Dirty Frag: a zero-day universal Linux LPE [LWN.net]

Hyunwoo Kim has announced the Dirty Frag security flaw, a local-privilege-escalation (LPE) vulnerability similar to the recently disclosed Copy Fail flaw:

Because the embargo has now been broken, no patches or CVEs exist for these vulnerabilities. After consultation with the linux-distros@vs.openwall.org maintainers, and at the maintainers' request, I am publicly releasing this Dirty Frag document.

As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions.

Kim, who discovered the flaw and had attempted a coordinated disclosure set for May 12, has released the code for an exploit, as well as a example script to remove the vulnerable modules. A full write-up, with the disclosure timeline, is also available. It's unknown at this time whether this is an example of parallel discovery or how the third party was able to disclose it prior to the end of the embargo. We will be following up as more information comes to light.

to post comments

Well, that's lovely

Posted May 7, 2026 20:35 UTC (Thu) by dskoll (subscriber, #1630) [Link] (4 responses)

Worked against kernel 7.0.4. I guess 7.0.5 will be out at some point soon.

Hurt me with this

Posted May 7, 2026 23:51 UTC (Thu) by davecb (subscriber, #1574) [Link]

It's still insanely painful, but better than the bugs
I just finished removing putative bugs from a new app with clod (:-)) See
https://leaflessca.wordpress.com/2026/04/30/a-prompt-for-...

Well, that's lovely

Posted May 8, 2026 1:10 UTC (Fri) by marekm (subscriber, #174682) [Link] (2 responses)

Exploit fails on Debian 12.13 amd64 after running for a few seconds.
Maybe it's just a bug in the brute-force code?
Works immediately on Debian 11.11 i686 (still in LTS).
Mitigation - create /etc/modprobe.d/dirtyfrag.conf with these 3 lines:

install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false

These modules are not loaded by default, loading them is triggered by the exploit. So if they are already loaded, the exploit may have worked and then rmmod is not sufficient, reboot required to clear the page cache.

It would be interesting to know which applications have legitimate use for these modules and are broken by the mitigation.

Well, that's lovely

Posted May 8, 2026 1:15 UTC (Fri) by acathrow (subscriber, #13344) [Link]

IPSEC would be broken

Well, that's lovely

Posted May 8, 2026 12:53 UTC (Fri) by grawity (subscriber, #80596) [Link]

ESP is the encrypted tunnel type used by practically every IPsec setup. If you're all WireGuard then you can remove it, but it can't really be removed from the default distribution kernel. Fortunately – as I understand it – disabling unprivileged_userns_clone will mitigate this half.

RxRPC is only used by the kernel's built-in AFS filesystem client (the kafs module) and is safe to remove. Even if you're using AFS (which itself is a bit stale), more often than not you'd be using the out-of-tree OpenAFS or Auristor clients rather than kAFS. (I run my own OpenAFS cell as a hobby, and even in that barebones setup, the in-kernel kAFS just doesn't seem finished.)

Stupidity

Posted May 7, 2026 23:53 UTC (Thu) by jpeisach (subscriber, #181966) [Link] (11 responses)

Two wrongs don't make a right.

"Oh, someone broke the embargo. Looks like it's technically public. Let's all publish it on GitHub, advertise it so many more people can see it while THERE IS NO PATCH AVAILABLE."

Do better.

Stupidity . . . or not

Posted May 8, 2026 0:02 UTC (Fri) by himi (subscriber, #340) [Link] (6 responses)

Quoting from the README.md on the repo:

> Because the embargo has currently been broken, no patch or CVE exists. After consultation with the
> maintainers on linux-distros@vs.openwall.org and at their request, this Dirty Frag document is being
> published. For the disclosure timeline, refer to the technical details.

In other words, the publication of this information was done in consultation with, and at the request of, the kernel and distro security groups - not something that deserves to be called "stupidity". Particularly given there's a pretty simple mitigation (blacklisting and removing the vulnerable modules).

Stupidity . . . or not (and apologies)

Posted May 8, 2026 0:07 UTC (Fri) by jpeisach (subscriber, #181966) [Link] (5 responses)

> In other words, the publication of this information was done in consultation with, and at the request of, the kernel and distro security groups - not something that deserves to be called "stupidity". Particularly given there's a pretty simple mitigation (blacklisting and removing the vulnerable modules).

