Dirty Frag is a local privilege escalation (LPE) vulnerability that allows a local user to escalate their privileges to root.  It was publicly disclosed on May 7 after the vulnerability’s embargo was broken by an unrelated third party. On May 8, a proof-of-concept was released alongside technical details and a timeline of the disclosure events. 

While no CVEs were available at the time of public disclosure, as of May 8, two CVE identifiers have been released to address the two vulnerabilities which encompass Dirty Frag.

According to the exploit details that have been released, two vulnerabilities are chained in order to craft the exploit. xfrm-ESP Page-Cache Write provided a 4-byte STORE primitive and RxRPC Page-Cache Write provides the privilege to create the namespace. By chaining these two vulnerabilities, root privileges can be obtained on nearly all major Linux distributions.

Several Linux distributions are beginning to publish security advisories and patches, while others are expected to release updates soon.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.