TECH NEWS

Another major Linux security flaw revealed — 'Dirty Frag' allows root on all major distros, with no…

https://cdn.mos.cms.futurecdn.net/p7asKHxYWoAoJXzcD2M8e7-2000-80.jpg
  • Researcher Hyunwoo Kim discloses Dirty Frag, a nine‑year‑old kernel flaw enabling root privilege escalation across major Linux distros
  • The exploit chains two page‑cache write bugs, works reliably without race conditions, and currently has no CVE or patch
  • Mitigation requires disabling vulnerable kernel modules, but this breaks IPsec VPNs and AFS, leaving systems exposed until fixes arrive

Some of the most widely used and influential Linux distributions are vulnerable to a zero-day flaw that allows threat actors to gain root privileges, and a patch has not yet been made public, experts have warned.

Security researcher Hyunwoo Kim disclosed finding a nine-year-old flaw, and published a proof-of-concept (PoC) exploit.

He named the vulnerability Dirty Frag, and explained that it works by chaining two kernel flaws, the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability. This allowed him to tweak protected system files in memory without having proper authorization.

Mitigations...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/iP5Ca8JA715s/v0/1200x800.jpg

Samsung Electronics rejects a labor union-accepted mediation proposal, raising the prospect of a workers' strike; a general work stoppage will proceed on May 21

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data