Dirtyfrag: Universal Linux LPE

Hi, This is a report on “Dirty Frag”, a universal LPE that allows obtaining root privileges on all major distributions. This vulnerability has a similar impact to the previous Copy Fail. Because the embargo has now been broken, no patches or CVEs exist for these vulnerabilities.

大家好，这是一份关于“Dirty Frag”的报告。这是一个通用的本地提权（LPE）漏洞，允许在所有主流发行版上获取 root 权限。该漏洞的影响与之前的“Copy Fail”类似。由于披露禁令（embargo）现已被打破，目前针对这些漏洞尚无补丁或 CVE 编号。

After consultation with the linux-distros@…openwall.org maintainers, and at the maintainers’ request, I am publicly releasing this Dirty Frag document. As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions, and it chains two separate vulnerabilities.

在与 linux-distros@…openwall.org 的维护者协商后，应维护者的要求，我现公开这份 Dirty Frag 文档。与之前的 Copy Fail 漏洞一样，Dirty Frag 同样允许在所有主流发行版上立即进行 root 权限提升，它通过串联两个独立的漏洞来实现。

Because the responsible disclosure schedule and embargo have been broken, no patches exist for any distribution. Use the following command to remove the modules in which the vulnerabilities occur:

由于负责任的披露时间表和禁令已被打破，目前没有任何发行版提供补丁。请使用以下命令移除存在漏洞的模块：

sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"

For detailed technical information about the vulnerabilities and the reason the embargo was broken, please check https://dirtyfrag.io.

有关漏洞的详细技术信息以及禁令被打破的原因，请访问 https://dirtyfrag.io。