"Dirty Frag" (CVE-2026-43284): The Second Linux Root Exploit in Eight Days

tuwtuwtuwtuw

> the attacker does not need to break in remotely. The danger is that once an attacker gets in — through a vulnerable WordPress plugin, a web shell, weak SSH credentials, or a compromised container This part I don't understand. Wouldn't the attacker need to break in remotely? Ö

serious_angel

Nothing surprising there, even if 50 issues will be found in a month, since there exists more advanced relativity-based automation features as LLM. It's easier to attack a solution with its source code available, and with an LLM trained on existing vulnerabilities found, and some datacenters/funding available, et voila, you have a system set to reveal flaws in already awesome projects, to be fixed. This is normal. You just need power, and time. And there must be more found but left undisclosed, for better times, strategic 0days etc. Who has such power, and funding? Is it possible Linux competitors do pay enthusiasts to attack, reveal, and damage reputation? What if someone who has funding and time, would try attacking their closed source code instead? Regardless, I wish them safety and peace, too.

pbowyer

Previously covered at https://news.ycombinator.com/item?id=48053623

stefan_

Slop blogspam summary. Even before everyone lost their mind to Mythos and other IPO bait, local privilege escalations in Linux were a dime a dozen (not always as universally exploitable, but plenty).

panny

This means Linux is getting better faster than alternatives :) With many eyes, all bugs are shallow, and now there are nearly infinite AEyes looking at the source code. In a year, Linux will be the most bulletproof operating system ever.

NooneAtAll3

Time to port everything to RedoxOS? =)