Another major Linux security flaw revealed — ‘Dirty Frag’ allows root on all major distros, with no patch or fix available yet
- Researcher Hyunwoo Kim discloses Dirty Frag, a nine‑year‑old kernel flaw enabling root privilege escalation across major Linux distros
- The exploit chains two page‑cache write bugs, works reliably without race conditions, and currently has no CVE or patch
- Mitigation requires disabling vulnerable kernel modules, but this breaks IPsec VPNs and AFS, leaving systems exposed until fixes arrive
Some of the most widely used and influential Linux distributions are vulnerable to a zero-day flaw that allows threat actors to gain root privileges, and a patch has not yet been made public, experts have warned.
Security researcher Hyunwoo Kim disclosed finding a nine-year-old flaw, and published a proof-of-concept (PoC) exploit.
He named the vulnerability Dirty Frag, and explained that it works by chaining two kernel flaws, the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability. This allowed him to tweak protected system files in memory without having proper authorization.
Mitigations available
Kim explained that he shared his findings with the maintainers of different Linux distros under embargo in order to give everyone time to patch up. However, that embargo was seemingly broken on May 7, when a third party published the exploit.
“Because the embargo has currently been broken, no patch or CVE exists. After consultation with the maintainers on linux-distros@vs.openwall.org and at their request, this Dirty Frag document is being published,” Kim said.
Besides not having a CVE, the bug is also yet to be given a severity score. However, since this is an unauthenticated privilege escalation flaw, it’s safe to assume it will receive a critical-severity rating (9.0 and higher).
So far it was confirmed that Ubuntu, Red Hat Enterprise Linux, CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora, are all vulnerable, and have not yet received patches.
“As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions, and it chains two separate vulnerabilities,” Kim said. “Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is very high.”
Current mitigation includes removing vulnerable esp4, esp6, and rxrpc kernel modules, but this breaks IPsec VPNs and AFS distributed network file systems.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.