this post was submitted on 08 May 2026
157 points (96.4% liked)

PC Master Race

21096 readers
449 users here now

A community for PC Master Race.

Rules:

  1. No bigotry: Including racism, sexism, homophobia, transphobia, or xenophobia. Code of Conduct.
  2. Be respectful. Everyone should feel welcome here.
  3. No NSFW content.
  4. No Ads / Spamming.
  5. Be thoughtful and helpful: especially when new beginners have questions.

founded 2 years ago
MODERATORS
Brunbrun6766@lemmy.world
_MoveSwiftly@lemmy.world
Xeon@lemmy.ml
IowaMan@lemmy.world
The_Vampire@lemmy.world
CatZoomies@lemmy.world
geosoco@kbin.social
Fudgeknuckles98@lemmy.world
BobaFett26@lemmy.world
157
Devastating 'Dirty Frag' exploit leaks out, gives immediate root access on most Linux machines since 2017, no patches available, no warning given — Copy Fail-like vulnerability had its embargo broken (www.tomshardware.com)
submitted 5 days ago by sanitation@lemmy.radio to c/pcmasterrace@lemmy.world
34 comments fedilink hide all child comments
top 34 comments
sorted by: hot top controversial new old
[–] carrylex@lemmy.world 33 points 5 days ago* (last edited 5 days ago) (2 children)

Non Tom's slopware original:

https://github.com/V4bel/dirtyfrag

Also nice lies and panic spreading by them:

that's currently setting the Linux server world on fire

The vulnerability requires local user access to the affected system which is already a gigantic security hole if that's the case on a server...

Tom's Slopware delenda est

[–] degenerate_neutron_matter@fedia.io 14 points 5 days ago (1 children)

It's a big problem for multi-user servers where some users aren't supposed to have root access. For example, my university has several student-accessible servers, and they all seem to be currently vulnerable to the exploit. A malicious student could cause quite a lot of damage.

[–] Saprophyte@lemmy.world 6 points 5 days ago

No patches available!

Literally a mitigation section on the page.

[–] Azzu@lemmy.dbzer0.com 29 points 5 days ago

"No patches available" might've been true at time of writing (and might still be true for old kernels, idk), but kernel 7.0.4, released yesterday, is already fixed.

[–] iopq@lemmy.world 39 points 5 days ago* (last edited 5 days ago)

That article doesn't tell me much. Any writeup with the affected code?

Edit: found it

https://github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md

[–] M0oP0o@mander.xyz 7 points 5 days ago

NICE! Linux has made it everyone!

[–] bookmeat@fedinsfw.app 10 points 5 days ago (1 children)

It bothers me that the test for this vulnerability is a link to some random repo online with arbitrary code and no one is batting an eye.

[–] clif@lemmy.world 1 points 5 days ago

At least it presents code instead of sooperhax.exe

Also @iopq@lemmy.world linked the explanation in the repo : https://github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md

Admittedly I just gave it a quick scan for now though.

[–] Nighed@feddit.uk 10 points 5 days ago (2 children)

What is the exploit case? It says it's IPsec stuff?

Is it therefore remotely exploitable, or does it need a local user?

Are routers at risk?

[–] grainfed@quokk.au 22 points 5 days ago (1 children)

"any local user can instantly get root (administrator) access on an affected box, just by running a small program" quote from the short article. So it seems home computers are safe.

[–] Nighed@feddit.uk 1 points 5 days ago

I thought that was refering to copyfail?

[–] sanitation@lemmy.radio 11 points 5 days ago

It's gotta be local.

[–] cholesterol@lemmy.world 5 points 5 days ago

Also local, right?

[–] yetAnotherUser@discuss.tchncs.de 2 points 5 days ago

People don't realize how easy it is to get local access.

There's a very good reason you should not run your browser as root.

[–] Treczoks@lemmy.world 1 points 4 days ago

This and the others will probably be fixed as fast as usual, and the NSA, the CIA, and their Chinese, Russian, and whatever counterparts will have one less exploit in their arsenals.