Loading...
Loading...
Researchers disclosed serious privilege-escalation flaws affecting both cloud services and Linux in recent weeks. A contested Azure Kubernetes Service (AKS) backup bug reportedly lets Backup Contributor users gain cluster-admin rights; Microsoft rejected the report, challenged CVE assignment and flagged it as AI-generated, while US‑CERT validated the issue, highlighting friction in vendor vulnerability handling. Separately, the “Fragnesia” Linux kernel vulnerability enables local users to flip in-memory bytes and escalate to root via XFRM ESP-in-TCP; upstream patches were issued and vendors advised mitigations like disabling IPsec modules or applying kernel updates. Together these incidents underscore growing threats from both cloud role misconfigurations and low-level kernel logic errors, and the need for transparent disclosure processes and rapid patching.
Privilege escalation flaws in both cloud services and the Linux kernel increase risk of full system compromise, data theft, and persistent access. Tech teams must prioritize detection, patching, and clear disclosure workflows to reduce blast radius and protect infrastructure.
Dossier last updated: 2026-05-19 16:23:51
Gentoo warns that a wave of Linux kernel privilege‑escalation bugs — starting with Copy Fail and followed by Dirty Frag and Fragnesia — are being discovered and disclosed faster than before. The Gentoo Kernel and Distribution Kernel teams say they are rapidly packaging upstream releases and backporting fixes; Gentoo kernels already include the Fragnesia v5 patch even where upstream releases remain vulnerable. Only sys-kernel/gentoo-kernel, sys-kernel/gentoo-kernel-bin and sys-kernel/gentoo-sources are security‑supported; vanilla kernel packages are currently vulnerable. Gentoo urges users to run the latest (~arch or latest stable LTS) kernels and to automate kernel upgrades because upstream often does not backport fixes to older releases.
Gentoo warns users that a spate of Linux kernel privilege-escalation bugs — starting with Copy Fail and followed by Dirty Frag and Fragnesia — are being disclosed rapidly, and urges timely kernel updates. Gentoo’s Kernel and Distribution Kernel teams say they package upstream releases quickly and backport fixes; Gentoo kernels already include the Fragnesia v5 patch while some upstream and vanilla kernels remain vulnerable. Only sys-kernel/gentoo-kernel, sys-kernel/gentoo-kernel-bin and sys-kernel/gentoo-sources are officially security-supported; other kernel packages may lag. The advisory recommends automating kernel upgrades and running recent stable or LTS kernels because upstream does not consistently backport fixes to older releases.
Linux kernel maintainers disclosed a local privilege escalation bug that can expose sensitive kernel memory and allow attackers to extract SSH host keys from compromised systems. The flaw, the fourth kernel vulnerability reported this month, affects systems running vulnerable kernel versions and can be triggered by unprivileged local users or processes. Researchers and distro maintainers issued patches and urged administrators to apply updates and rotate SSH host keys where compromise is suspected. This matters because stolen host keys undermine server identity and enable persistent MITM and lateral-movement attacks across infrastructure, raising operational and incident-response costs for cloud, enterprise, and hosting providers.
Security researcher Justin O'Leary reported a privilege-escalation vulnerability in Azure Kubernetes Service (AKS) backup on March 17; Microsoft rejected the report on April 13, arguing the issue only applies when an attacker already has admin rights and therefore is not a security bug. O'Leary says the flaw allows users with only the Backup Contributor role — effectively no Kubernetes privileges — to obtain cluster-admin access without preexisting rights. After Microsoft dismissed the report and flagged the submission to MITRE as containing AI-generated content, O'Leary submitted it to US-CERT, which validated the issue and assigned VU#284781. Microsoft then lobbied MITRE to block a CVE, and under CNA rules CERT closed the case, leaving Microsoft decisive control over CVE assignment for its product.
Linux kernel researchers disclosed a new local privilege escalation vulnerability named “Fragnesia” on May 13, 2026; it lets unprivileged local users obtain root by exploiting a logic flaw in the XFRM ESP-in-TCP subsystem. Discovered by William Bowling and V12 Security, the bug arises when shared page fragments are merged with socket buffers, creating a writable in-memory page-cache copy attackers can modify without altering disk files. The exploit does not rely on races: an attacker can unshare into a user and network namespace, gain CAP_NET_ADMIN, craft an AES-128-GCM ESP association, and flip bytes in the in-memory copy of /usr/bin/su to spawn a root shell. Ubuntu 22.04/24.04 and kernels like 6.8.0-111 were validated; upstream patches were submitted May 13, 2026. Mitigations include disabling IPsec ESP/RxRPC modules, cleaning page cache or rebooting, and applying vendor kernel patches.