Dirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public.
Security researchers have disclosed a new unpatched vulnerability in the Linux kernel, code-named Dirty Frag, that allows an unprivileged local user to gain full root access on most major Linux distributions, including Ubuntu, RHEL, Fedora, AlmaLinux, and CentOS Stream.
Dirty Frag is related to the Dirty Pipe family of vulnerabilities but is independent of the Copy Fail mitigation, meaning systems that already applied the algif_aead blacklist remain fully exposed.
“[the flaw] can obtain root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability.” reads the advisory. “Dirty Frag is a case that extends the bug class to which Dirty Pipe and Copy Fail belong. Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is very high.”
The vulnerability chains two separate flaws. The first is the xfrm-ESP Page-Cache Write bug, rooted in the Linux IPsec subsystem and introduced in a January 2017 source code commit, the same commit responsible for CVE-2022-27666, a buffer overflow affecting multiple Linux distributions. The second is the RxRPC Page-Cache Write bug, introduced in June 2023. Neither flaw alone is sufficient on all systems, but together they cover each other’s blind spots: where one path is blocked by the environment, such as Ubuntu’s AppArmor restrictions on namespace creation, the other opens. The chain is what makes Dirty Frag universally dangerous across distributions.
“What both vulnerabilities have in common is that, on a zero-copy send path where splice() plants a reference to a page cache page that the attacker only has read access to into the frag slot of the sender side skb as is, the receiver side kernel code performs in-place crypto on top of that frag.” reads the analysis. “As a result, the page cache of files that an unprivileged user only has read access to (such as /etc/passwd or /usr/bin/su) is modified in RAM, and every subsequent read sees the modified copy.”
What makes Dirty Frag particularly dangerous is its reliability. Unlike many kernel exploits that depend on precise timing windows or race conditions, this is a deterministic logic bug. It doesn’t panic the kernel on failure, and its success rate is described as very high. A working proof-of-concept is already public, reducing exploitation to a single command.
The disclosure itself was complicated: the embargo broke early after a third party published detailed technical information and the exploit code without coordination. No CVE identifier has been assigned yet.
“Chaining the two variants makes the blind spots cover each other. In an environment where user namespace creation is allowed, the ESP exploit runs first. Conversely, on Ubuntu where user namespace creation is blocked but rxrpc.ko is built, the RxRPC exploit works” concludes the report.
Until official patches are available, the recommended workaround is to blocklist the esp4, esp6, and rxrpc kernel modules to prevent them from loading.
Most of the time your NAS is sitting on the shelf, quietly storing whatever files you send to it. However, most NASes can do more than just back up your data, especially if they have free USB ports. These are some helpful ways you can get some extra use out of your NAS.
Use an external drive for real backups
Not all backups should live inside your NAS
It is tempting to look at your expensive NAS and think that it is all the backup solution you need. Unfortunately, it isn’t.
Proper mirroring, like you can get through RAID, can protect against a single disk failure, but it does nothing to protect you against accidental deletions, ransomware, file corruption or a catastrophic event, like a tumble off a shelf.
When all of your backups rely on a single system in one location, you’re setting yourself up for failure.
That is where your NAS’s USB port comes in. If you plug in an external drive into your NAS to create another backup, you get a true, isolated backup. Most NAS operating systems make this easy: just schedule jobs to copy important files over whenever the drive is connected.
Quiz
8 Questions · Test Your Knowledge
Network Attached Storage (NAS)
From basement file servers to enterprise data vaults — test how much you really know about NAS technology.
HistoryHardwareUse CasesProtocolsSecurity
Which company is widely credited with introducing one of the first commercially successful NAS appliances in the early 1990s?
Correct! Auspex Systems released the NS3000 in 1989, widely regarded as one of the earliest dedicated NAS appliances. They pioneered the concept of a standalone file server accessible over a network, laying the groundwork for the modern NAS industry.
Not quite. The answer is Auspex Systems, which launched one of the first dedicated NAS appliances — the NS3000 — back in 1989. While companies like Synology and QNAP are household names today, Auspex was breaking new ground decades before them.
