New widespread Linux Kernel Vulnerability "Dirty Frag" - CVE yet to be assigned.

[Jean-Pierre White]

A new vulnerability has been detected in the Linux Kernel. It's referred to as "Dirty Frag"

It is a similar exploit like Copy Fail that hit last week and is the result of AI scanning tools finding holes in software like its made of Swiss Cheese.

There are no upstream fixes coming our way. Somebody boo boo'd and released details before it could be patched.

Mitigation:

A video explaining which modules to disable to defeat this vulnerabiiity until a patch can be developed is linked below.

https://www.youtube.com/watch?v=Q6gdCTNI4mo 

I doubt this is the last of this type of vulnerability we'll be dealing with.

[Kent Perrier]

It does have a CVE number now. At lease Red Hat has assigned one: https://access.redhat.com/security/cve/cve-2026-43284 

This is a more generalized attack against the same issue that Copy-Fail used. Similar to Meltdown-Spectre there will probably be more CVEs that get created while the general cause of these issues is addressed. 

May we live in interesting times, indeed.

Kent

--
--
You received this message because you are subscribed to the Google Groups "NLUG" group.
To post to this group, send email to nlug...@googlegroups.com
To unsubscribe from this group, send email to nlug-talk+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en

---
You received this message because you are subscribed to the Google Groups "NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nlug-talk+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/nlug-talk/1833a17d-f83d-4da0-bb77-01b9ba813231n%40googlegroups.com.