Ny sårbarhet vid namn Dirty Frag ger root-åtkomst på Linux-system

Svenska

En säkerhetsforskare har avslöjat Dirty Frag, en ny sårbarhet i Linux-kärnan som gör det möjligt för lokala användare att få root-behörighet. Bristerna påverkar flera större distributioner och förblir opatchade på de flesta system trots tidigare korrigeringar för ett liknande problem.

Hyunwoo Kim, även känd som v4bel, rapporterade hotet efter att ha skickat in detaljer till e-postlistan linux-distros under ett fem dagars embargo. En icke namngiven part släppte en fungerande exploit samma dag, vilket lämnade de flesta distributioner exponerade. Dirty Frag kombinerar två brister, CVE-2026-43284 och CVE-2026-43500, för att modifiera filer i minnet utan att ändra dem på disken.

Relaterade artiklar

Illustration depicting the Linux CopyFail vulnerability enabling root access exploits alongside Ubuntu's DDoS-induced outage.
Bild genererad av AI

Linux CopyFail exploit threatens root access amid Ubuntu outage

Rapporterad av AI Bild genererad av AI

A critical Linux vulnerability known as CopyFail, tracked as CVE-2026-31431, allows attackers to gain root access on systems running kernels since 2017. Publicly released exploit code has heightened risks for data centers and personal devices. Ubuntu's infrastructure has been offline for over a day due to a DDoS attack, hampering security communications.

New fragnesia linux kernel flaw disclosed

A new Linux local privilege escalation vulnerability known as Fragnesia has been made public. The flaw is described as similar to Dirty Frag and involves an ESP/XFRM logic bug.

Linux kernel flaw lets unprivileged users gain root access

Rapporterad av AI

Qualys researchers have identified a logic flaw in the Linux kernel that enables unprivileged local users to disclose sensitive files and execute arbitrary commands as root.

Technology

Google publishes exploit code for unfixed chromium vulnerability

Security

Rust proposal targets 80 percent of linux kernel cves

Technology

OpenClaw patches severe vulnerability granting admin access

Greg Kroah-Hartman runs AI-assisted fuzzing on Linux kernel

Linux stable kernel maintainer Greg Kroah-Hartman has started using an AI-assisted fuzzing tool in a branch named 'clanker' to test the kernel codebase. The tool has already prompted fixes for vulnerabilities in subsystems like ksmbd and SMB. Patches from this effort now cover areas including USB, HID, WiFi, and networking.

Zero-day exploit bypasses default windows 11 bitlocker encryption

Rapporterad av AI

A newly published zero-day exploit allows attackers with physical access to bypass BitLocker encryption on Windows 11 devices in seconds. The attack, named YellowKey, targets the default TPM-only configuration and grants full access to encrypted drives via a simple USB-based method.

9 juni 2026 17:20

Single errant character triggers high-severity Linux vulnerability

9 juni 2026 04:36

Single character triggers high-severity Linux kernel vulnerability

25 maj 2026 12:40

Trend Micro Apex One zero-day exploited in the wild

11 maj 2026 16:32

Linux kernel could gain kill switch for vulnerable functions

5 maj 2026 17:44

US government issues urgent CopyFail warning as Linux patches roll out

4 maj 2026 03:03

Red Hat directs users to security page for CopyFail vulnerability

13 april 2026 10:46

Developer releases VRAM fix for AMD GPUs on Linux

Denna webbplats använder cookies

Vi använder cookies för analys för att förbättra vår webbplats. Läs vår integritetspolicy för mer information.
Avböj