<![CDATA[Apparently there's yet another #LinuxKernel Local Privilege Escalation #vulnerability.]]>Apparently there's yet another Local Privilege Escalation . There's a mitigation that disables esp4, esp6 and rxrpc modules.

Link Preview Image
oss-security - Dirty Frag: Universal Linux LPE

favicon

(www.openwall.com)

Link Preview Image
GitHub - V4bel/dirtyfrag

Contribute to V4bel/dirtyfrag development by creating an account on GitHub.

favicon

GitHub (github.com)

EDIT: The related vulnerabilities are now tracked as CVE-2026-43284 and CVE-2026-43500. https://nvd.nist.gov/vuln/detail/CVE-2026-43284 https://nvd.nist.gov/vuln/detail/CVE-2026-43500

]]>https://board.circlewithadot.net/topic/e4a4f600-38d3-4e94-a30e-b66c89e78aa2/apparently-there-s-yet-another-linuxkernel-local-privilege-escalation-vulnerability.RSS for NodeThu, 14 May 2026 21:39:47 GMTThu, 07 May 2026 19:56:41 GMT60<![CDATA[Reply to Apparently there's yet another #LinuxKernel Local Privilege Escalation #vulnerability. on Fri, 08 May 2026 09:59:32 GMT]]>@harrysintonen yesterday I read that one should not drop caches in a production system. I don’t know if that recommendation was just for performance or if all hell could break loose.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/LabanSkoller/statuses/116538367816301702https://board.circlewithadot.net/post/https://infosec.exchange/users/LabanSkoller/statuses/116538367816301702Fri, 08 May 2026 09:59:32 GMT<![CDATA[Reply to Apparently there's yet another #LinuxKernel Local Privilege Escalation #vulnerability. on Fri, 08 May 2026 08:47:52 GMT]]>@christopherkunz Sure if you executed that particular exploit you definitely must restore the /etc/passwd afterwards.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116538086011994841https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116538086011994841Fri, 08 May 2026 08:47:52 GMT<![CDATA[Reply to Apparently there's yet another #LinuxKernel Local Privilege Escalation #vulnerability. on Fri, 08 May 2026 08:01:31 GMT]]>@harrysintonen In addition to Dirtyfrag, there there's Copy Fail 2 - Electric Boogaloo. https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo This sets up an ESP interface and exploits a bug in the ESP-in-UDP code.
Same here, probably prudent to drop caches (restart networking?) and remove the uid0 entry from /etc/passwd

]]>https://board.circlewithadot.net/post/https://chaos.social/users/christopherkunz/statuses/116537903790811856https://board.circlewithadot.net/post/https://chaos.social/users/christopherkunz/statuses/116537903790811856Fri, 08 May 2026 08:01:31 GMT<![CDATA[Reply to Apparently there's yet another #LinuxKernel Local Privilege Escalation #vulnerability. on Fri, 08 May 2026 07:53:32 GMT]]>Note that if you tested the exploit locally and then applied the workaround your system will retain the tampered kernel cache and will remain vulnerable even when the module is no longer in memory and cannot no longer be loaded.

You can use sudo sh -c "echo 3 > /proc/sys/vm/drop_caches" to flush the exploit from memory. Rebooting will also work, of course.

EDIT: Needless to say you should not execute random exploits in any important system. Always use a dedicated VM you can wipe after testing.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116537872415175248https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116537872415175248Fri, 08 May 2026 07:53:32 GMT<![CDATA[Reply to Apparently there's yet another #LinuxKernel Local Privilege Escalation #vulnerability. on Thu, 07 May 2026 20:21:32 GMT]]>@gtsadmin They will be loaded by the kernel automatically on demand. So apply the mitigation until kernel update is available.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116535151358192923https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116535151358192923Thu, 07 May 2026 20:21:32 GMT<![CDATA[Reply to Apparently there's yet another #LinuxKernel Local Privilege Escalation #vulnerability. on Thu, 07 May 2026 20:20:46 GMT]]>@harrysintonen None of my #Debian #linux boxen have those kernel modules loaded:
sudo lsmod | egrep "esp4|esp6|rxrpc"
#InfoSec

]]>https://board.circlewithadot.net/post/https://wiseowl.club/users/gtsadmin/statuses/01KR21K5YRESA5FKWW0H52CAMShttps://board.circlewithadot.net/post/https://wiseowl.club/users/gtsadmin/statuses/01KR21K5YRESA5FKWW0H52CAMSThu, 07 May 2026 20:20:46 GMT