Why Linux keeps getting compromised

Added: 2026-05-20

[00:00:00]As I'm sure you're all aware, there have been a lot of Linux vulnerabilities that have been just popping up left and right super rapidly. I've like it's insane.

[00:00:08]So, I'm going to get into the one that I'm aware of and then I want to give some thoughts on it.

[00:00:13]So, the first and probably most popular vulnerability is copy fail. This is the 700 byt Python script that roots every single Linux distribution since 2017.

[00:00:24]Now, this has been patched. Luckily, it hasn't really been used for anything yet as a real hack because it's a user level script that you would have to first get remote access to someone's computer to run. This is the so-called first domino to fall in this line of scary vulnerabilities. The next one is Dirty Frag. We've probably all heard of this one, too. But this one is a C program that again gives the user direct access to the root user. Now, when this first came out, this was actually not patched.

[00:00:56]There was no patch written for it. They just threw it out there and said, "This is a thing. You have to fix it." Since then, there have been two patches, and for the most part, you should be safe if you updated very very, very recently.

[00:01:07]Which, by the way, you need to update your kernel like instantly. This is a very new thing, even though it's been like a week or two. Um, a lot of people might not know about it, and you know, sometimes people just wait months to update their system. The last vulnerability is called Ragnesia. I think this is yet another C program that also gives you root access to the system that you're on currently. Now, this one is kind of similar to Dirty Frag in that like most of the mitigation of Dirty Frag can kind of also mitigate Fragnesia. And it basically just boils down to very poorly written Linux kernel modules, ESP4, ESP6, and RXRPC. As far as I'm aware, these modules are kind of useless for pretty much everyone except for when you have like that really niche use case. But for most people, you should be able to just get rid of it.

[00:01:52]Personally, this is a really good time to mention that you don't really need to have the entire kernel and all of its modules installed in your system. There are scripts out there and programs that let you basically just configure the kernel to be as minimal as you need it to be in the context of your currently existing hardware. Now, one thing that I really want to stress here is that I'm seeing a lot of AI era software and the fact that these exploits, at least two of them, Copy Fail and Dirty Frag, both were found with various AI vulnerability detection programs, which I think is very interesting because a lot of people really hate on AI and that it's very very warranted for the most part because AI is very flawed and can't really do things properly all the time. But one thing the AI is really good at is finding patterns. In this case, obviously the pattern is that you're able to somehow get root access to a system via some random kernel module.

[00:02:48]And I think this is a really good thing.

[00:02:50]I think that AI in this context is very very useful and more people should be using it to find these kinds of exploits. With moderation, obviously AI is not going to fix all your problems instantly, but it is a really useful tool for finding that lowhanging fruit that is kind of hard to see with the human eye. You know, regardless of all of the information though, one thing remains obviously clear. You need to configure your kernel, bro. It's It's so good. It's so good.