5/13/2026 at 4:01:13 PM
by mikece
5/13/2026 at 8:41:27 PM
The primary source, which says keep the dirtyfrag mitigations in place, is https://github.com/v12-security/pocs/tree/main/fragnesiaby gnufx
5/13/2026 at 4:44:39 PM
Lots of privilege escalations these days. But are there that many multiuser Linux systems nowadays ? I'm under the impression the whole landscape is either servers or single-user desktops (and ofc Android phones).by bestouff
5/13/2026 at 4:56:23 PM
The idea is that you can exploit a service hosted on Linux to run these.by INTPenis
5/13/2026 at 5:11:27 PM
I impersonate multiple users on my machine for organizational reasons.LPEs also potentially make user-level malware into system-level malware, which is only marginally more impactful for a single person on a desktop, but considerably harder to clean up. (It also broadens the range of what such malware could exfiltrate from me.)
by zahlman
5/13/2026 at 5:55:26 PM
> many multiuser Linux systems nowadaysnot relevant IMHO
we don't live anymore in a time where you can trust that local apps do not misbehave, and in such a context LPE is pretty bad even in a single user system
just thing about all the supply chain problems of recent times
by dathinab
5/13/2026 at 7:27:29 PM
I would say that in a single-user system LPE isn't even needed. The moment you run malicious code all bets are off. No need to compromise the system when all your data is under "enemy" control.by bestouff
5/13/2026 at 9:28:06 PM
You might not have root on an organizational "managed" system.by gnufx
5/13/2026 at 9:07:34 PM
Technically, running malicious code doesn't necessarily give control over all your data in the device. But common Linux is still lacking in sandboxing practicality, so it might as well be that way.by fluffybucktsnek
5/13/2026 at 6:28:11 PM
Many university HPC clusters are run multiuser. At least login nodes.by riedel
5/13/2026 at 9:11:01 PM
Any university or national HPC system as I'd understand the term is multi-user.There are also things like the extensive high energy physics WLCG compute federation, which is somewhat different, but can potentially be compromised quickly at large scale. For the original copy-fail we didn't want to drain our WLCG Alma9 cluster, or just kill all the jobs like the university HPC system. We got eBPF mitigation in place within a couple of hours, relieved the exploit signature wasn't in logs from the night before. That would have been done earlier if Proofpoint hadn't bounced the forwarded oss-security article as "contains malware"; sigh.
by gnufx
5/13/2026 at 10:18:13 PM
Yes, lots of little web services and such run as unprivileged users, not root. I personally run a bunch of stuff as very restricted users in containers, with the threat model being that e.g. an RCE exploit in one of them will only affect the service, not the broader system.by jovial_cavalier
5/13/2026 at 5:20:16 PM
At what point do we all start rolling our own microkernels? This is kind of getting silly now... 4 now in the past month?by nubinetwork
5/13/2026 at 5:31:01 PM
I hate that the Qubes OS people were right.by craftkiller
5/13/2026 at 4:59:12 PM
Sounds like this one is in the same kernel modules as dirtyfrag, so the existing mitigations (if in place) are sufficient.by itintheory
5/13/2026 at 5:24:40 PM
RedHat's mitigation is this: $ cat /etc/modprobe.d/dirtyfrag.conf
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
https://access.redhat.com/security/vulnerabilities/RHSB-2026...
by chasil
5/13/2026 at 5:43:10 PM
Yep, that's the advice from AWS for the previous set of vulnerabilities:https://aws.amazon.com/security/security-bulletins/2026-027-...
That one also includes disabling user namespaces. Could be problematic if they're in use.
by itintheory
5/13/2026 at 5:38:53 PM
I don't know, but the problem with blocking esp4 and esp6 is that IPsec stops working, as I understand it.by LawnGnome
5/13/2026 at 7:13:32 PM
UnRAID has released two point upgrades in the past two weeks because the previous AI-found vulnerabilities. Here we go again!by TMWNN