Zero-Day Vulnerability Exploits Root Access on Popular Linux Distributions
Dirty Frag Zero-Day Exploit Exposes Major Linux Distros to Root Privilege Escalation
A newly discovered Linux zero-day vulnerability, dubbed Dirty Frag, has the potential to grant attackers root privileges on a wide range of popular Linux distributions, including Ubuntu, Red Hat Enterprise Linux, CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora.
Key Details:
- Affected Linux Distributions: Ubuntu, Red Hat Enterprise Linux, CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora
- Exploited Kernel Vulnerabilities: xfrm-ESP Page-Cache Write and RxRPC Page-Cache Write
- Discovered By: Hyunwoo Kim
- Introduced In: Linux kernel’s algif_aead cryptographic algorithm interface, approximately nine years ago
- Effective Mitigation: Removing vulnerable modules using the provided command
- Current Status: None of the affected Linux distros have received patches for this issue
- Related Vulnerability: Copy Fail, added to CISA’s KEV Catalog
- Recommended Action: Implement proactive measures to protect systems from similar threats
According to Kim, Dirty Frag is a deterministic logic bug that does not require a timing window, making it highly effective and difficult to mitigate.
The flaw was introduced approximately nine years ago in the Linux kernel’s algif_aead cryptographic algorithm interface and has yet to receive a CVE-ID for tracking.
Protecting Your System:
To date, none of the affected Linux distros have received patches for this issue. However, users can take steps to protect their systems by removing the vulnerable modules using the following command:
sh -c "printf 'install esp4 /bin/falseinstall esp6 /bin/falseinstall rxrpc /bin/false' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
About Author
English