| AT2k Design BBS's VADV-PHP Home |
|
|
AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages! You are not logged in. Login here for full access privileges. |
| Previous Message | Next Message | Back to Computer Support/Help/Discussion... <-- <--- | Return to Home Page |
|
||||||
| From | To | Subject | Date/Time | |||
|
LWN.net | All | Yet another Dirty Frag type vulnerability: Fragnesia |
May 14, 2026 6:40 AM * |
||
Sam James has sent an announcement to the OSS Security mailing list about another local-privilege-escalation (LPE) exploit in the same class as Dirty Frag, called "Fragnesia". From the disclosure: This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag. It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes into the kernel page cache of read-only files, without requiring any race condition. James noted that there is a patch in the works, but it has not yet been pulled into Linus Torvalds's tree nor into any of the stable kernels. A proof of concept exploit is also available. https://lwn.net/Articles/1072647/ --- SBBSecho 3.37-Linux * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24) |
||||||
|
||||||
Computer Support/Help/Discussion... 
| Previous Message | Next Message | Back to Computer Support/Help/Discussion... <-- <--- | Return to Home Page |
Execution Time: 0.0132 seconds If you experience any problems with this website or need help, contact the webmaster. VADV-PHP Copyright © 2002-2026 Steve Winn, Aspect Technologies. All Rights Reserved. Virtual Advanced Copyright © 1995-1997 Roland De Graaf. |