- cross-posted to:
- linux@lemmy.ml
- cross-posted to:
- linux@lemmy.ml
cross-posted from: https://lemmy.world/post/46584454
Local Privilege Escalation “Dirty Frag” made public
- https://www.openwall.com/lists/oss-security/2026/05/07/8
- https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html
- https://safecomputing.umich.edu/security-alerts/linux-kernel-vulnerability-“dirty-frag”
- https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/
RFC: As I understand it this exploit requires local access and cannot be deployed remotely. Is this a correct analysis?
right, but remote code execution comes in many different ways. Having a machine vulnerable to this kind of privilege escalation is a really bad thing.
It requires access. Not restricted to be local.
It’s a LOCAL privilege escalation vulnerability. You need sufficient access to be able to execute arbitrary code locally on the machine. You would need a remote code execution vulnerability in an exposed service (VPN, web server, game server and so on) before an attacker could chain to this to get remote root on your system.