CIP-dev Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Pavel Machek <pavel@nabladev.com>
To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com,
	masami.ichikawa@miraclelinux.com
Subject: Dirty Frag vulnerability -- local root vulnerability affecting 4.19 and newer
Date: Fri, 8 May 2026 09:24:48 +0200	[thread overview]
Message-ID: <af2PwOLOzplQ4U9q@duo.ucw.cz> (raw)

[-- Attachment #1: Type: text/plain, Size: 869 bytes --]

Hi!

Another local root vulnerability went public. This one is called
"Dirty Frag" and kernel team is currently investigating it.

https://lwn.net/Articles/1071719/
https://github.com/V4bel/dirtyfrag

If you have untrusted code running on your system, you may want to let
us know (and investigate). If you don't have esp4, esp6 or rxrpc
modules installed/options, vulnerability may not exist or may be
trickier to exploit.

This is another reminder that defending against local attacker is
hard, and that reducing kernel configuration to only minimum you
really need. [For example these seem to be advanced networking and
distributed filesystem stuff; I am pretty sure I don't need AFS and
likely am not using esp4, either, but Debian has it enabled, and so my
machines are vulnerable.]

Let us know if you believe you may be affected and best regards,
								Pavel



[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

                 reply	other threads:[~2026-05-08  7:25 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=af2PwOLOzplQ4U9q@duo.ucw.cz \
    --to=pavel@nabladev.com \
    --cc=cip-dev@lists.cip-project.org \
    --cc=jan.kiszka@siemens.com \
    --cc=masami.ichikawa@miraclelinux.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox