Dirty Frag: A New Linux Kernel Local Privilege Escalation Vulnerability Class
By
unbeli
Pure flour-power. Hearty enough to carry you through lunch.
Summary
This article describes the "Dirty Frag" vulnerability class, discovered by security researcher Hyunwoo Kim (@v4bel). It is a Linux Local Privilege Escalation (LPE) exploit that chains together the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability to obtain root privileges on major Linux distributions. The vulnerability extends the bug class of Dirty Pipe and Copy Fail, and is characterized as a deterministic logic bug that doesn't require race conditions, doesn't cause kernel panics on failure, and has a high success rate.
Key quotes
· 3 pulledDirty Frag is a case that extends the bug class to which Dirty Pipe and Copy Fail belong.
Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is high.
This document describes the Dirty Frag vulnerability class, first discovered and reported by Hyunwoo Kim (@v4bel), which can obtain root privileges on major Linux distributions.
You might also wanna read
AI-assisted vulnerability discovery raises concerns about Linux kernel security
This opinion article discusses a troubling trend in Linux security where AI-powered tools are being used to discover and exploit kernel vuln
theregister.com·1d ago
CIFSwitch Linux Vulnerability Allows Unprivileged Users to Gain Root Access via CIFS Flaw
A new Linux local-root privilege escalation vulnerability named CIFSwitch has been disclosed by researcher Asim Manizada. The flaw combines
almalinux.org·2d ago