Dirty Frag: a zero-day universal Linux LPE

Hyunwoo Kim has announcedthe DirtyFrag security flaw, alocal-privilege-escalation (LPE) vulnerability similar to therecently disclosed Copy Failflaw:

Because the embargo has now been broken, no patches or CVEs exist for these vulnerabilities. After consultation with the linux-distros@vs.openwall.orgmaintainers, and at the maintainers' request, I am publicly releasing this Dirty Frag document.

As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions.

Kim, who discovered the flaw and had attempted a coordinateddisclosure set for May12, has released the code for an exploit, as well as a examplescript to remove the vulnerable modules. A fullwrite-up, with the disclosure timeline, is also available. It'sunknown at this time whether this is an example of parallel discoveryor how the third party was able to disclose it prior to the end of theembargo. We will be following up as more information comes to light.