Dirtyfrag: A Universal Linux Local Privilege Escalation, No Patch Yet

Disclosure Without a Patch

A new Linux kernel vulnerability dubbed Dirtyfrag was publicly disclosed after the responsible disclosure process reportedly broke down, meaning no patches and no CVE numbers exist at time of public release. The vulnerability allows unprivileged users to gain root on all major Linux distributions.

How It Works

Dirtyfrag chains two separate kernel flaws. The ESP Path exploits a vulnerability in the ESP (Encapsulating Security Payload) network stack to overwrite the first 160 bytes of /usr/bin/su page cache with a static x86_64 root shell ELF binary, bypassing PAM entirely. The rxrpc Fallback Path exploits an rxrpc/rxkad authentication flaw to patch /etc/passwd, creating an empty password field for the root entry and allowing authentication without credentials via PAM nullok flag.

Immediate Mitigation

Until official patches arrive, disable the vulnerable kernel modules by running:

printf 'install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
' > /etc/modprobe.d/dirtyfrag.conf

Impact

All major distributions including Ubuntu, Debian, Fedora, and Arch Linux are affected. The exploit demonstrates escalation from uid=1000 to root immediately. Linux system administrators should apply the modprobe mitigation now while waiting for kernel patches.

Sciences Hacker News Feb 20, 2026 1 min read

Chrome Stable Update Fixes CVE-2026-2441, With In-the-Wild Exploit Noted

A highly discussed Hacker News post tracked Chrome’s security update for CVE-2026-2441 (High, CSS use-after-free). Google states an exploit exists in the wild and ships patched stable versions across desktop platforms.

#chrome #security #cve

Sciences Reddit 6d ago 1 min read

LLMs Match or Exceed ER Physicians in Diagnostic Tasks, Science Study Finds

A new study published in Science found that a state-of-the-art LLM matched or exceeded human emergency physicians in diagnostic choices, emergency triage, and next-step management decisions using real ER data and hundreds of physician comparisons. Researchers say the results call for collaborative care models, not AI replacement of doctors.

#ai-medicine #healthcare #llm

Sciences Hacker News May 1, 2026 1 min read

One git push was enough: HN reads GitHub CVE-2026-3854 as a trust test

HN did not treat CVE-2026-3854 as just another bug bounty post. What jolted readers was that a normal authenticated git push could be turned into backend code execution, pushing the conversation from exploit technique to platform trust.

#github #security #cve-2026-3854