Nueva vulnerabilidad Dirty Frag otorga acceso root en sistemas Linux

Español

Un investigador de seguridad ha revelado Dirty Frag, un nuevo exploit del kernel de Linux que permite a los usuarios locales obtener privilegios de root. El fallo afecta a las principales distribuciones y permanece sin parchear en la mayoría de los sistemas, a pesar de las correcciones previas para un problema similar.

Hyunwoo Kim, también conocido como v4bel, informó sobre la amenaza después de enviar los detalles a la lista de correo linux-distros bajo un embargo de cinco días. Una parte anónima publicó un exploit funcional el mismo día, dejando a la mayoría de las distribuciones expuestas. Dirty Frag combina dos fallos, CVE-2026-43284 y CVE-2026-43500, para modificar archivos en la memoria sin alterarlos en el disco.

Artículos relacionados

Illustration depicting the Linux CopyFail vulnerability enabling root access exploits alongside Ubuntu's DDoS-induced outage.
Imagen generada por IA

Linux CopyFail exploit threatens root access amid Ubuntu outage

Reportado por IA Imagen generada por IA

A critical Linux vulnerability known as CopyFail, tracked as CVE-2026-31431, allows attackers to gain root access on systems running kernels since 2017. Publicly released exploit code has heightened risks for data centers and personal devices. Ubuntu's infrastructure has been offline for over a day due to a DDoS attack, hampering security communications.

New fragnesia linux kernel flaw disclosed

A new Linux local privilege escalation vulnerability known as Fragnesia has been made public. The flaw is described as similar to Dirty Frag and involves an ESP/XFRM logic bug.

Linux kernel flaw lets unprivileged users gain root access

Reportado por IA

Qualys researchers have identified a logic flaw in the Linux kernel that enables unprivileged local users to disclose sensitive files and execute arbitrary commands as root.

Technology

Google publishes exploit code for unfixed chromium vulnerability

Security

Rust proposal targets 80 percent of linux kernel cves

Technology

OpenClaw patches severe vulnerability granting admin access

Greg Kroah-Hartman runs AI-assisted fuzzing on Linux kernel

Linux stable kernel maintainer Greg Kroah-Hartman has started using an AI-assisted fuzzing tool in a branch named 'clanker' to test the kernel codebase. The tool has already prompted fixes for vulnerabilities in subsystems like ksmbd and SMB. Patches from this effort now cover areas including USB, HID, WiFi, and networking.

Zero-day exploit bypasses default windows 11 bitlocker encryption

Reportado por IA

A newly published zero-day exploit allows attackers with physical access to bypass BitLocker encryption on Windows 11 devices in seconds. The attack, named YellowKey, targets the default TPM-only configuration and grants full access to encrypted drives via a simple USB-based method.

9 de junio de 2026 17:20

Single errant character triggers high-severity Linux vulnerability

9 de junio de 2026 04:36

Single character triggers high-severity Linux kernel vulnerability

25 de mayo de 2026 12:40

Trend Micro Apex One zero-day exploited in the wild

11 de mayo de 2026 16:32

Linux kernel could gain kill switch for vulnerable functions

5 de mayo de 2026 17:44

US government issues urgent CopyFail warning as Linux patches roll out

4 de mayo de 2026 03:03

Red Hat directs users to security page for CopyFail vulnerability

13 de abril de 2026 10:46

Developer releases VRAM fix for AMD GPUs on Linux

Este sitio web utiliza cookies

Utilizamos cookies para análisis con el fin de mejorar nuestro sitio. Lee nuestra política de privacidad para más información.
Rechazar