URL has been copied successfully!
New ‘Dirty Frag’ exploit targets Linux kernel for root access
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

New ‘Dirty Frag’ exploit targets Linux kernel for root access


Tags: , , , , , , , , , , , ,

Attackers are already exploiting Dirty Frag: Microsoft warned that Dirty Frag is already being actively exploited in the wild, primarily as a post-compromise privilege escalation tool. The company said attackers are using the vulnerability after obtaining an initial foothold on vulnerable Linux systems, allowing them to elevate privileges from a low-level user account to full root access.”Microsoft Defender is currently seeing limited in-the-wild activity where privilege escalation involving ‘su’ is observed, and which may be indicative of techniques associated with either ‘Dirty Frag’ or ‘Copy Fail,’” the researchers said, adding that the attack began with SSH access, followed by the execution of a malicious ELF binary that quickly escalated privileges using ‘su.’Su, short for switch user, is a command-line tool in Linux systems to switch from the current user to another, typically root, to execute commands with elevated privileges.

Defenders urged to disable vulnerable kernel modules: Users don’t yet have a complete fix. While the Linux Kernel Organization patched CVE-2026-43284 in a release on May 8, 2026, fixes for CVE-2026-43500 are awaited.With fixes still rolling out unevenly across Linux ecosystems, Microsoft and other researchers are urging organizations to apply temporary mitigations immediately. Recommended actions include disabling the vulnerable esp4, esp6, and rxrpc kernel modules if they are not operationally required.Microsoft additionally recommended reducing unnecessary local shell access, monitoring abnormal privilege escalation, and strengthening containerized workload controls to reduce opportunities for attackers to escalate into full system compromise. “Mitigation alone may not reverse changes already introduced through successful exploitation attempts,” the researchers warned, adding that an exploitation prior to mitigation can persist malicious modifications in memory or cached file content.

First seen on csoonline.com

Jump to article: www.csoonline.com/article/4169399/new-dirty-frag-exploit-targets-linux-kernel-for-root-access.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework
  2. Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework
  3. Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework
  4. Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework