Dirtyfrag Vulnerability in Linux Kernel Patched in ROSA "Khrom" OS

Russian developer NTC IT "ROSA" has released an update for ROSA "Khrom" 12, ROSA "Khrom" 12 FSTEC, and ROSA "Khrom" 13 operating systems, addressing the Dirtyfrag vulnerability in the Linux kernel.

The update is distributed through the standard ROSA support infrastructure and is installed using the OS's built-in tools. A system reboot is required after installing the patched kernel.

Dirtyfrag belongs to the class of local privilege escalation vulnerabilities, meaning it does not give an attacker remote access to the system "from the internet," but becomes dangerous when an attacker has already gained the ability to execute commands or code as a regular user. In such a case, the vulnerability can be used to escalate to the highest level of privileges and gain full control over the system.

In its practical effect, Dirtyfrag is similar to previously disclosed vulnerabilities of the same class, including Copyfail. NTC IT "ROSA" explained:

In both cases, it's not about initial remote hacking, but about the development of an attack within the system: an attacker who already has limited user access can try to escalate their privileges to root. That's why such vulnerabilities are especially critical for servers, developer workstations, virtualization infrastructure, CI/CD tools, and other systems where user or third-party code is executed.