Yes, but now there is actual public discourse on this, so it can be exploited.

Also: stupidity wasn't appropriate, I should've just said that I strongly disagree with the approach.

Stupidity . . . or not (and apologies)

Posted May 8, 2026 0:33 UTC (Fri) by Nahor (subscriber, #51583) [Link]

And there is also much public discourse on the uselessness of embargoes with the advent of LLMs, that they now protect the exploiter as much as the exploited.

Stupidity . . . or not (and apologies)

Posted May 8, 2026 1:57 UTC (Fri) by Heretic_Blacksheep (guest, #169992) [Link] (3 responses)

It would be negligent if there weren't workarounds that most people could deploy immediately assuming they don't use kernel IPSEC in their environment in this specific case. Once the embargo is broken, it's *broken*. The cat is out of the bag and there's no putting it back in. This *is* the responsible thing to do for the community. We don't live in a binary world (pun intended). From any given POC, obscure origin or not, there's only a few hours on average before exploitation begins. Prepare to see a lot more of these as people use *LMs to summarize and engineer exploits as soon as patch code becomes public regardless of embargo status.

Embargos are becoming obsolete in a world where anyone can deploy LM tooling to summarize fixes and produce chained exploits in moments. Every scriptkiddie has the potential to deploy fully functional, sophisticated attack tools now. Open source or closed source are immaterial because the LMs can also reverse engineer machine code. This will be the norm until all the low hanging (read financially/resource cheap) fruit is already picked.

Stupidity . . . or not (and apologies)

Posted May 8, 2026 7:29 UTC (Fri) by gf2p8affineqb (subscriber, #124723) [Link] (2 responses)

Are there actual examples of LLMs finding security bugs through disassembly at scale? Or is that conjecture on your part.

Stupidity . . . or not (and apologies)

Posted May 8, 2026 9:02 UTC (Fri) by eru (subscriber, #2753) [Link]

You could use Ghidra to decompile code, then use LLM on the result.

Stupidity . . . or not (and apologies)

Posted May 8, 2026 10:41 UTC (Fri) by justincormack (subscriber, #70439) [Link]

Yes there is this RCE bug in GitHub that was found through reverse engineering of the GitHub Enterprise binaries https://www.wiz.io/blog/github-rce-vulnerability-cve-2026...

A work around is available.

Posted May 8, 2026 1:21 UTC (Fri) by ebiederm (subscriber, #35028) [Link]

Most people should be able to disable loading the problem modules.

Stupidity

Posted May 8, 2026 14:55 UTC (Fri) by mirabilos (subscriber, #84359) [Link] (1 responses)

Agreed.

They ought to have held their feet still until patches are available.

Even if someone else “broke embargo”, just publish mitigations (block kernel modules X, Y and Z or W) until then.

Stupidity

Posted May 14, 2026 10:59 UTC (Thu) by madhatter (subscriber, #4665) [Link]

> Even if someone else “broke embargo”, just publish mitigations (block kernel modules X, Y and Z or W) until then.

If you mean "publish mitigations without the full explanation", I can't agree. In this case, the mitigations will be worse than the disease: on all my IPSec collapse points, for example, the mitigation would completely disable all my VPN links. Just telling me "do that" is, well, very disruptive, to say the least.

But when I have the full details, I can also see that the exploit requires an unprivileged user account. Since none of my collapse points have user accounts for anyone that isn't also a sysadmin with full sudo privileges, I know that I am no more exposed by this vulnerability than I was before it was discovered, and I can make a reasoned judgement about whether this justifies taking down all VPN links across the enterprise.

I do not think there is ever a justification for revealing less information than has elsewhere been revealed, merely in the hope that people won't find the elsewhere. If that wasn't what you were suggesting, then I apologise for getting the wrong end of the stick.

Stupidity

Posted May 9, 2026 10:14 UTC (Sat) by muase (subscriber, #178466) [Link]

No, and that stance is also objectively wrong.

If you can reasonable assume that an exploit is unknown to others, it can make sense to keep it secret until patches deployed. However, if there is only a slight realistic chance that an exploit is known to other, less benevolent actors, it becomes paramount to thoroughly inform the users. You should give them all the information and tools so they can apply mitigations, do some risk analysis and tests for their specific setup, or even just identify and take vulnerable systems offline.

