Fragnesia Made Public As Latest Linux Local Privilege Escalation Vulnerability (phoronix.com)
- Reference: 0183208693
- News link: https://linux.slashdot.org/story/26/05/13/1621258/fragnesia-made-public-as-latest-linux-local-privilege-escalation-vulnerability
- Source link: https://www.phoronix.com/news/Linux-Fragnesia
> Proof of concept code for Fragnesia is already out there. There is a [4]two-line patch for addressing the issue within the Linux kernel's skbuff.c code. That patch hasn't yet been mainlined or picked up by any mainline kernel releases but presumably will be in short order for addressing this local privilege escalation issue.
More details can be found [5]here .
[1] https://github.com/v12-security/pocs/blob/main/fragnesia%2FREADME.md
[2] https://linux.slashdot.org/story/26/05/08/1913238/new-linux-dirty-frag-zero-day-gives-root-on-all-major-distros
[3] https://www.phoronix.com/news/Linux-Fragnesia
[4] https://lore.kernel.org/netdev/20260513041635.1289541-1-vakzz@zellic.io/
[5] https://www.openwall.com/lists/oss-security/2026/05/13/3
Disclosure Timing Drama Part 2.0 (Score:4)
Looks like this time around the disclosure happened when the patch hit netdev. This was even faster than the drama that happened around the [1]Dirty Frag embargo [slashdot.org]. Meant that no one else could back-engineer and release the vulnerability before the original reporters, but also a greater amount of time between disclosure and when the patches hit downstream distros.
I wonder if that last case of back-engineering on prerelease kernels is going to set a new norm on disclosure timing. If people can back-engineer then getting the mitigations out as quick as possible is more important than trying to hide the issue until the kernel patch actually drops for distros.
[1] https://linux.slashdot.org/comments.pl?sid=23986788&cid=66134834
Re: (Score:3)
For a local elevation? Probably. The longer disclosure times clearly have stopped working. But I shudder to think what happens when somebody finds a remote vulnerability...
Re: (Score:2)
The bigger challenge is how are projects going to discuss any not so trivial to patch issues? As long as the fix is encode this, duplicate that and only provide the copy to the caller, and what not, the situation is manageable.
The moment we hit something where the fix likely means changing behavior and needs design discussion enough hints are going to drop that even in absence of patch file that would highlight the exact lines of affected code even a relatively low skill actor is going to be able t
Re: Disclosure Timing Drama Part 2.0 (Score:2)
I suspect part of it is that the mitigation for DirtyFrag covers it, so everyone who blocked all the modules in question when that had only an incomplete patch probably hasn't unblocked them yet. I think this is the 4th patch for these modules, and only got a new name rather than just "there's still a way to get this code to do the wrong thing" because a different outside team found this one.
AI (Score:2)
How many of these bugs is the AI, all of them -- skynet basically, keeping in its back pocket for blackmail or global takeover purposes?
This is nothing (Score:2)
If you think this is starting to get frightening, imagine the bug list at Microsoft after running an AI audit to Windows code base. I still think this is for the better, but the next year or two will be interesting, to say the least.
General solution (Score:2)
I made this general solution: blacklist all modules except the obvious ones and those loaded on your specific system. ModuleJail. One script which generates one file: /etc/modprobe.d/modulejail-blacklist.conf Easy to understand and manage. GPLv3. Enjoy the upcoming kernel module security discoveries from your lazy chair while the world burns ;) [1]https://github.com/jnuyens/mod... [github.com]
[1] https://github.com/jnuyens/modulejail
Re: (Score:3)
There needs to be a module whitelist, generated from the output of lsmod.
Sooo.... will it work to root android maybe? (Score:2)
Despite the negative sound, these exploits would be extremely useful if at least one of them worked on Android.
Can we use any of them to get root on any unpatched phone?
Re: (Score:3)
DirtyFrag does not work on Android [1]https://github.com/V4bel/dirty... [github.com]
[1] https://github.com/V4bel/dirtyfrag/issues/47#issuecomment-4409540074
Year of the Patch (Score:3)
Patchfest 2026 is going strong.
Re: Year of the Patch (Score:4)
Just the thing to erode public perception of the security of open source operating systems that also don't fit into a master plan of making everyone register themselves for remote identification in some way to "protect young people from harmful content".
Re: (Score:3)
I found that sometime during the pandemic, 3 or 4 years ago, a cold wind blew over open source. When I would suggest to people that such and such open source software would be a viable alternative to whatever Apple or Microsoft software they were using it was met with suspicion and categorically rejected. "I would ONLY use Apple software", "I only trust Apple" was the response. Open source seems to be now perceived as criminal. Ironic really, because some of those same people might buy bitcoin because they