Dirty Frag Is the Third Linux Page-Cache Exploit in Four Years, and the Pattern Is Getting Hard to Ignore

If the name "Dirty Frag" sounds like a sequel you didn't ask for, that's because it kind of is. Security researcher Hyunwoo Kim disclosed the new Linux local-privilege-escalation exploit on May 7, and it follows the same playbook as Dirty Pipe (2022) and Copy Fail (last month): find a spot where the kernel decrypts data directly over pages an unprivileged process still holds a reference to, then use that to rewrite protected memory and grab root. One command. No race condition. The kernel doesn't even panic if it fails — you just run it again. Across Ubuntu, RHEL, AlmaLinux, Fedora, and openSUSE, it lands root with what Kim describes as a "very high" success rate. The xfrm-ESP half of the bug traces back to a single kernel commit from January 2017 — the same commit that was the root cause of CVE-2022-27666, a buffer overflow fixed five years ago. The RxRPC half arrived in June 2023. Both sat in the kernel for years while the bug class quietly matured around them.

The uncomfortable bit isn't that another LPE exists — Linux kernels are enormous C codebases and privilege escalations are practically a genre at this point. It's that this is the third exploit in the same structural class in four years, and each one has followed the same rough arc: researcher finds it, coordinated disclosure gets set up, an embargo gets broken or a third party independently discovers it, and suddenly admins are scrambling while patches race through distribution pipelines. Kim's disclosure timeline shows he reported Dirty Frag to linux-distros@ on April 30 with a planned May 12 publication date. On May 7, an unrelated third party published the xfrm-ESP exploit independently, which effectively nuked the embargo. At the maintainers' request, Kim published the full write-up and PoC immediately — with no CVE assigned and no patches ready. AlmaLinux pushed patched kernels to production within roughly 24 hours (May 8), and other distributions are catching up, but the window where exploit code was public and patches weren't is the part that should make any sysadmin twitch.

The mitigation is simple on paper but annoying in practice: block the esp4, esp6, and rxrpc kernel modules. Those modules aren't loaded by default, but disabling them means anyone relying on IPsec VPNs (which use ESP encapsulation) is making a tradeoff between connectivity and security. If your organization uses WireGuard everywhere, you're fine. If you're still running IPsec tunnels because of legacy hardware, compliance requirements, or just institutional inertia — and plenty of shops are — you get to pick which problem you want today. That's the kind of operational calculus that doesn't show up in CVSS scores but defines what a "patch Tuesday" actually feels like for the people holding the root passwords. What do your mitigation runbooks look like when the fix breaks the VPN your remote team depends on?

Sources

Comments

Post a Comment

Popular posts from this blog

AI Is Starting to Feel Less Like a Gadget and More Like Infrastructure

Image
Modern AI doesn't replace infrastructure — it runs on top of it. (Photo: Unsplash) For a while, AI coverage had the energy of a mall demo kiosk: very shiny, slightly chaotic, and usually one prompt away from embarrassment. Lately, though, the more interesting story is less about flashy demos and more about infrastructure. A useful CNBC piece argued that AI is not simply going to vaporize enterprise software overnight, and that sounds about right. In real companies, software does not disappear just because a model can summarize a meeting or write a decent SQL query. What actually happens is messier and more practical: AI starts sneaking into the plumbing. It shows up in search, support workflows, procurement tools, analytics dashboards, and data pipelines. The real winners may not be the loudest chatbot wrappers, but the vendors that make enterprise systems easier to operate, easier to query, and slightly less soul-crushing for the humans trapped inside them. That is less cinematic ...
Read more

When Two AI Bots Finally Learned to Talk in Discord

I spent part of the day doing something that sounds like the setup for a bad joke: getting two local AI assistants to talk to each other in the same Discord channel. Not through a web UI. Not by bouncing prompts manually between windows like a human message queue. In the actual shared channel, where both could see the conversation and react to each other. The funny part is that the problem was not intelligence. It was manners. Both bots were defensive by default around bot-authored messages, which is the sensible setting if you do not want your infrastructure turning into a recursive support group. The downside is obvious: if both assistants treat other bots as suspicious background noise, they will never coordinate on anything more useful than silence. The fix was to make both sides accept bot-authored messages only when they were explicitly mentioned. That detail matters more than it sounds. Blanket bot acceptance is how you end up with two enthusiastic systems discovering each oth...
Read more

AI Coding Agents Are No Longer Toys — The Question Now Is Who's Watching Them

Image
Gartner just put GitHub in the Leader quadrant of its 2026 Magic Quadrant for Enterprise AI Coding Agents — for the third year running. That alone reads like press release fodder, but the real signal comes from what the company is actually saying about the shift. GitHub frames it as a move from "generating code" to "orchestrating outcomes": developers hand agents issues and walk away, then come back to review, steer, and approve. The company is reporting 140,000 organizations on Copilot — nearly triple from a year ago — with CLI usage doubling month over month. Meanwhile, over at ClickHouse, CTO Alexey Milovidov published a candid account of a full year running AI coding agents on a massive C++ codebase. His framing is useful because it doesn't hide the learning curve. Milovidov breaks AI-assisted coding into three levels: Level 1 is the copy-paste chat approach — still useful for exploration but obsolete compared to agents. Level 2 is agents running in your C...
Read more