惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
Docker
Simon Willison's Weblog
Simon Willison's Weblog
H
Help Net Security
F
Fortinet All Blogs
H
Heimdal Security Blog
S
Schneier on Security
L
LangChain Blog
博客园 - Franky
酷 壳 – CoolShell
酷 壳 – CoolShell
NISL@THU
NISL@THU
P
Palo Alto Networks Blog
J
Java Code Geeks
博客园 - 【当耐特】
The Last Watchdog
The Last Watchdog
W
WeLiveSecurity
www.infosecurity-magazine.com
www.infosecurity-magazine.com
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Vulnerabilities – Threatpost
I
InfoQ
Recorded Future
Recorded Future
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
C
CERT Recently Published Vulnerability Notes
T
Tenable Blog
腾讯CDC
C
Check Point Blog
量子位
M
MIT News - Artificial intelligence
GbyAI
GbyAI
罗磊的独立博客
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
B
Blog
小众软件
小众软件
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
CXSECURITY Database RSS Feed - CXSecurity.com
Stack Overflow Blog
Stack Overflow Blog
P
Proofpoint News Feed
P
Privacy & Cybersecurity Law Blog
V2EX - 技术
V2EX - 技术
T
Threatpost
Engineering at Meta
Engineering at Meta
Attack and Defense Labs
Attack and Defense Labs
T
Tailwind CSS Blog
S
Securelist
The Cloudflare Blog
博客园 - 叶小钗
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
爱范儿
爱范儿

TechSpot

Flagship Rematch: Ryzen 7 5800X3D vs. Core i9-12900K Slack chats and internal data from failed startups are finding a second life in AI training A $5 Bluetooth tracker hidden in a postcard exposed a warship's movements Leakers claim PlayStation 6 could offer at least 3x the performance of the PS5 The Mac Mini is no longer a niche product, it's local AI infrastructure IPv6 traffic reaches parity with IPv4 for the first time, Google data shows Xbox expansion cards are now cheaper than SSDs, and PC users are repurposing them Blue Origin prepares to reuse New Glenn booster in bid to challenge SpaceX Nvidia could bring back the 12GB RTX 3060 as supply issues disrupt GPU roadmap What was the first OS you ever used? SNK revives NeoGeo AES with modern upgrades and HDMI support Valve's Proton 11 beta boosts Linux gaming with better performance and classic game support Researchers warn Microsoft Defender vulnerability is already being exploited A four-day Steam freebie turned into $250,000 for an indie game AMD may relaunch Ryzen 7 5800X3D for AM4's 10th anniversary This humanoid robot can almost run as fast as a human sprinter Two New Jersey men jailed for helping North Korean IT workers infiltrate 100+ companies A $7,000 DIY radar project is taking on hardware that usually costs over $100,000 Metro 2039 is going darker than ever, launching this winter on PC and consoles Gemini arrives on macOS with a dedicated desktop app AI infrastructure boom pushes AMD, Intel and Arm to new valuation heights New self-healing material can repair itself over 1,000 times, extend the lifespan of cars and aircraft Japan's bullet train to debut high-tech private cabins, for an added fee Memory card and flash drive pricing surges 120%, with some models spiking 260% Open-source tool decrypts all private data collected by Windows Recall on Copilot PCs The 2026 PC and Console Gaming Report shows most revenue now comes from games outside the Top 20 PureMac is a new open-source macOS cleanup and app removal tool Your Airbnb host might actually be AI Steam might soon display 30-day price history for game deals Intel brings 18A process to budget laptops with new Core Series 3 CPUs How Intel Got Into Trouble: We Test the Last Decade of Intel Flagship CPUs Microsoft counters MacBook Neo with free Game Pass and Office bundle on Windows laptops Popular WordPress plugins backdoored after ownership change, putting thousands of websites at risk Spotify launches physical book sales, expands audiobook features Intel Nova Lake-S is coming after Ryzen APUs with a 16-core iGPU for gamers on a budget Alienware launches $350 QD-OLED monitor with lower brightness to cut costs Recordly brings Screen Studio-style recordings to a free, open-source app Meta doubles down on custom AI chips with Broadcom deal through 2029 Someone finally got an RTX 5090 running on a Mac – no hacks required Will AI agents need to buy their own software licenses? Microsoft sure hopes so Duolingo stops evaluating workers based on how much AI they use Nvidia warranty payouts surged 1,000% last year, not that they can't afford it Nvidia says it's not buying a PC maker, but the idea didn't seem crazy Netgear becomes first router brand exempt from FCC foreign-made ban Google adds Rust to Pixel 10 modem to block attacks at one of Android's weakest points Clicking "reject cookies" might not actually do anything DaVinci Resolve 21 beta adds photo editing and deeper AI integration Malware campaign lures users with fake Windows Update website Apple is testing four smart glasses designs as it prepares to challenge Meta Ray-Bans Amazon purchases Globalstar for $11.6B to expand its low Earth orbit satellite network Capcom's Pragmata earns strong early reviews ahead of release Microsoft is removing 32GB size limit for FAT32 volumes, this time for real Missouri town ousts half of its city council after $6 billion AI data center approval External GPUs were always second best. CopprLink may change that Google will demote websites that hijack your browser's back button Japan finds a way to recover 90% of lithium from old EV batteries Man who vandalized Sam Altman's home claimed AI would end humanity, charged with attempted murder New terahertz technique lets engineers see inside running processors in real time Microsoft just made its Surface laptops a lot more expensive Shipping records suggest Valve will launch the Steam Controller before the Steam Machine This 3D-printed 15-fan side panel drops CPU temps by 20 degrees Rockstar Games hit with ransom demand after third-party data breach Blu-ray lives on as Verbatim and I-O Data pledge support with new drives and discs The software that landed Apollo 11 on the moon is now free online Metal Gear Solid movie is back on track with new directors Anti-data center vote in Wisconsin puts future AI projects on notice Mozilla says Microsoft is using Copilot and Edge to tighten its grip on Windows Gmail encryption goes mobile, but email itself remains the weak link France starts moving government systems from Windows to Linux xAI sues Colorado over AI law, calling it a threat to free speech Florida launches probe into OpenAI as company eyes massive IPO South Korea moves to curb the meteoritic rise of DRAM and PC hardware prices Keychron shares 3D keyboard blueprints on GitHub, opening hardware to modders Nvidia's mythical N1 SoC surfaces on a real motherboard, and it's packing 128GB of LPDDR5X Tesla is working on a smaller, cheaper electric SUV DDR5 prices drop nearly 30%, but memory costs are still far from normal Amazon laid off 30,000 workers while CEO Andy Jassy got a 30% pay bump FBI recovers "deleted" Signal messages through iPhone notifications PC market posts modest growth in early 2026 despite memory shortages and economic strain TikTok star Khaby Lame's $975 million deal is raising serious red flags VeraCrypt, WireGuard among projects disrupted by Microsoft account suspensions Microsoft OneDrive users report mysterious spam files that won't go away Intel tops $300 billion market cap for the first time since the dot-com boom The cables powering the internet are under the ocean – and under threat A version of Windows 10 released a decade ago is now eligible for additional security patches Iran-linked hackers are now targeting industrial controllers in US infrastructure Hackers are turning home routers into tools to spy on Microsoft 365 users A weird macOS bug is blocking new network connections after 49 days of uptime NIH study identifies experimental opioid with strong pain relief and lower addiction risk SanDisk's new 2TB SD card costs $2,000, and it's not even the fastest option Ohio man pleads guilty in first case under federal law banning AI deepfakes John Deere will pay $99 million in right-to-repair lawsuit, but admits nothing Tech layoffs are piling up: 80,000 jobs cut in early 2026, and AI is getting the blame Greece to ban social media for children under 15 starting next year New report revives theory that cryptographer Adam Back could be Bitcoin creator Satoshi Nakamoto Anthropic just lost another round in its fight with the Pentagon Some Windows 3.1 apps were simply "too evil" for Windows 95 to support, says Microsoft veteran AMD confirms Ryzen 9 9950X3D2 priced at $899 German police identify REvil and GandCrab mastermind now living in Russia After Wi-Fi 7's Speed Push, Wi-Fi 8 Is Turning to Reliability
Newly disclosed "Dirty Frag" vulnerability left Linux exposed for nearly a decade
Alfonso Maruccia · 2026-05-12 · via TechSpot

