Dirtyfrag: Universal Linux privilege escalation vulnerability
Original: Dirtyfrag: Universal Linux LPE
Why This Matters
Critical universal Linux privilege escalation affects all major distributions
Security researcher Hyunwoo Kim disclosed 'Dirty Frag', a universal Linux local privilege escalation vulnerability affecting all major distributions. The vulnerability chains two separate kernel flaws to achieve immediate root access.
Researcher Hyunwoo Kim publicly disclosed 'Dirty Frag', a universal Linux local privilege escalation (LPE) vulnerability that allows obtaining root privileges on all major distributions. The vulnerability has similar impact to the previous Copy Fail exploit and chains two separate kernel vulnerabilities in the esp4, esp6, and rxrpc modules. Kim released the disclosure after consultation with linux-distros maintainers, noting that the embargo was broken and no patches or CVEs exist. The researcher provided a mitigation command to disable vulnerable modules and published full exploit code. Technical details are available at dirtyfrag.io. The vulnerability affects kernel networking components and represents a significant security risk for Linux systems.