Patch [FIX] Tuesday – [Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31

Breaking from the normal Patch Tuesday cadence for an emergency drop. On May 7, security researcher Hyunwoo Kim published a working proof-of-concept for DirtyFrag - a Linux kernel local privilege escalation chain that gets unprivileged users to root on every major distribution. The embargo was broken by a third party before distribution backports were ready, so the exploit is public and the patch is not.

CTO Jason Kikta and Landon Miles walk through what makes DirtyFrag different from the Copy Fail mitigation many teams already deployed (spoiler: the CopyFail mitigation does NOT cover this), why AWS is calling it a class rather than a single CVE, and the five kernel modules you need to block right now: esp4, esp6, ipcomp4, ipcomp6, and rxrpc.

In this episode:

Why the embargo break matters and what changed on May 7
How DirtyFrag chains CVE-2026-43284 and CVE-2026-43500 to defeat both Ubuntu's namespace policy and the absence of rxrpc.ko on other distros
Why this is the third generation of a bug class (DirtyPipe → Copy Fail → DirtyFrag) and what that means for what comes next
The Automox Worklet that mitigates both arms across your Linux fleet, and what it deliberately does not do
Tested affected platforms: Ubuntu 24.04, RHEL 10.1, AlmaLinux 10, CentOS Stream 10, openSUSE Tumbleweed, Fedora 44

Back to the regular Patch Tuesday schedule next week.

Links:

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(220)

Patch [FIX] Tuesday – [AI Hits the Hat Trick], Ep. 32

The May 2026 Microsoft Patch Tuesday release looks quiet on the surface – no actively exploited zero-days, no public disclosures at release, and a CVE count below the four-month average. Don't let tha...

12 Mai 34min

Autonomous IT, Live! The Math of Modern Attacks, E07

In this episode of Autonomous IT, Live!, we break down the widening gap between exploitation speed and remediation reality. Disclosed vulnerabilities keep climbing, exploitation windows keep shrinking...

28 Apr 33min

Secure IT – Claude Mythos: AI Vulnerability Hype vs. Evidence, E23

Claude Mythos dominated the AI security conversation for two weeks straight, from the Cloud Security Alliance's strategy briefing to sharp public skepticism to yesterday's Bloomberg report that unauth...

23 Apr 7min

Patch [FIX] Tuesday – April 2026 [Double Feature: SQL Another Day + XSS Never Dies], E30

This month's Patch Tuesday drops a SQL Server elevation of privilege that hands attackers sysadmin access and an actively exploited SharePoint XSS flaw that requires no authentication. SQL injection i...

14 Apr 8min

Automox Insiders – The Magic of Automox: Emily Pace on Building Smarter IT Tools, E11

In this episode of IT Insiders, Maddie Regis speaks with Emily Pace, a Senior Product Manager at Automox. Emily shares her career journey, her role in product management, and the collaborative environ...

9 Apr 14min

Product Talk – From Click to Fix: Bringing Automox Actions to Zendesk, E25

What if your IT team could troubleshoot and remediate endpoint issues without ever leaving their service desk? In this episode, Steph Rizzuto and Katherine Chipdey break down the new Automox + Zendesk...

2 Apr 19min

Automox Insiders – Tidy Endpoints, Tidy Mind: Spring Cleaning with Adam Whitman, E17

In this episode of Automox Insiders, host Maddie Regis chats with Adam Whitman, Manager of Solutions Engineering at Automox, about all things IT spring cleaning. From patch management and software aud...

31 Mar 13min