Me encontraba revisando una barrera de bots que estoy haciendo cuando descubro que salió una segunda vulnerabilidad de linux hoy similar a copy fail.
Copiado de slashdot.
New Linux ‘Dirty Frag’ Zero-Day Gives Root On All Major Distros (bleepingcomputer.com)6
Posted by BeauHD on Friday May 08, 2026 @05:00PM from the here-we-go-again dept.
mrspoonsi shares a report:
Dirty Frag is a vulnerability class, first discovered and reported by Hyunwoo Kim (@v4bel), that can obtain root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability. Dirty Frag extends the bug class to which Dirty Pipe and Copy Fail belong. Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is very high. Because the embargo has been broken, no patch or CVE currently exists.
“As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions, and it chains two separate vulnerabilities,” Kim said. Detailed technical information can be found here.BleepingComputer notes that the two vulnerabilities chained by Dirty Frag are “now tracked under the following CVE IDs: the xfrm-ESP one was assigned CVE-2026-43284, and the RxRPC isye is now CVE-2026-43500.”
Que significa esto ? a sacar respaldos de servidores y borrar el que acabo de crear para los wordpress.
Por eso debes ver noticias constantemente aunque algunos se enojen. Es tu trabajo.
Evidentemente luego pongo imagen, nos vemos el lunes.
