Dirty Frag Linux Vulnerability Raises New Root Access Risks

For the second time in two weeks, a significant privilege escalation vulnerability has been discovered in Linux.

The vulnerability known as “Dirty Frag” enables escalation from an unprivileged user to root through vulnerable kernel networking and memory-fragment handling components, according to the Microsoft Defender Security Research Team.

An attacker with root access to a system has free rein to do anything the operating system allows. “Root on a Linux server changes the character of an incident entirely,” said Jacob Krell, senior director for secure AI solutions and cybersecurity at Suzu Labs, in Las Vegas, a provider of AI-powered cybersecurity services.

“An attacker moves from limited access to full control, gaining the ability to tamper with security tooling and logs while using the host as a launching point for deeper compromise,” he told LinuxInsider. “The question stops being whether the host was vulnerable and becomes whether the organization can still trust what that host is telling them.”

“The vulnerability is going to be used in conjunction with anything that gives an attacker an initial foothold,” added Ben Ronallo, principal cybersecurity engineer at Black Duck Software, an applications security company in Burlington, Mass.