Feed aggregator

On May 7, Hyunwoo Kim (V4bel) disclosed Dirty Frag — two Linux kernel vulnerabilities (CVE-2026-43284 and CVE-2026-43500) that give unprivileged users deterministic root on most Linux distributions shipped since 2017. Microsoft confirmed active exploitation the next day.

We build declaw.ai — sandboxing infrastructure for AI agents, on Firecracker microVMs. We run untrusted code we don't write and can't predict, so when Dirty Frag dropped our first question was: does our isolation boundary hold? We tested it on a deliberately unpatched kernel. It held. Here's why.

The exploit is a page-cache write primitive: it tricks the kernel into overwriting the in-memory contents of any file (/usr/bin/su, /etc/passwd) and gives root. Fully deterministic, no race.

Why it matters for multi-tenant platforms: the page cache is shared across the whole machine. Containers share the host kernel, and namespace isolation, seccomp, and dropped capabilities are all enforced by that kernel. A kernel exploit doesn't need to escape the container — it operates below the layer where container isolation exists. Same structural issue as Dirty COW (2016) and Dirty Pipe (2022). On the day a zero-day drops, before any patch exists, every container-based sandbox sharing that kernel is exposed. Patching closes the window after the fact; it can't close it in advance.

We ran the public PoC (ESP path, CVE-2026-43284) in two environments.

Test 1 — container sandbox (Docker, seccomp on, unprivileged uid=1001, host kernel 6.8.0): unprivileged user to root in under 2 seconds. Seccomp was active but didn't help — the required syscalls were permitted by the profile. With root we read /etc/shadow, host kernel boot params, and Docker overlay2 paths.

Test 2 — Firecracker microVM (unpatched guest kernel, no seccomp, started as root with full capabilities — intentionally MORE permissive than test 1). The exploit worked inside the guest, but every attempt to reach the host failed: host kernel not visible, host processes invisible (the guest has its own kthreadd/kswapd), all host ports closed, only virtual block devices, no host hardware identity. The page cache it corrupted belongs to the guest's own kernel, mapped to a bounded region of host memory via EPT.

The asymmetry is the point: the microVM started with more privilege than the container and still couldn't reach the host. What matters isn't what permissions the software grants — it's whether the kernel is shared. To escape Firecracker you'd need a bug in the VMM (~50K lines of Rust) or KVM; Google's kvmCTF pays $250K for a guest-to-host escape and only one has ever been publicly demonstrated.

If you run untrusted code multi-tenant, the question for any isolation provider: if code inside the sandbox becomes root, can it reach the host or other tenants? If the answer is "as long as we're patched" — that's the gap.

PoC: https://github.com/V4bel/dirtyfrag Full writeup (commands + output): https://declaw.ai/blog/dirty-frag-microvm-isolation

Comments URL: https://news.ycombinator.com/item?id=48304227

Points: 2

# Comments: 0

Article URL: https://www.youtube.com/watch?v=gb0dY7VyoBg

Comments URL: https://news.ycombinator.com/item?id=48304168

Points: 1

# Comments: 0

Article URL: https://www.kit.edu/kit/english/pi_2025_069_the-spy-who-came-in-from-the-wifi-beware-of-radio-network-surveillance.php

Comments URL: https://news.ycombinator.com/item?id=48304158

Points: 1

# Comments: 0

Article URL: https://github.com/ruvnet/RuView

Comments URL: https://news.ycombinator.com/item?id=48304128

Points: 1

# Comments: 0

A discussion on why, in spite of industry best practices, IT projects are still failing

Article URL: https://hologram.page/blog/hologram-v0-9

Comments URL: https://news.ycombinator.com/item?id=48304073

Points: 1

# Comments: 0

Article URL: https://www.carmagazine.co.uk/car-news/first-official-pictures/byd/2026-dolphin-g/

Comments URL: https://news.ycombinator.com/item?id=48304043

Points: 1

# Comments: 0

I’ve been in the industry for ten years and have been fortunate enough to build up enough savings to where I could work for substantially less than I make now.

I’m so burned out on writing software and the never ending rat race that the industry has evolved into over the years that I’m at peace with quitting to do something part time so that I can focus on doing things just for myself that make me happy and give more of a sense of purpose that I feel is lacking in my life.

Has anyone made a similar transition that can recommend part time jobs to look into?

Comments URL: https://news.ycombinator.com/item?id=48304035

Points: 1

# Comments: 0

Article URL: https://getnable.com/

Comments URL: https://news.ycombinator.com/item?id=48304002

Points: 1

# Comments: 0

Article URL: https://federicobruzzone.github.io/posts/eter/a-friendly-tour-of-substructural-uniqueness-ownership-and-capabilities-types-and-more.html

Comments URL: https://news.ycombinator.com/item?id=48303999

Points: 1

# Comments: 0

Article URL: https://arstechnica.com/information-technology/2026/05/millions-of-ai-agents-imperiled-by-critical-vulnerability-in-open-source-package/

Comments URL: https://news.ycombinator.com/item?id=48303937

Points: 1

# Comments: 0

Article URL: https://twitter.com/HotAisle/status/2059706563665998317

Comments URL: https://news.ycombinator.com/item?id=48303933

Points: 2

# Comments: 0

Article URL: https://arxiv.org/abs/2605.26731

Comments URL: https://news.ycombinator.com/item?id=48303886

Points: 1

# Comments: 0

Here are the answers for The New York Times Mini Crossword for May 28.

Article URL: https://github.com/BurntSushi/biff

Comments URL: https://news.ycombinator.com/item?id=48303881

Points: 2

# Comments: 0

Article URL: https://www.lttlabs.com/articles/2026/05/26/carbice-ice-pads

Comments URL: https://news.ycombinator.com/item?id=48303859

Points: 2

# Comments: 0

Comments URL: https://news.ycombinator.com/item?id=48303837

Points: 4

# Comments: 13

Article URL: https://www.theglobeandmail.com/investing/personal-finance/retirement/article-locked-out-of-the-city-some-young-buyers-are-heading-to-cottage/

Comments URL: https://news.ycombinator.com/item?id=48303834

Points: 1

# Comments: 0

Article URL: https://en.wikipedia.org/wiki/Rinderpest

Comments URL: https://news.ycombinator.com/item?id=48303805

Points: 1

# Comments: 0