Intentionally not informing your users if your product puts them in danger is objectively malevolent behavior – up to the point that in other contexts that can even lead to legal consequences (rightfully so).

Not an embargo breach, it seems.

Posted May 8, 2026 1:11 UTC (Fri) by himi (subscriber, #340) [Link] (1 responses)

More of a parallel publication, though the (re)discovery took a different path - working back from the fixes pushed to the netdev tree.

See https://www.openwall.com/lists/oss-security/2026/05/07/12 and https://afflicted.sh/blog/posts/copy-fail-2.html

Not an embargo breach, it seems.

Posted May 8, 2026 8:41 UTC (Fri) by kleptog (subscriber, #1183) [Link]

AIUI we have two groups here:

* people that find issues, report it responsibly and organise a coordinated release
* people that watch the stream of committed patches and publish exploits on any bugs fixed

These groups are always going to interfere with each-other, basically water and fire. I suspect these two groups already have a wildly different idea of the value of embargos and coordinated releases and so don't communicate. I expect the result will be the victory of the second group over the first.

SE Linux Strict Policy stops this

Posted May 8, 2026 5:15 UTC (Fri) by etbe (subscriber, #17516) [Link]

https://etbe.coker.com.au/2026/05/08/dirty-frag-on-debian...

Running SE Linux with users as user_t (AKA Strict Policy) protects against the exploits for this bug and Copy Fail. It will also protect against future similar bugs which is useful given that more similar bugs seems likely.

Copy Fail 2 - Electric Boogaloo

Posted May 8, 2026 7:43 UTC (Fri) by pabs (subscriber, #43278) [Link] (12 responses)

There is another one too:

https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_...

Copy Fail 2 - Electric Boogaloo

Posted May 8, 2026 9:31 UTC (Fri) by cortana (subscriber, #24596) [Link] (10 responses)

Thanks.

No sudo. esp4 / xfrm_user / xfrm_algo autoload via the userns netlink path.

I guess blocklisting these modules is also wise. Unfortunately they are built-in in Red Hat's kernels...

Copy Fail 2 - Electric Boogaloo

Posted May 8, 2026 11:40 UTC (Fri) by wtarreau (subscriber, #51152) [Link] (9 responses)

I disable a these as well as a number of other ones. Basically all unneeded network protocols and filesystems. One can find /lib/modules* -name '*.ko*' then compare with lsmod and add rules to block all unneeded ones. Ideally I'd like to have a principle of denying all modules and only allowing a few select ones (i.e. the ones I find via lsmod).

Copy Fail 2 - Electric Boogaloo

Posted May 8, 2026 11:54 UTC (Fri) by smcv (subscriber, #53363) [Link] (1 responses)

I think the way to do that is to load all your required modules, and then echo 1 > /proc/sys/kernel/modules_disabled to prevent any other module from being loaded until the next reboot.

Copy Fail 2 - Electric Boogaloo

Posted May 9, 2026 5:06 UTC (Sat) by wtarreau (subscriber, #51152) [Link]

> echo 1 > /proc/sys/kernel/modules_disabled

It's not exactly the same. I'm fine with root modifying the list if needed (e.g. trying to mount an FS that's not loaded). Here it's no longer possible.

Copy Fail 2 - Electric Boogaloo

Posted May 8, 2026 12:10 UTC (Fri) by hmh (subscriber, #3838) [Link] (6 responses)

Well, there is:

echo 1 > /proc/sys/kernel/modules_disabled

Which is supposed to be an one-way trapdoor, and require a reboot / kexec, or perhaps a kernel-level write exploit to undo.

Although the usability of that functionality is quite bad, it would have been effective against both copy.fail variants and dirtyflag on the servers here, since our servers have very static module-load needs and we could just populate a load-these-modules-on-initramfs list, and then kick the module-loading trapdoor shut if we wanted to...

Copy Fail 2 - Electric Boogaloo

Posted May 8, 2026 19:14 UTC (Fri) by MarcB (subscriber, #101804) [Link] (5 responses)

We are currently trying this, via a late Systemd unit. There were some gotchas: lazy/optionally auto-mounted NFS, BMC hardware, ... But is seems to be a viable approach, at least for the many, very uniform and static (kernel-wise) systems we run.

