Hello and welcome to the Monday, May 11th, 2026 edition of the Sands Internet Stormsioners, Stormcast.

My name is Johannes Ulrich, recording you today from San Diego, California.

And today's episode is brought you by the Sands.edu undercredit certificate program in Applied Cybersecurity Security.

Yes, and once people start looking for a certain type of flaw, well, we of course get more and more of them in the news.

We now have a second Linux approach escalation vulnerability

that again affects pretty much any Linux distribution out there going back to 2017.

So about nine years back, which pretty much covers everything at this point.

The problem with this vulnerability is again a kernel driver,

just like what we had with copy fail.

Actually, there are some similarities with this copy fail vulnerability.

This one has its own name, its own logo, dirty frag,

and this vulnerability relies on two different vulnerable kernel modules.

So both must be present in order for the vulnerability to be exploited.

One is the RPCRX module.

This module is used for some file systems like AFS, for example, the AFS implementation for Linux does use the RPCRX module.

The second module is actually really two, but either one works.

ESP 4 and 6.

Well, they're part of the ESP protocol, so IPSEC.

In my opinion, it's probably safer to disable the ESP modules.

You can just unload them and with that prevent exploitation.

Just because it's easier to figure out if you're using IPSEC or not,

while the RPCAX module could be a little bit more difficult to figure out if you're using IPSEC or not, while the RPCAX module could be a

...