Hyunwoo Kim has announced
the Dirty
Frag security flaw, a
local-privilege-escalation (LPE) vulnerability similar to the
recently disclosed Copy Fail
flaw:

Because the embargo has now been broken, no patches or CVEs exist for
these vulnerabilities. After consultation with the linux-distros@vs.openwall.org
maintainers, and at the maintainers' request, I am publicly releasing this Dirty Frag document.

As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions.

Kim, who discovered the flaw and had attempted a coordinated
disclosure set for May 12, has released the code for an exploit, as well as a example
script to remove the vulnerable modules. A full
write-up, with the disclosure timeline, is also available. It's
unknown at this time whether this is an example of parallel discovery
or how the third party was able to disclose it prior to the end of the
embargo. We will be following up as more information comes to light.

https://lwn.net/Articles/1071719/
--- SBBSecho 3.37-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)