Follow ZDNET: Add us as a favorite source On Google.
ZDNET Highlights
- Another nasty Linux kernel bug has surfaced.
- Fragnesia can grant root powers to unauthorized users.
- More open-source security bugs are likely to come.
according to Linus’s law“Given enough attention, all bugs are shallow,” is fundamental to open source.
Unfortunately, thanks to AI bug-finding tools such as cloud mythos And OpenAI DaybreakThere are AI engines behind most of them, and they are proving to be much faster at finding security problems than human errors.
Too: Linux is getting a security warning – why it was inevitable and I’m not worried
So this is the latest serious Linux kernel vulnerability, FragnesiaHas emerged. This is the third serious local origin fault in the last two weeks.
Fragnesia takes root in all major distributions
Following in the footsteps of Copy Fail and Dirty Frag, this page-cache corruption bug gives disadvantaged users a reliable path to full root control on affected systems. And what are those systems, you ask? According to AlmaLinux, Fragonia quickly takes root in all major distributions. So, basically, All Linux distros can be targeted and successfully hacked. Are we still having fun or what?
Too: Dirty Frag is a new Linux bug that’s putting your system at risk – and there’s no easy solution yet
The bug was revealed this week by AI Security Company ZelikWilliam Bowling and other researchers are using the company AI-Agent Software Auditing Tool, v12. It works by abusing a logic bug in Linux XFRM (short for “transform”) esp-in-tcp Subsystem for writing arbitrary bytes to the kernel page cache of read-only files, without requiring any race conditions.
it Local privilege opens the door to growth And potentially container runs in a multi-tenant environment.
Unlike classic race-condition exploits, these vulnerabilities allow attackers to precisely corrupt file-backed pages without timing tricks, making attacks more reliable and easier to weaponize once proof-of-concept code is available.
Proof of concept exploitation exists
Speaking of which, there already exists a proof-of-concept exploit. This creates a 256-entry lookup table that maps all possible keystream bytes to their corresponding non. The attack then copies a malicious payload, which overwrites the first 192 bytes of the switch user command in the page cache with a short ELF stub that calls setresuid and calls a shell.
In other words, for those of you who are not Linux experts, this will immediately drop the attacker into a root shell.
This is bad, bad news. This means that a local user can obtain superuser (root) privileges. red hat gives it a common vulnerability scoring system (CVSS) score 7.8Which makes it a high-level security bug.
Too: This critical Linux vulnerability is putting millions of systems at risk – how to protect yourself
Just as bad, while Fragnesia is technically a local privilege-escalation bug, its impact increases dramatically in modern cloud architectures that run large numbers of untrusted containers on a shared Linux kernel.
Here, if an attacker can run code in a container or restricted user account but still own the namespace and network stack, that person can gain full root access on the host and attack other users’ virtual machines (VMs) or containers from there.
How to Prune Fragnesia
Kernel developers and distribution maintainers are now working to harden the ESP-in-TCP code path, with proposed improvements focused on eliminating in-place changes on shared, file-backed pages and tightening segment management. an upstream Patch to cure Fragonia Now available. But as of May 13, it is not currently shipping in any distro.
Too: Immutable Linux Offers Serious Security – Here Are Your 5 Best Options
In the meantime, you can mitigate this by running the following commands as root:
# rmmod esp4 esp6 rxrpc
# printf ‘esp4 install /bin/falsenesp6 /bin/false installnrxrpc /bin/false installn’ > /etc/modprobe.d/fragnesia.conf
However, if you do this, you will also be out ipsecWhich means your Linux Virtual Private Network (VPN) will not work. happy Happy joy joy.
Instead, you can According to Red Hat, run the following command as root: :
# echo “user.max_user_namespaces=0” > /etc/sysctl.d/dirtyfrag.conf sysctl –system
However, there’s another problem here: it disables untested user namespaces, which can also affect rootless containers, sandbox browsers, and Flatpak.
Too: Nearly Half of Cybersecurity Professionals Want to Leave a Job – Here’s Why
It’s always something!
Wait for your distro to distribute the patch
You would be better off waiting for the patch to be distributed by your distro. I know most major distros are already beta-testing patches, and I wouldn’t be surprised if patched Linux kernels are available by May 14th. Come that day, you should patch your system as quickly as possible.
Why is this happening?
I’ll go into more detail later, but for now suffice it to say that Chris Wright, Red Hat’s CTO, and I talked about this issue earlier today, and it’s significantly better than our AI fault detectors, which were even better at finding actual bugs a few weeks ago.
That means:
- We can expect many more such security flaws to be discovered in the next few months.
- We have to be very quick to fix bugs when we find them.
Too: Apple, Google and Microsoft join forces with Anthropic’s Project Glasswing to protect the world’s most critical software
By the way, this is not a problem exclusive to Linux. This is troublesome for all open-source software, and as AI gets better at reverse-engineering binary code, Windows and other proprietary software developers will also need to upgrade their repair skills.
