Dirty Frag: new LPE in Linux kernel allows root on most distros

Colleagues, please note: an unpatched local privilege escalation (LPE) vulnerability, Dirty Frag, was disclosed in cybersecurity.
Key points:
- Researcher Hyunwoo Kim described an xfrm-ESP + RxRPC Page-Cache Write chain; the exploit is deterministic and race-free.
- Affects Ubuntu 24.04.4, RHEL 10.1, Fedora 44, CentOS Stream 10, AlmaLinux 10, openSUSE Tumbleweed.
- PoC is published; temporary mitigation is to block modules esp4, esp6, rxrpc.
Why it matters: an unprivileged local user can gain root — urgently assess impact and take measures.
What steps have you already taken?
#cybersecurity #Linux #vulnerabilities #infosec


Latest comments
No comments yet.