Fragnesia: New Linux Kernel Local Privilege Escalation Vulnerability Disclosed
By
mikece
Warm and crisp on the edges. A bagel with a bit of bite.
Summary
A new Linux kernel local privilege escalation (LPE) vulnerability called "Fragnesia" has been made public, following closely on the heels of the similar "Dirty Frag" vulnerability. Fragnesia is a separate bug within the ESP/XFRM code that contains a logic bug allowing arbitrary byte writes into the kernel page cache of read-only files. The vulnerability was announced by V12 Security on the open-source security mailing list.
Key quotes
· 2 pulledAnnounced today on the open-source security mailing list by V12 Security is Fragnesia as a local privilege escalation exploit that is of the same vulnerability class as Dirty Frag.
Fragnesia centers around a separate bug within the ESP/XFRM code with a logic bug to allow arbitrary byte writes into the kernel page cache of read-only files.
You might also wanna read
AI-assisted vulnerability discovery raises concerns about Linux kernel security
This opinion article discusses a troubling trend in Linux security where AI-powered tools are being used to discover and exploit kernel vuln
theregister.com·1d ago
CIFSwitch Linux Vulnerability Allows Unprivileged Users to Gain Root Access via CIFS Flaw
A new Linux local-root privilege escalation vulnerability named CIFSwitch has been disclosed by researcher Asim Manizada. The flaw combines
almalinux.org·2d ago