Copy Fail 2 - Electric Boogaloo

Posted May 8, 2026 19:42 UTC (Fri) by sf (subscriber, #46625) [Link] (4 responses)

I use a wrapper for modprobe that implements a whitelist and that I put into /proc/sys/kernel/modprobe . This has the advantage that the whitelist can be added to without reboot and more importantly, the wrapper logs all blocked attempts to load a module which is important for debugging. Without module autoloading, things can fail in quite surprising ways.

Copy Fail 2 - Electric Boogaloo

Posted May 9, 2026 5:08 UTC (Sat) by wtarreau (subscriber, #51152) [Link] (2 responses)

> use a wrapper for modprobe that implements a whitelist and that I put into /proc/sys/kernel/modprobe .

Yeah that's much more what I'm seeking in fact. There is value in sharing this, you know ? It may be popular these days :-)

Copy Fail 2 - Electric Boogaloo

Posted May 9, 2026 7:56 UTC (Sat) by sf (subscriber, #46625) [Link] (1 responses)

It is very simplistic. I have written a short readme and published it at https://github.com/s-fritsch/modprobe-wrapper

Copy Fail 2 - Electric Boogaloo

Posted May 9, 2026 9:24 UTC (Sat) by wtarreau (subscriber, #51152) [Link]

> It is very simplistic. I have written a short readme and published it at https://github.com/s-fritsch/modprobe-wrapper

Clean, simple and effective. Thank you for sharing!

Copy Fail 2 - Electric Boogaloo

Posted May 9, 2026 6:31 UTC (Sat) by pabs (subscriber, #43278) [Link]

Seems like modprobe itself should have that sort of functionality. Probably wouldn't be hard to add either, let the module blocking command accept 'all' or '*' as an argument, then add an allow command to undo that partially.

Copy Fail 2 - Electric Boogaloo

Posted May 8, 2026 11:38 UTC (Fri) by wtarreau (subscriber, #51152) [Link]

This is actually the one that triggered the early release by the original reporter.

Android status

Posted May 11, 2026 9:21 UTC (Mon) by jpfrancois (subscriber, #65948) [Link] (1 responses)

What is the effect of this on Android ?
I have the impression that new kernel deployment are much less frequent on phones than they are on Linux Distro.
What will be the effect of these new vuln on android ?
Does it mean easier rooting tool (I don't know how easy it is to gain root on current phone).
What about malware apps ? Will they become easier to make du to the abundance of unpatched kernel vulnerability on Android kernel ?

Android status

Posted May 11, 2026 12:59 UTC (Mon) by MarcB (subscriber, #101804) [Link]

Android is very unlikely to be affected. Android uses SELinux in way that is far beyond what generic Linux distributions do. They basically went with a "deny everything, then selectively allow" approach.

You can have a look at git clone https://android.googlesource.com/platform/system/sepolicy, in particular private/app_neverallows.te.

# Restrict socket ioctls. Either 1. disallow privileged ioctls, 2. disallow the
# ioctl permission, or 3. disallow the socket class.
neverallowxperm all_untrusted_apps domain:{ icmp_socket rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
neverallow all_untrusted_apps *:{ netlink_route_socket netlink_selinux_socket } ioctl;
neverallow all_untrusted_apps *:{
socket netlink_socket packet_socket key_socket appletalk_socket
netlink_tcpdiag_socket netlink_nflog_socket
netlink_xfrm_socket netlink_audit_socket
netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket
netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket
netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
netlink_rdma_socket netlink_crypto_socket sctp_socket
ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket
atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
alg_socket nfc_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
} *;

Note that those "neverallow" rules are a fail-safe: Even if some other rules allows one of those things, they will still be denied.

One option for dirty frag via selinux, dependent on user cases where ipsec is needed

Posted May 20, 2026 21:27 UTC (Wed) by chads (subscriber, #5734) [Link]

$ semanage login -a -s staff_u -r s0 user_A

$ cat << 'EOF' > /tmp/deny_userns.cil
(deny staff_t self (user_namespace (create)))
EOF

$ semodule -i /tmp/deny_userns.cil

# Test:
ssh user_A@myhost 'unshare --user --net /bin/true && echo VULNERABLE || echo BLOCKED'
unshare: unshare failed: Permission denied
BLOCKED

$ ./exp
dirtyfrag: failed (rc=1)