this post was submitted on 12 May 2026

97 points (100.0% liked)

Linux

13631 readers

846 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

97

Linux 7.0.6 Released To Finish Mitigating the Dirty Frag Vulnerability (www.phoronix.com)

submitted 2 days ago by cm0002@lemy.lol to c/linux@programming.dev

6 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Scoopta@programming.dev 1 points 2 days ago (1 children)

Even if it was built in it probably wouldn't get full root, SELinux borks a lot of root exploits even if they privesc correctly.

[–] Redjard@reddthat.com 3 points 1 day ago* (last edited 1 day ago)

This one is so generic it let's you get around any of that very easily.
You don't even need to interact with the filesystem, you can just change a cron script or system library and let some other process execute it. Or you can change /etc/passwd to give yourself access to a root user, which iirc is what this dirtyfrag vulnerability proof of concept did.

You can pretty much write to any file on the filesystem with one syscall (that is not a write syscall) and in a way that does not count as writing in any of the normal ways, so won't even trigger file change events etc.