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

Facepalm: The open-source community is once again facing a major security incident tied to an "unprecedented" vulnerability. The new flaw could give attackers a reliable way to escalate user privileges, and no patch is available yet. Fortunately, the mitigation process is relatively straightforward. Still, kernel developers are already growing frustrated with the seemingly endless stream of critical bugs.

Hyunwoo Kim, also known as "V4bel," recently disclosed "Dirty Frag," a dangerous security vulnerability that provides local attackers with root access on Linux-based systems. All major – and likely many minor – Linux distributions are affected by the issue, which currently can only be mitigated because no patch is available yet. In fact, Kim had planned to disclose the bug at a later date, but someone intervened and forced the issue into the open before fixes could be prepared.

Dirty Frag is the second critical Linux root exploit disclosed in two weeks, affecting Ubuntu, RHEL, Fedora, openSUSE, and most other major distributions.

Dirty Frag is a universal local privilege escalation vulnerability that belongs to the same class as Dirty Pipe and the recently disclosed Copy Fail, V4bel explained. The exploit chains together two separate vulnerabilities – xfrm-ESP Page-Cache Write (CVE-2026-43284) and RxRPC Page-Cache Write (CVE-2026-43500) – to create a deterministic exploitation method that does not crash the kernel and has a high success rate.

Dirty Frag has existed in the Linux kernel for at least nine years, as the xfrm-ESP Page-Cache Write vulnerability was first introduced in 2017. V4bel successfully tested the exploit on recent versions of Ubuntu Linux, RHEL, openSUSE Tumbleweed, CentOS Stream, AlmaLinux, and Fedora. Most modern Linux distributions are likely affected by the issue.

– V4bel (@v4bel) May 7, 2026

After discovering Dirty Frag, Hyunwoo Kim was reportedly working with Linux developers to fix the issue before publicly disclosing it. However, an unnamed third party published a working proof of concept earlier than anticipated, forcing the researcher to disclose the vulnerability more than a month ahead of schedule.

Dirty Frag has yet to receive an official tracking CVE, but the Linux community is already scrambling to mitigate the issue. The vulnerability can be neutralized with a single console command that removes the vulnerable esp4, esp6, and rxrpc modules from the kernel. However, the mitigation also disables functionality related to IPsec-based VPN services and the AFS distributed file system.

In his detailed write-up, V4bel also shared code designed to fully neutralize Dirty Frag within the affected cryptographic modules. The researcher warned that even after applying mitigations for Copy Fail, the Linux kernel remains vulnerable to Dirty Frag until additional countermeasures – either mitigations or a full patch – are implemented.

Major kernel-level security vulnerabilities are appearing at an increasingly alarming pace, and Linux maintainers are now working on a significant change aimed at reducing the window of exploitability. Kernel developers are proposing a "Killswitch" feature that would temporarily disable specific kernel functions affected by critical flaws, giving system administrators a way to keep systems – and businesses – running while proper patches are developed.