https://lawrence.video/

Forum post
https://forums.lawrencesystems.com/t/how-linux-dirty-frags-works-and-mitigations/26752/2


Connect With Us
---------------------------------------------------  
+ Hire Us for a project: https://lawrencesystems.com/hire-us/
+ Toms' Twitter 🐦 https://twitter.com/TomLawrenceTech
+ Our Website https://www.lawrencesystems.com/
+ Our Forums https://forums.lawrencesystems.com/
+ Instagram https://www.instagram.com/lawrencesystems/
+ Facebook https://www.facebook.com/Lawrencesystems/
+ GitHub https://github.com/lawrencesystems/


Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 https://lawrence.video/swag/


AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 https://www.amazon.com/shop/lawrencesystemspcpickup

UniFi Affiliate Link
🛒 https://lawrence.video/unifi-affiliate

All Of Our Affiliates help us out and can get you discounts!
🛒 https://lawrencesystems.com/partners-we-love/

Gear we use on Kit 
🛒 https://kit.co/lawrencesystems

Use OfferCode LTSERVICES to get 10% off your order at
🛒 https://www.techsupplydirect.com?aff=2

Digital Ocean Offer Code
🛒 https://m.do.co/c/85de8d181725

HostiFi UniFi Cloud Hosting Service
🛒 https://hostifi.net/?via=lawrencesystems

Protect your privacy with a VPN from Private Internet Access
🛒 https://www.privateinternetaccess.com/pages/buy-vpn/LRNSYS

Patreon
💰 https://www.patreon.com/lawrencesystems
Chapters
00:00 - What is Dirty Frag and why it matters
00:08 - Bug class context: Dirty Pipe and Copy Fail
00:11 - Current patch status as of May 8, 2026
00:18 - Test system: Debian 13 Trixie fully patched
00:25 - No updates available, confirming unpatched state
00:36 - Running the exploit as unprivileged user
00:53 - Exploit succeeds, we are now root
01:03 - Forum write-up and CVE links overview
01:35 - Impact table: who is affected by the mitigation
01:54 - Risk model: local privilege escalation explained
02:20 - Running the mitigation command
02:37 - Exploit fails after mitigation applied
02:57 - Distro advisories: Ubuntu, Red Hat, AlmaLinux, CloudLinux, AWS
03:11 - How the embargo broke: Copy Fail 2 Electric Boogaloo
03:30 - Reverse engineering from kernel mailing list patch
03:49 - Where to find the forum post and distro links

Lawrence Systems

Dirty Frag is a Linux local privilege escalation exploit that chains two kernel vulnerabilities to achieve root access on most current Linux distributions, including fully patched Debian 13 Trixie. As of early May 2026, no official patches exist yet for most distros. A live demo shows the exploit gaining root in seconds. The primary focus is on mitigation: disabling the specific kernel modules being exploited via a shell command, which immediately blocks the attack. Risks of the mitigation are discussed, particularly for users running IPSec VPNs. Links to advisories from Ubuntu, Red Hat, Alma Linux, and others are provided. The vulnerability is a local privilege escalation, meaning an attacker must already have local user access, reducing risk for single-user or admin-only systems.

Dirty Frag: The Linux Zero-Day Getting Root on Every Major Distro (Demo + Mitigation)