<![CDATA[https://lwn.net/Articles/1071719/]]>
Link Preview Image
Dirty Frag: a zero-day universal Linux LPE

Hyunwoo Kim has announced the Dirty Frag security flaw, a local-privilege-escalation (LPE) vuln [...]

favicon

LWN.net (lwn.net)

is a broken embargo.

Local Privilege Escalation to root.

Public working exploit. No CVE assigned yet.

No fix in sight.
<Edith> 7.0.5 was just released which has a fix <\Edith>

This is the documentation & exploit of DirtyFrag:
https://github.com/V4bel/dirtyfrag/blob/master/README.md

Link Preview Image
]]>https://board.circlewithadot.net/topic/bf3aa504-4bdc-4166-ab06-514cc8b31809/https-lwn.net-articles-1071719RSS for NodeThu, 14 May 2026 21:39:52 GMTThu, 07 May 2026 22:56:26 GMT60<![CDATA[Reply to https://lwn.net/Articles/1071719/ on Fri, 08 May 2026 14:22:35 GMT]]>and we have another one. This one with CVE.

-2026-43500

Link Preview Image
]]>https://board.circlewithadot.net/post/https://milliways.social/users/mcfly/statuses/116539402216522711https://board.circlewithadot.net/post/https://milliways.social/users/mcfly/statuses/116539402216522711Fri, 08 May 2026 14:22:35 GMT<![CDATA[Reply to https://lwn.net/Articles/1071719/ on Fri, 08 May 2026 09:12:18 GMT]]>@mcfly @miketango I guess that's the world we live in now. If fixes are open in the public eventually some vibe-kiddy just publishes an exploits.

But is it feasible keep the fixing work secret in projects like the linux kernel? I doubt.

In this times it really comes to light who has actually good security. Who can quickly apply mitigations and detection.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/securitym0nkey/statuses/116538182116773518https://board.circlewithadot.net/post/https://infosec.exchange/users/securitym0nkey/statuses/116538182116773518Fri, 08 May 2026 09:12:18 GMT<![CDATA[Reply to https://lwn.net/Articles/1071719/ on Fri, 08 May 2026 09:09:39 GMT]]>@mcfly are you sure? https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo claims:
"Same bug exists in esp6_input and is not covered by the v4 fix f4c50a4034."

]]>https://board.circlewithadot.net/post/https://milliways.social/users/brabo/statuses/116538171677893386https://board.circlewithadot.net/post/https://milliways.social/users/brabo/statuses/116538171677893386Fri, 08 May 2026 09:09:39 GMT<![CDATA[Reply to https://lwn.net/Articles/1071719/ on Fri, 08 May 2026 07:44:29 GMT]]>@mcfly @miketango may they step on a Lego every day forever.

]]>https://board.circlewithadot.net/post/https://chaos.social/users/Laird_Dave/statuses/116537836798379231https://board.circlewithadot.net/post/https://chaos.social/users/Laird_Dave/statuses/116537836798379231Fri, 08 May 2026 07:44:29 GMT<![CDATA[Reply to https://lwn.net/Articles/1071719/ on Fri, 08 May 2026 07:43:08 GMT]]>@miketango from what I can read in the discussion is that someone saw the fix in the commit and asked a LLM too build an exploit and published that.

That someone was not aware of an embargo

Link Preview Image
xfrm: esp: avoid in-place decrypt on shared skb frags - kernel/git/netdev/net.git - Netdev Group's networking tree

favicon

(git.kernel.org)

]]>https://board.circlewithadot.net/post/https://milliways.social/users/mcfly/statuses/116537831478073740https://board.circlewithadot.net/post/https://milliways.social/users/mcfly/statuses/116537831478073740Fri, 08 May 2026 07:43:08 GMT<![CDATA[Reply to https://lwn.net/Articles/1071719/ on Fri, 08 May 2026 07:28:40 GMT]]>@mcfly What do they mean by "embargo has been broken"? Someone just willy nilly published that exploit before the distro / kernel guys could react?

]]>https://board.circlewithadot.net/post/https://chaos.social/users/miketango/statuses/116537774634423377https://board.circlewithadot.net/post/https://chaos.social/users/miketango/statuses/116537774634423377Fri, 08 May 2026 07:28:40 GMT<![CDATA[Reply to https://lwn.net/Articles/1071719/ on Fri, 08 May 2026 07:20:28 GMT]]>There seen to be a fix in commit https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4

That fix made it into 7.0.5 which was released 30 mins (?) ago

https://cdn.kernel.org/pub/linux/kernel/v7.x/ChangeLog-7.0.5

]]>https://board.circlewithadot.net/post/https://milliways.social/users/mcfly/statuses/116537742363816320https://board.circlewithadot.net/post/https://milliways.social/users/mcfly/statuses/116537742363816320Fri, 08 May 2026 07:20:28 GMT<![CDATA[Reply to https://lwn.net/Articles/1071719/ on Fri, 08 May 2026 00:05:29 GMT]]>@mcfly

It's making for an interesting evening but there is a simple mitigation given in the github (as long as you don't actually need any of the three kernel modules it blocks from loading...)

Link Preview Image
GitHub - V4bel/dirtyfrag

Contribute to V4bel/dirtyfrag development by creating an account on GitHub.

favicon

GitHub (github.com)

]]>https://board.circlewithadot.net/post/https://domum.social/users/jon/statuses/116536031943594106https://board.circlewithadot.net/post/https://domum.social/users/jon/statuses/116536031943594106Fri, 08 May 2026 00:05:29 GMT