Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreifk7e37tb7j5cpni4npxvat4ace5mhi2haivkzniaqqfyxjyjr3va",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mlccjfh6tg62"
  },
  "path": "/t/github-v4bel-dirtyfrag/37712#post_1",
  "publishedAt": "2026-05-07T22:29:44.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "github.com",
    "GitHub - V4bel/dirtyfrag",
    "Openwall report",
    "Dirty Pipe",
    "Copy Fail",
    "the Tweet (X Post)",
    "Direct link to the write-up on Github"
  ],
  "textContent": "github.com\n\n### GitHub - V4bel/dirtyfrag\n\nContribute to V4bel/dirtyfrag development by creating an account on GitHub.\n\nIt looks like we have another major unpatched CopyFail Style Linux Local Privilege Escalation. I’ve quoted some of the _most important_ details below, but encourage readers to view the linked Github page and Openwall report for more detailed information.\n\n> Dirty Frag is a case that extends the bug class to which Dirty Pipe and Copy Fail belong. Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is very high.\n\n> Because the embargo has currently been broken, no patch or CVE exists. After consultation with the maintainers on linux-distros@vs.openwall.org and at their request, this Dirty Frag document is being published. For the disclosure timeline, refer to the technical details.\n\n## Mitigation\n\n>   1. Because the responsible disclosure schedule and the embargo have been broken, no patch exists for any distribution. Use the following command to remove the modules in which the vulnerabilities occur.\n>\n\n>\n>\n>     sh -c \"printf 'install esp4 /bin/false\\ninstall esp6 /bin/false\\ninstall rxrpc /bin/false\\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true\"\n>\n>\n>\n>   2. Once each distribution backports a patch, update accordingly.\n>\n\n\n#### Extra References:\n\n  * the Tweet (X Post) announcing this vulnerability.\n  * Direct link to the write-up on Github\n\n",
  "title": "GitHub - V4bel/dirtyfrag"
}