Dirty Frag: Universal Linux LPE - allows any unprivileged local user to gain root access on a vulnerable Linux system - no patch available

cm0002@europe.pub · 3 days ago

Dirty Frag: Universal Linux LPE - allows any unprivileged local user to gain root access on a vulnerable Linux system - no patch available

Sunspear@piefed.social · 3 days ago

2026-05-07: Submitted detailed information about the vulnerability and the exploit to the linux-distros mailing list. The embargo was set to 5 days, with an agreement that if a third party publishes the exploit on the internet during the embargo period, the Dirty Frag exploit would be published publicly.

2026-05-07: Detailed information and the exploit for this vulnerability were published publicly by an unrelated third party, breaking the embargo.

Well, that’s reassuring - hopefully, since the patch for it is also described in the repo, distro maintainers can patch it quickly

Ooops@feddit.org · 2 days ago

Update: Kernel 7.0.5 just released

Fixes: cac2661c53f3 (“esp4: Avoid skb_cow_data whenever possible”)

Fixes: 03e2a30f6a27 (“esp6: Avoid skb_cow_data whenever possible”)

Fixes: 7da0dde68486 (“ip, udp: Support MSG_SPLICE_PAGES”)

Fixes: 6d8192bd69bb (“ip6, udp6: Support MSG_SPLICE_PAGES”)

Dirty Frag: Universal Linux LPE - allows any unprivileged local user to gain root access on a vulnerable Linux system - no patch available

Dirty Frag: Universal Linux LPE - allows any unprivileged local user to gain root access on a vulnerable Linux system - no patch available

GitHub - V4bel/dirtyfrag