Which network file sharing protocol is primarily used by NAS devices to serve files to Windows-based clients?
Correct! SMB (Server Message Block) is the dominant protocol for file sharing with Windows clients. Originally developed by IBM and later popularized by Microsoft, SMB is what allows Windows machines to seamlessly browse and access NAS shares as if they were local drives.
Not quite. The answer is SMB (Server Message Block). NFS is the protocol of choice for Linux and Unix clients, iSCSI is used for block-level storage, and FTP is a general file transfer protocol not optimized for seamless file system integration.
What does the RAID level ‘5’ specifically require as a minimum number of drives to function?
Correct! RAID 5 requires a minimum of three drives. It stripes data and parity information across all drives, meaning it can tolerate the failure of one drive without any data loss — making it a popular choice for NAS users who want a balance of performance, capacity, and redundancy.
Not quite. RAID 5 requires a minimum of three drives. The parity data distributed across all drives allows one drive to fail without losing data. RAID 1 only needs two drives, while RAID 6 requires four — so options vary depending on your redundancy needs.
What is ‘media server’ functionality on a NAS most commonly used for in a home environment?
Correct! Media server functionality — often powered by software like Plex, Emby, or Jellyfin running on the NAS — allows you to stream your locally stored media collection to TVs, phones, tablets, and more. It essentially turns your NAS into a personal Netflix for your own content library.
Not quite. The core use of a NAS media server is streaming locally stored movies, music, and photos to other devices on your network. Software like Plex or Jellyfin handles the heavy lifting, including transcoding video on the fly for devices that need it.
What is the ‘3-2-1 backup rule’ that NAS users are often advised to follow?
Correct! The 3-2-1 rule means: keep 3 total copies of your data, store them on 2 different types of media (e.g., NAS and external drive), and keep 1 copy in an offsite or cloud location. This strategy protects against hardware failure, theft, fire, and other disasters that could wipe out local backups.
Not quite. The 3-2-1 rule stands for: 3 copies of your data, stored on 2 different media types, with 1 copy kept offsite. It’s a best-practice framework designed to ensure your data survives almost any disaster scenario, from a failed hard drive to a house fire.
Which protocol allows a NAS to present storage to a computer as if it were a locally attached block device, rather than a file share?
Correct! iSCSI (Internet Small Computer Systems Interface) transmits SCSI commands over IP networks, allowing a NAS to present raw block storage to a host computer. The computer then formats and manages that storage like a local disk — making iSCSI ideal for virtual machines and databases that need low-level disk access.
Not quite. The answer is iSCSI. Unlike SMB or NFS, which share files over a network, iSCSI exposes raw block storage — the host computer sees a NAS volume as though it were a physically attached hard drive, which is critical for workloads like virtual machine datastores.
Which of the following best describes a ‘surveillance station’ use case for a NAS?
Correct! Many NAS brands — including Synology and QNAP — offer dedicated surveillance station software that turns the NAS into a Network Video Recorder (NVR). It can connect to multiple IP cameras, record footage continuously or on motion detection, and store months of video locally without a subscription fee.
Not quite. A surveillance station on a NAS refers to software that connects to IP security cameras, records video footage, and stores it locally. This makes a NAS a powerful and cost-effective alternative to cloud-based security systems, since you own and control all your recorded footage.
Synology, one of the most recognized NAS brands today, was founded in which year and country?
Correct! Synology was founded in Taiwan in 2000 and has grown into one of the most beloved NAS manufacturers in the world. Their DiskStation Manager (DSM) operating system is frequently praised for its polished interface and rich feature set, making Synology a top choice for both home users and businesses.
Not quite. Synology was founded in Taiwan in 2000. Taiwan has become a major hub for NAS hardware development, with competitors like QNAP also headquartered there. Synology’s DiskStation Manager software helped set the standard for what a user-friendly NAS experience could look like.
Challenge Complete
Your Score
/ 8
Thanks for playing!
