One week after the Copy Fail vulnerability, a new Linux local privilege escalation bug has been made public. This time around there are no patches or CVEs yet for this “Dirty Frag” vulnerability as the embargo was broken early and thus the security researcher went ahead and published earlier than anticipated.
Dirty Frag allows local users to elevate to root on all major distributions. Linux distributions aren’t yet patched though there is a workaround for those interested, but for the immediate future it means root privilege escalaton on all major distributions.
Dirty Frag lives within the decryption fast paths of the esp4, esp6, and rxrpc kernel code.
The quick workaround to remove the modules in which the vulnerabilties occur can be done safely for most systems with:
sh -c “printf ‘install esp4 /bin/falseninstall esp6 /bin/falseninstall rxrpc /bin/falsen’ > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true”
More details on Dirty Frag via the oss-security posting. This GitHub repository has more details on Dirty Frag.
Alma Linux is among the first Linux distributions out with early patches for testing.
