A new Linux zero-day called Dirty Frag lets local attackers gain root privileges on major distributions with a single command, by chaining two kernel flaws in the algif_aead interface. Hyunwoo Kim disclosed the issue with a PoC, and no CVE or patch is available yet for affected systems including Ubuntu, Red Hat Enterprise Linux, CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora. #DirtyFrag #HyunwooKim #Ubuntu #RedHatEnterpriseLinux #CentOSStream #AlmaLinux #openSUSETumbleweed #Fedora
Keypoints
- Dirty Frag is a new Linux zero-day that enables local root privilege escalation.
- The flaw chains the xfrm-ESP and RxRPC page-cache write vulnerabilities.
- It affects major Linux distributions, including Ubuntu and Red Hat Enterprise Linux.
- The exploit is deterministic, does not require a race condition, and has a very high success rate.
- Linux users can disable esp4, esp6, and rxrpc modules as a temporary mitigation, but it may break IPsec VPNs and AFS.