And you don’t have to stop there. You can rotate multiple drives, one drive for daily or weekly backups and another stored somewhere safe. That gives you extra protection against malware, power surges, and bad luck. It’s not fancy, but it’s one of the most important things you can do with your NAS.
Stop treating your external drive like a backup dumping ground
Connect your NAS to an uninterruptible power supply
A UPS can save you from data corruption
Credit: Patrick Campanale / How-To Geek
NAS devices are built for 24/7 operation, so they’ll eventually experience a power outage or a power surge. That can be a problem for your data.
If your NAS loses power suddenly, you’re at risk of file system corruption, incomplete writes, and in a worst case scenario, total data loss.
An uninterruptible power supply keeps your NAS powered on for a short while during an outage, and if you connect them via USB, they can even exchange data. That link lets the NAS detect that power has gone out, monitor power levels, and shut itself down cleanly before the battery dies.
Without that USB connection, the NAS will just crash when the UPS finally dies.
If you’re using your NAS as a major part of your backup strategy, a small UPS that can connect over USB is definitely worthwhile.
Get a new network adapter
2.5Gb Ethernet or Wi-Fi on demand
Credit: Patrick Campanale / How-To Geek
Older or lesser NAS devices often have 1 gigabit Ethernet ports, while your drives and network could do better. Your NAS’s USB port might enable you to upgrade without replacing the whole unit.
Many NAS devices will allow you to connect a USB-to-2.5 gigabit Ethernet adapter to use instead of the built-in port. If you have SSDs, you’ll definitely be able to make use of the faster speeds offered by 2.5 gigabit Ethernet, since 1 gigabit tops out at about 125 megabytes per second. Even SATA SSDs can reach speeds of about 500 megabytes per second, and NVME SSDs can get well into the gigabyte per second range.
If you’re exclusively using mechanical hard drives, the benefit isn’t quite as clear-cut. Whether you’d benefit depends on how fast your drives are and how you have them configured.
There’s also a niche but useful option: USB Wi-Fi adapters. They’re not meant to replace Ethernet permanently, but they can be handy for temporary setups, troubleshooting network issues, or emergency access when wired connectivity fails.
You’ll need to confirm that your NAS supports USB Ethernet dongles—most do, but there are some that don’t.
Turn it into a print server
Give your old printer a new lease on life
Credit: Patrick Campanale / How-To Geek
USB-only printers are largely a thing of the past, since they were tied to one computer. Most modern printers connect to the Wi-Fi network instead, so they can be placed anywhere.
If your old USB printer is still going strong, you can use your NAS as a print server.
The setup is usually quite easy, but it’ll depend on your NAS.
Many have a setting that allows you to enable print sharing. In that case, all you need to do is plug the printer into the NAS, enable print sharing, and every device on your network can use it. Alternatively, you may need to install a specific app that allows you to use your NAS as a print server.
This is especially useful if you have a reliable older printer with no built-in networking, you don’t want to replace the hardware, and you only need occasional printing without extra hassle. It may not be the most exciting use of a NAS USB port, but it’s one of the most practical.
Your NAS may be even more customizable
Depending on your specific NAS, you may be able to do even more than this. Some of them allow you to run lightweight services for your home network, like a mini home lab, and some allow you to use a completely different operating system. If that is the case, there are a ton of ways to put your NAS to use.
8/10
CPU
Intel N95
Memory
8GB DDR5
Drive Bays
4x M.2 NVMe
Ports
5Gb/s Ethernet, USB-A, USB-C, HDMI 2.b
The TerraMaster F4 SSD is an all-SSD NAS that supports up to four 8TB NVMe drives. Shipping with 8GB of DDR5 RAM and the Intel N95 processor, this NAS actually can be user-upgraded with up to 32GB of DDR5 RAM. The onboard 5Gb/s Ethernet port supports 2.5Gb/s and 1Gb/s networking too, plus there are USB 3 10Gb/s Type-A and Type-C ports on the back for plugging in other peripherals, like hard drives or SSDs.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
May 08, 2026
