{"id":128036,"date":"2026-05-23T12:07:16","date_gmt":"2026-05-23T12:07:16","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2026\/05\/23\/dirty-frag-copy-fail-fragnesia-the-start-of-a-worrisome-linux-security-trend\/"},"modified":"2026-05-23T12:08:16","modified_gmt":"2026-05-23T12:08:16","slug":"dirty-frag-copy-fail-fragnesia-the-start-of-a-worrisome-linux-security-trend","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2026\/05\/23\/dirty-frag-copy-fail-fragnesia-the-start-of-a-worrisome-linux-security-trend\/","title":{"rendered":"Dirty Frag, Copy Fail, Fragnesia: The start of a worrisome Linux security trend"},"content":{"rendered":"

<\/a>\n
<\/p>\n

\n

Safety<\/p>\n

Or is it simply life at this time, with AI continually digging by means of code repositories in the hunt for safety holes?<\/p>\n<\/div>\n

\n

OPINION<\/span>\u00a0Dirty Frag<\/a>, Copy Fail<\/a>, and Fragnesia<\/a> are much less a random cluster of Linux bugs and extra the general public unveiling of how AI instruments can pry open safety holes with only a immediate or two. What in addition they have in widespread is their shared abuse of a core kernel abstraction: The web page cache. What does this imply for you and me? Is that this the rainstorm earlier than a downpour of killer Linux safety issues, or is that this only a bathe? It relies on who you ask.<\/p>\n

No matter else could also be true, these issues have to be addressed. As Igor Seletskiy, CEO of CloudLinux<\/a>, mentioned: “The true story right here is that we sometimes see one or two kernel-level LPE (Linux privilege escalations) vulnerabilities that have an effect on a number of distros\/variations per 12 months. And now we see two such vulnerabilities one week aside. We must always count on this development to proceed for fairly a couple of months, that means corporations may need to reboot servers weekly.”<\/p>\n

Ouch!<\/p>\n

However is that this the beginning of a development? Linus Torvalds, who is aware of a factor or two about Linux, mentioned at Open Source Summit North America<\/a> in Minneapolis that till lately, the kernel neighborhood would quietly notify distributions a few bug and ask them to improve with out detailing the vulnerability, and “more often than not, no one would determine what occurred.” That was then. That is now. With AI\u2011accelerated evaluation, he recalled that “last week, we fixed the bug; within three hours, there was a blog post<\/a> concerning the implications of that bug repair, as a result of safety folks love getting consideration.”<\/p>\n

Because of this sort of factor, Torvalds has modified how the Linux safety neighborhood will take care of AI-discovered safety holes. “AI-detected bugs are pretty much by definition not secret<\/a>, and treating them on some personal listing is a waste of time for everyone concerned \u2013 and solely makes that duplication worse as a result of the reporters cannot even see one another’s experiences.”\u00a0<\/p>\n

As well as, Torvalds added, within the case of AI-discovered bugs, it’s essential to remember that simply “since you discovered it with AI, 100 different folks additionally discovered it with AI.”<\/p>\n

Meaning we’ll hear much more about Linux safety issues. However are they getting worse? I requested Greg Kroah-Hartman, the Linux steady kernel maintainer, and he advised me: “Perhaps? It is arduous to inform; the ‘current’ ones actually are very minor, because the variety of techniques which have ‘untrusted customers’ is just not widespread anymore. I do not see any actual uptick in our precise bug fixes that I can inform.”<\/p>\n

He continued: “We repair bugs like that each day, it is simply the rise of individuals\u00a0eager to ‘title a bug’ and launch a public exploit appears to be all the craze in the mean time.”<\/p>\n

An essential level that Chris Wright, Pink Hat’s CTO, made at Red Hat Summit<\/a>, the week earlier than, is that in “safety, all issues aren’t created equal. There’ll all the time be a spectrum of vulnerabilities that may floor. A few of these can be actually important and we might want to reply in a short time, in order that turns into a transparent precedence. Others can have an extended tail of decrease severity.”\u00a0<\/p>\n

Torvalds additionally added at Open Supply Summit that simply since you learn tales about Linux and AI-discovered bugs, you should not assume the identical factor is not taking place to proprietary software program, reminiscent of Home windows. “When you assume that AI cannot reverse engineer closed supply, you are in for a shock.” In truth, he warned, “closed supply is even worse on this respect, as a result of the AI can’t help you fix those problems<\/a>, however the AI certain can assist discover these issues within the first place.”<\/p>\n

He additionally discouraged safety researchers from publishing working exploits: “With regards to issues that actually are safety points, chances are you’ll not wish to make the exploit public\u2026 Do not be that man who then crows about it publicly and says, ‘Look, I may carry down this massive firm.'”<\/p>\n

Following on this theme, Christopher “CRob” Robinson, chief safety architect for the Open Source Software Foundation (OpenSSF)<\/a>, advised The Register<\/span>\u00a0that due to AI, “roughly 30 p.c of reported Linux safety bugs have been duplicates. That is going to be one other drawback on this AI age, the place all people’s a researcher, proper, with a $20 cloud code account.” That, in flip, will burden already overworked maintainers with yet more patches<\/a> to take care of.<\/p>\n

Linux, Torvalds added, is one thing that its maintainers can deal with. Smaller open supply initiatives, nevertheless, are all too more likely to be overwhelmed.<\/p>\n

The true drawback, based on what the\u00a0Google Threat Intelligence Group<\/a>\u00a0has found, is that the\u00a0mean time to exploit (TTE) for vulnerabilities has continually decreased<\/a>\u00a0“from 63 days in 2018 to -1 day in 2024 and additional downward to an estimated -7 days in 2025. A damaging quantity signifies that exploitation of a vulnerability, on common, occurred earlier than a patch was launched.”<\/p>\n

So what does this imply? Sure, we’ll see much more safety vulnerabilities exhibiting up in Linux and different open supply initiatives. Sure, a few of them can be severe, and all too many can have exploits out earlier than the patches arrive. It is not, nevertheless, that Linux has out of the blue turn into much less safe. It is that AI eyes are a lot better at detecting bugs than human eyes have ever been. We are going to catch up, and AI can assist with that, too.\u00a0<\/p>\n

Within the meantime, system directors and builders must be extra security-conscious than ever earlier than. As Wright advised The Reg<\/span>, it is excessive time we switched from utilizing SELinux<\/a> in permissive to restrictive mode. Implementing strict safety is a ache, however what’s much more of a ache is having to rebuild your containers and servers after a severe assault will get by means of.\u00a0\u00ae<\/p>\n<\/div>\n