A critical nine-year-old zero-day vulnerability dubbed Dirty Frag allows attackers to gain full root privileges on major Linux distributions with a single command. The flaw impacts industry standards including Ubuntu, Red Hat Enterprise Linux (RHEL), CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora. While a CVE number has not yet been assigned, the exploit targets the Linux kernel's handling of packet fragmentation, making it a high-priority threat for system administrators.
Security researchers indicate that the vulnerability can be temporarily mitigated by removing the esp4, esp6, and rxrpc modules. However, this fix comes with significant trade-offs: it will immediately break IPsec VPNs and AFS distributed network file systems. This disclosure arrives at a particularly difficult time for the Linux ecosystem, as maintainers are still scrambling to patch Copy Fail, another privilege escalation flaw currently being exploited in the wild.
