Linux vulnerability 'Dirty Frag' affects nearly all distributions

Linux vulnerability 'Dirty Frag' affects nearly all distributions

Briefly

"Dirty Frag is a new critical Linux vulnerability that allows an attacker to gain direct root privileges from a local account on a large number of Linux systems released since 2017. The flaw is located in the Linux kernel in components related to IPsec ESP and rxrpc. The vulnerability is reportedly easy to exploit and affects virtually all major Linux distributions, including Ubuntu, Fedora, RHEL-based systems, Arch Linux, and AlmaLinux."

"The attack is technically very similar to the previously discovered Copy Fail vulnerability. In both cases, flaws in so-called zero-copy operations within the kernel are exploited. This allows an attacker to manipulate memory data linked to sensitive system files, ultimately enabling root access."

"Initially, it was reported that no patches were yet available, but AlmaLinux has since released its own updated kernels via its testing repositories. In doing so, the distribution uses an upstream fix for the ESP component made available by kernel developers. According to AlmaLinux, the severity of the vulnerability was the reason for not waiting for official updates from Red Hat or CentOS Stream."

"AlmaLinux reports that all supported AlmaLinux versions are vulnerable, but that modified kernels are now ready for testing. Specific kernel versions have been published for AlmaLinux 8, 9, and 10 in which the vulnerability has been fixed. After additional validation by the community, the patches should also become available in the regular production channels."