ekZepp

https://www.deviantart.com/psithyrus/art/Bath-time-for-Baby-Cthulhu-327293045

It became the only reliable source of information I had. People posted links with a minimal amount of commentary, picking and choosing the best content from other social media networks. They’re not doing it to “build a brand” because that’s not a thing in the Fediverse. It’s too disjointed to be a place to build a newsletter subscription base.

https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo

https://afflicted.sh/blog/posts/copy-fail-2.html

the bug

MSG_SPLICE_PAGES attaches pages from a pipe directly to an skb — no copy, the skb's frags reference the pipe buffer's pages. for TCP the path sets SKBFL_SHARED_FRAG on those skbs, which downstream consumers check before mutating frag bytes. for the IPv4/IPv6 datagram append paths, the flag was never set. so a UDP skb built with MSG_SPLICE_PAGES looked, to a downstream consumer, like an ordinary uncloned nonlinear skb whose frags it could mutate freely.

the consumer in question is esp_input():

// net/ipv4/esp4.c (pre-fix) } else if (!skb_has_frag_list(skb)) { nfrags = skb_shinfo(skb)->nr_frags; nfrags++;

goto skip_cow;

}

skip_cow jumps past the skb_cow_data() call. the remaining code path runs the AEAD decrypt in place over the existing scatterlist — which, since the frags are pipe pages we still hold open in userspace, are page-cache pages of whatever file we spliced from.

the kernel writes the decrypt output into those pages. they are still mapped into our pipe. they are also still the page cache for the file. so the kernel just wrote attacker-influenced bytes into the page cache of any readable file we can splice().

the Fixes: chain spans 2017 (esp no-COW fast path for both v4 and v6) and 2023 (UDP/UDP6 MSG_SPLICE_PAGES support). every mainline kernel that has all four sits in scope

Check out the Gameplay Reveal Trailer for The Sinking City 2, a third-person action Lovecraftian horror shooter developed by Frogwares. Players will head straight for the flooded city of Arkham during the roaring '20s. Explore the drenched city alleys, face eldritch monsters, and descend into the madness of the city. The Sinking City 2 is launching in Summer 2026 for PlayStation 5 (PS5), Xbox Series X|S, and PC (Steam).

Context: https://lemmy.world/post/46577685/23626287

Dogs of C-Kennel By Mick and Mason Mastroianni : https://www.gocomics.com/dogsofckennel/2026/05/06

cross-posted from: https://lemmy.world/post/46310739

cross-posted from: https://lemmy.world/post/46310733

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root.

The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori.

"An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root," the vulnerability research team at Xint.io and Theori said.

At its core, the vulnerability stems from a logic flaw in the Linux kernel's cryptographic subsystem, specifically within the algif_aead module. The issue was introduced in a source code commit made in August 2017.

Successful exploitation of the shortcoming could allow a simple 732-byte Python script to edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017, including Amazon Linux, RHEL, SUSE, and Ubuntu. The Python exploit involves four steps -

• Open an AF_ALG socket and bind to authencesn(hmac(sha256),cbc(aes))
• Construct the shellcode payload
• Trigger the write operation to the kernel's cached copy of "/usr/bin/su"
• Call execve("/usr/bin/su") to load the injected shellcode and run it as root

While the vulnerability is not remotely exploitable in isolation, a local unprivileged user can get root simply by corrupting the page cache of a setuid binary. The same primitive also has cross-container impacts as the page cache is shared across all processes on a system.

cross-posted from: https://lemmy.world/post/46310733

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root.

The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori.

"An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root," the vulnerability research team at Xint.io and Theori said.

At its core, the vulnerability stems from a logic flaw in the Linux kernel's cryptographic subsystem, specifically within the algif_aead module. The issue was introduced in a source code commit made in August 2017.

Successful exploitation of the shortcoming could allow a simple 732-byte Python script to edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017, including Amazon Linux, RHEL, SUSE, and Ubuntu. The Python exploit involves four steps -

• Open an AF_ALG socket and bind to authencesn(hmac(sha256),cbc(aes))
• Construct the shellcode payload
• Trigger the write operation to the kernel's cached copy of "/usr/bin/su"
• Call execve("/usr/bin/su") to load the injected shellcode and run it as root

While the vulnerability is not remotely exploitable in isolation, a local unprivileged user can get root simply by corrupting the page cache of a setuid binary. The same primitive also has cross-container impacts as the page cache is shared across all processes on a system.

https://bsky.app/profile/warandpeas.bsky.social

PS. This is not a critique to Debian-based distros. And i'm not suggesting you to skip Ubintu for Arch either. Arch is a bit advanced and not too easy to new users, so that won't do for some people...

... just install Linux Mint instead.