Linux bitten by second severe vulnerability in as many weeks
Production-version patches are coming online and should be installed pronto.
Signal weather
Rising
Momentum is building quickly, so this card is a good early entry point into the topic.
Linux users have been bitten by yet another vulnerability that gives containers and untrusted users the ability to gain root access, marking the second time in as many weeks that a severe threat has caught defenders off guard. The threat, known as Dirty Frag, allows low-privilege users, including those using virtual machines, to gain root control of servers. Attacks are particularly suitable in shared environments, where a server is used by multiple parties. Hackers can also gain root as long as they have access to a separate exploit that gives a toehold into a machine. Exploit code was leaked online three days ago and works reliably across virtually all Linux distributions. Microsoft has said it has spotted signs that hackers are experimenting with Dirty Frag in the wild. Immediate and significant threat The leaked exploit is deterministic, meaning it works precisely the same way each time it’s run and across different Linux distributions. It causes no crashes, making it stealthy to run. A vulnerability known as Copy Fail, disclosed last week with no patches available to end users, possesses the same characteristics. Read full article Comments
Stay on the signal
Follow Linux bitten by second severe vulnerability in as many weeks
Follow this story beyond a single article: new follow-ups, adjacent sources, and the evolving storyline.
Story map
Understand this topic fast
A quick entry into the story: why it matters now, who is involved, and where to go next for context.
Why it matters now
Topic constellation
Open the live map for this story
See which entities, story threads, sources, and follow-up articles shape this story right now.
Click nodes to continue
Story timeline
Continue with this story
A short sequence of events and follow-up stories to understand the arc quickly.
How reliable this looks
Signal and trust for Ars Technica
This source works at a rapid pace: 100% of recent stories land in the hot window, and 0% carry visible search signal.
Reliability
92
Freshness
100
Sources in storyline
2
Related articles
More stories that share tags, source, or category context.
After banning foreign routers, FCC says existing ones can get updates until 2029
FCC extends waiver allowing routers and drones to get patches for two more years.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Data center guzzled 30 million gallons of water and nobody noticed for months
Can AI save us from the AI industry’s endless thirst for water? Outlook not so good.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Linux Terminal Memory Usage
Comments
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Passengers from hantavirus ship arrive in US; 3 people in biocontainment
A US passenger tested "mildly positive," but WHO is calling it "inconclusive" for now.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
More from Ars Technica
Fresh reporting and follow-up coverage from the same newsroom.
Audi has a new Q9 flagship coming soon: Here's its interior
Audi made sure to consult American tastes for its first full-size SUV.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
After banning foreign routers, FCC says existing ones can get updates until 2029
FCC extends waiver allowing routers and drones to get patches for two more years.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Data center guzzled 30 million gallons of water and nobody noticed for months
Can AI save us from the AI industry’s endless thirst for water? Outlook not so good.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Passengers from hantavirus ship arrive in US; 3 people in biocontainment
A US passenger tested "mildly positive," but WHO is calling it "inconclusive" for now.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.