The Dirty Frag vulnerability (CVE-2024-1086, CVSS 7.8) allows low-privilege users, including those in containers or VMs, to escalate to root privileges via a deterministic and stealthy kernel exploit. The exploit code is publicly available and works reliably across virtually all Linux distributions, with active experimentation observed in the wild. A patch is available in the mainline Linux kernel; organizations should prioritize applying vendor kernel updates immediately.
Linux users have been bitten by yet another vulnerability that gives containers and untrusted users the ability to gain root access, marking the second time in as many weeks that a severe threat has caught defenders off guard. The threat, known as Dirty Frag, allows low-privilege users, including those using virtual machines, to gain root control of servers. Attacks are particularly suitable in shared environments, where a server is used by multiple parties. Hackers can also gain root as long as they have access to a separate exploit that gives a toehold into a machine. Exploit code was leaked online three days ago and works reliably across virtually all Linux distributions. Microsoft has said it has spotted signs that hackers are experimenting with Dirty Frag in the wild. Immediate and significant threat The leaked exploit is deterministic, meaning it works precisely the same way each time it’s run and across different Linux distributions. It causes no crashes, making it stealthy to run. A vulnerability known as Copy Fail, disclosed last week with no patches available to end users, possesses the same characteristics. Read full article Comments