memory file copies without write permissions; unlike race conditions, it's a logic bug that reliably succeeds on first try. xfrm-ESP dates to 2017 and requires unprivileged user namespaces (blocked by Ubuntu AppArmor), while RxRPC was introduced in 2023 and is often unloaded by default except on Ubuntu — together they cover most distros. A CVE is not yet assigned and no patches exist; temporary mitigations are to remove or blacklist the two kernel modules at the cost of disabling IPsec ESP and RxRPC functionality.
Security researcher Hyunwoo Kim (v4bel) disclosed “Dirty Frag,” a deterministic local privilege escalation affecting major Linux distributions by chaining two page-cache write bugs: xfrm-ESP and RxRPC. The exploit yields reliable root privileges without races and has been demonstrated on recent Ubuntu, RHEL, Fedora, openSUSE, CentOS Stream and AlmaLinux kernels dating back to vulnerable commits from 2017 and 2023. Because the embargo was broken, no official patches or CVEs existed at disclosure; maintainers recommend unloading or blacklisting esp4, esp6 and rxrpc kernel modules as a temporary mitigation. The chain covers distribution-specific blind spots—namespace restrictions or absent modules—making it broadly practical and urgent for sysadmins to apply vendor fixes once released.
Security researcher Hyunwoo Kim has publicly released 'Dirty Frag', a universal Linux local privilege escalation (LPE) exploit that can yield immediate root on major distributions. The report, released after an embargo was broken and with distro maintainers' consultation, chains two kernel vulnerabilities (links to kernel.git referenced) similar in impact to the earlier 'Copy Fail' issue. No patches or CVE identifiers were available at release time, increasing urgency for distro and kernel teams to audit and remediate vulnerable code paths. The disclosure matters because it targets the Linux kernel—central to cloud, server, and desktop infrastructure—and could be used by attackers with local access to gain full system control. Administrators should monitor vendor advisories and apply kernel updates once available.
Researcher Hyunwoo Kim publicly released “Dirty Frag,” a universal local privilege escalation (LPE) affecting all major Linux distributions after an embargo was broken and no patches or CVEs were available. Dirty Frag chains two kernel issues (links to a netdev git commit and a kernel mailing post) to obtain immediate root, mirroring impact from a prior “Copy Fail” bug. The post includes mitigation advice (blacklist vulnerable modules esp4, esp6, rxrpc) and links to detailed writeup and full exploit code, warning that distributions currently lack fixes. This matters because it enables widespread root compromise on unpatched Linux systems, forcing admins to apply module-removal mitigations and accelerating vendor response and patching.