Eksploitasi 'Dirty Frag' baru berikan akses root pada sistem Linux

Indonesia

Seorang peneliti keamanan telah mengungkapkan Dirty Frag, sebuah eksploitasi kernel Linux baru yang memungkinkan pengguna lokal untuk mendapatkan hak akses root. Celah ini memengaruhi distribusi-distribusi utama dan sebagian besar sistem masih belum ditambal meskipun telah ada perbaikan sebelumnya untuk masalah serupa.

Hyunwoo Kim, yang juga dikenal sebagai v4bel, melaporkan ancaman tersebut setelah mengirimkan detailnya ke milis linux-distros di bawah embargo lima hari. Pihak yang tidak disebutkan namanya merilis eksploitasi yang berfungsi pada hari yang sama, sehingga membiarkan sebagian besar distribusi terpapar. Dirty Frag menggabungkan dua celah, CVE-2026-43284 dan CVE-2026-43500, untuk memodifikasi file dalam memori tanpa mengubahnya di disk.

Artikel Terkait

Illustration depicting the Linux CopyFail vulnerability enabling root access exploits alongside Ubuntu's DDoS-induced outage.
Gambar dihasilkan oleh AI

Linux CopyFail exploit threatens root access amid Ubuntu outage

Dilaporkan oleh AI Gambar dihasilkan oleh AI

A critical Linux vulnerability known as CopyFail, tracked as CVE-2026-31431, allows attackers to gain root access on systems running kernels since 2017. Publicly released exploit code has heightened risks for data centers and personal devices. Ubuntu's infrastructure has been offline for over a day due to a DDoS attack, hampering security communications.

New fragnesia linux kernel flaw disclosed

A new Linux local privilege escalation vulnerability known as Fragnesia has been made public. The flaw is described as similar to Dirty Frag and involves an ESP/XFRM logic bug.

Linux kernel flaw lets unprivileged users gain root access

Dilaporkan oleh AI

Qualys researchers have identified a logic flaw in the Linux kernel that enables unprivileged local users to disclose sensitive files and execute arbitrary commands as root.

Technology

Google publishes exploit code for unfixed chromium vulnerability

Security

Rust proposal targets 80 percent of linux kernel cves

Technology

OpenClaw patches severe vulnerability granting admin access

Greg Kroah-Hartman runs AI-assisted fuzzing on Linux kernel

Linux stable kernel maintainer Greg Kroah-Hartman has started using an AI-assisted fuzzing tool in a branch named 'clanker' to test the kernel codebase. The tool has already prompted fixes for vulnerabilities in subsystems like ksmbd and SMB. Patches from this effort now cover areas including USB, HID, WiFi, and networking.

Zero-day exploit bypasses default windows 11 bitlocker encryption

Dilaporkan oleh AI

A newly published zero-day exploit allows attackers with physical access to bypass BitLocker encryption on Windows 11 devices in seconds. The attack, named YellowKey, targets the default TPM-only configuration and grants full access to encrypted drives via a simple USB-based method.

09 Juni 2026 17.20

Single errant character triggers high-severity Linux vulnerability

09 Juni 2026 04.36

Single character triggers high-severity Linux kernel vulnerability

25 Mei 2026 12.40

Trend Micro Apex One zero-day exploited in the wild

11 Mei 2026 16.32

Linux kernel could gain kill switch for vulnerable functions

05 Mei 2026 17.44

US government issues urgent CopyFail warning as Linux patches roll out

04 Mei 2026 03.03

Red Hat directs users to security page for CopyFail vulnerability

13 April 2026 10.46

Developer releases VRAM fix for AMD GPUs on Linux

Situs web ini menggunakan cookie

Kami menggunakan cookie untuk analisis guna meningkatkan situs kami. Baca kebijakan privasi kami untuk informasi lebih lanjut.
Tolak