Une nouvelle faille "Dirty Frag" permet d'obtenir un accès root sur les systèmes Linux

Français

Un chercheur en sécurité a révélé Dirty Frag, une nouvelle faille du noyau Linux permettant à des utilisateurs locaux d'obtenir des privilèges root. La vulnérabilité affecte les principales distributions et demeure non corrigée sur la plupart des systèmes, malgré des correctifs antérieurs pour un problème similaire.

Hyunwoo Kim, également connu sous le pseudonyme v4bel, a signalé la menace après avoir soumis les détails à la liste de diffusion linux-distros sous un embargo de cinq jours. Une partie non identifiée a publié un exploit fonctionnel le jour même, laissant la plupart des distributions exposées. Dirty Frag combine deux failles, CVE-2026-43284 et CVE-2026-43500, pour modifier des fichiers en mémoire sans les altérer sur le disque.

Articles connexes

Illustration depicting the Linux CopyFail vulnerability enabling root access exploits alongside Ubuntu's DDoS-induced outage.
Image générée par IA

Linux CopyFail exploit threatens root access amid Ubuntu outage

Rapporté par l'IA Image générée par IA

A critical Linux vulnerability known as CopyFail, tracked as CVE-2026-31431, allows attackers to gain root access on systems running kernels since 2017. Publicly released exploit code has heightened risks for data centers and personal devices. Ubuntu's infrastructure has been offline for over a day due to a DDoS attack, hampering security communications.

New fragnesia linux kernel flaw disclosed

A new Linux local privilege escalation vulnerability known as Fragnesia has been made public. The flaw is described as similar to Dirty Frag and involves an ESP/XFRM logic bug.

Linux kernel flaw lets unprivileged users gain root access

Rapporté par l'IA

Qualys researchers have identified a logic flaw in the Linux kernel that enables unprivileged local users to disclose sensitive files and execute arbitrary commands as root.

Technology

Google publishes exploit code for unfixed chromium vulnerability

Security

Rust proposal targets 80 percent of linux kernel cves

Technology

OpenClaw patches severe vulnerability granting admin access

Greg Kroah-Hartman runs AI-assisted fuzzing on Linux kernel

Linux stable kernel maintainer Greg Kroah-Hartman has started using an AI-assisted fuzzing tool in a branch named 'clanker' to test the kernel codebase. The tool has already prompted fixes for vulnerabilities in subsystems like ksmbd and SMB. Patches from this effort now cover areas including USB, HID, WiFi, and networking.

Zero-day exploit bypasses default windows 11 bitlocker encryption

Rapporté par l'IA

A newly published zero-day exploit allows attackers with physical access to bypass BitLocker encryption on Windows 11 devices in seconds. The attack, named YellowKey, targets the default TPM-only configuration and grants full access to encrypted drives via a simple USB-based method.

mardi 09 juin 2026 17h20

Single errant character triggers high-severity Linux vulnerability

mardi 09 juin 2026 04h36

Single character triggers high-severity Linux kernel vulnerability

lundi 25 mai 2026 12h40

Trend Micro Apex One zero-day exploited in the wild

lundi 11 mai 2026 16h32

Linux kernel could gain kill switch for vulnerable functions

mardi 05 mai 2026 17h44

US government issues urgent CopyFail warning as Linux patches roll out

lundi 04 mai 2026 03h03

Red Hat directs users to security page for CopyFail vulnerability

lundi 13 avril 2026 10h46

Developer releases VRAM fix for AMD GPUs on Linux

Ce site utilise des cookies

Nous utilisons des cookies pour l'analyse afin d'améliorer notre site. Lisez notre politique de confidentialité pour plus d'informations.
Refuser