- cross-posted to:
- cybersecurity@sh.itjust.works
- cross-posted to:
- cybersecurity@sh.itjust.works
cross-posted from: https://lemmy.world/post/46584454
Local Privilege Escalation “Dirty Frag” made public
- https://www.openwall.com/lists/oss-security/2026/05/07/8
- https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html
- https://safecomputing.umich.edu/security-alerts/linux-kernel-vulnerability-“dirty-frag”
- https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/
RFC: As I understand it this exploit requires local access and cannot be deployed remotely. Is this a correct analysis?
It requires access. Not restricted to be local.
It’s a LOCAL privilege escalation vulnerability. You need sufficient access to be able to execute arbitrary code locally on the machine. You would need a remote code execution vulnerability in an exposed service (VPN, web server, game server and so on) before an attacker could chain to this to get remote root on your system.
right, but remote code execution comes in many different ways. Having a machine vulnerable to this kind of privilege escalation is a really bad thing.
Certainly. I don’t discount that any exploit is ‘really bad’. I like my OS of choice to be as free of exploits as it can possibly be. However, some of the material I was reading involved areas of Linux that I have little if any knowledge of value with, so I thought I’d as the question.