Linux

13626 readers

1357 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

Dirty Frag: Universal Linux LPE - allows any unprivileged local user to gain root access on a vulnerable Linux system - no patch available (github.com)

submitted 6 days ago by cm0002@europe.pub to c/linux@programming.dev

18 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Sunspear@piefed.social 6 points 6 days ago (1 children)

2026-05-07: Submitted detailed information about the vulnerability and the exploit to the linux-distros mailing list. The embargo was set to 5 days, with an agreement that if a third party publishes the exploit on the internet during the embargo period, the Dirty Frag exploit would be published publicly.

2026-05-07: Detailed information and the exploit for this vulnerability were published publicly by an unrelated third party, breaking the embargo.

Well, that's reassuring - hopefully, since the patch for it is also described in the repo, distro maintainers can patch it quickly

[–] Ooops@feddit.org 3 points 5 days ago

Update: Kernel 7.0.5 just released

Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible")

Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible")

Fixes: 7da0dde68486 ("ip, udp: Support MSG_SPLICE_PAGES")

Fixes: 6d8192bd69bb ("ip6, udp6: Support MSG_SPLICE_PAGES")